Tuesday, 11 August 2015

How to become an ethical hacker



An essential guide to becoming an ethical hacker

I often get a number of people ask for guidance  about how they can become an ethical hacker. I also receive even more requests about how to become a black hat hacker. The latter requests are ignored. below is a definition of an ethical hacker
Ethical hacker
noun
  1. a person who hacks into a computer network in order to test or evaluate its security, rather than with malicious or criminal intent.
So if you want to be an ethical hacker the truth is there is no easy method to become a skilled hacker…… it’s easy to be a script kiddie and load up Armitage or Fast-track and fire every exploit known to man at a target. But what’s the point at firing Linux exploits at a Windows box!.
You need essential prerequisite knowledge
If you want to get into the IT  security world as a white hat you must be competent in the following areas:
  • Networking
  • Programming
  • Databases
  • Operating systems (Linux and Windows)
Once you have a fairly good knowledge of the above points THEN it would a good idea to learn about hacking. So now you have a good understanding of the fundamentals of IT, you can now understand how to break some of the underlying vulnerabilities within computer architecture. The following activities should help you with this:
What areas to concentrate on in order to build a foundation
Networking – Cisco courses seem to be really good. I undertook all the CCNA courses available.
Programming – Focus on learning C++, Python/Ruby and PHP.
Databases – Play around with MySQL and MSSQL and make your own database to understand how it works.
Operating systems – Most flavours of Linux are the similar to one another, I use Debian on a lot of servers and of course Kali. Additionally it is worth understanding the more obscure areas of Windows such as the registry.
- Advertisement -
Read books about hacking (Here are some good examples of some) –
  • The Web Application Hacker’s Handbook: Finding and Exploiting Security Flaws
  • Hacking: The Art of Exploitation, 2nd Edition
  • The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy
  • Metasploit: The Penetration Tester’s Guide
  • CEH Certified Ethical Hacker All-in-One Exam Guide
  • Google Hacking for Penetration Testers
Undertake FREE ethical hacking courses. 
These are very good for learning but won’t give you an industry recognised qualification, however they will teach you a lot about different areas of ethical hacking which will help towards recognised qualifications.
You can register for a free Cibrary account to do a free ethical hacking course at the following link –
Undertake Recognised Online courses
These course are all paid for, however they are industry recognised and will help you find a job in the IT security sector.
  • CEH
  • OSCP
  • CISSP
Communicate and follow other fellow IT security enthusiasts through the following mediums
  • Facebook (https://www.facebook.com/pages/Hacking-News-Tutorials/252350961471136 )
  • Google+
  • Twitter
Self learn by watching online tutorials
  • www.securitytube.net
  • www.youtube.com
Download practice environments to practice and hone newly learned skills
  • DVWA (Dam Vulnerable Web Application)
  • Metasploitable2
  • Samurai WTF


Final note: Hacking is something that takes A LOT of your time!, be prepared to sacrifice friendships, relationships and that awesome social life you used to have! ;)

No comments:

Post a Comment