A 0 rupee guide to ethical hacking

"Hacking is basically gaining unauthorised access to computer devices and data."

Many youngsters move towards hacking due to its popularity. Hacking is a billion-dollar business that evolved from teenage mischief.

Hackers can be divided into three types based on their intentions, mindset and purpose.

  1. White Hat Hackers: These hackers work with good intentions and mostly are employed in a firm or a company to carry out authorized attacks.
  2. Black Hat Hackers: These are hackers whose intentions are to go by the unethical way and to do actual harm to the opposite party.
  3. Red Hat Hackers: These hackers can go both the ethical and unethical way depending on the situation.

There is a high demand for ethical hackers in the industry due to the increasing threat to the security of data and infrastructure. For this blog, I'll keep the intention to go the ethical way only. 

The journey towards becoming an ethical hacker can be described in the hierarchy shown in the figure below.

Let me just take you through this.

Before directly going for an ethical hacking course, you need to have some basic skills. These skills can be treated as a prerequisite for your ethical hacking journey.

v  Foundational Skills: Having basic foundational skills for ethical hacking will make your further journey like a cakewalk. These skills are a must if you’re aspiring to become the best in the business.

These skills are:

  1. Basic IT Skills
  2. Networking skills
  3. Linux Skills
  4. Coding/Scripting Skills

1. Basic IT Skills: To reflect if you have basic IT skills you can ask yourself a few questions, for ex:

    ·         Can you build a computer and identify its parts?

    ·         Can you troubleshoot and fix issues?

    If your answer to the above questions is a clear ‘No’, then the following resources might help you in acquiring those skill sets.

    ·         Professor Messer A+ Training

    ·         “How to build a PC step by step” Linus Tech Tips

2. Networking Skills: ‘Networking skills' can be described in a few questions.

    ·         Can you describe the OSI model?

    ·         Can you describe the three-way TCP handshake?

    ·         Do you know what services run on which ports?

    ·         Can you perform simple subnetting?

    If the above skill sets are not in your resume, then exploring the following resources can help you in acquiring the same.

    ·         Professor Messer Net + Training

    ·         NetAccad Packet Tracer

3 . Linux Skills: Having mastery of the Linux operating system is a must for any ethical hacker out there. 

Linux is the best kernel out there for ethical hackers. You can choose any Linux distribution to get started. Kali Linux and Parrot OS are the most preferred Linux distributions by ethical hackers.

    You must have the skills mentioned below to consider yourself a Linux user:

    ·         Navigating through the terminal

    ·         Installing a program in Linux

    ·         Writing scripts to automate tasks in Bash

    The below-mentioned resources might help you in acquiring the above-mentioned skills:

    ·         Linux journey (Best in the business and preferred by me)

    ·         OverTheWire’s Bandit

    ·         YouTube Courses

4. Coding Skills:

    ·         Can you read the code?

    ·         Do you know what a conditional statement is?

    ·         Are you familiar with the language syntax?

    ·         Are you logical enough to understand what the code in front of you interprets?

    While on your ethical hacking journey, you might come across a file which contains a code in any of the existing coding languages. Apart from the syntax, will you able to logically understand the code? If there is a need to run a code on the client machine, you should be careful and should be aware of the consequences of your actions. Having coding skills is a must for an ethical hacker.

    Python might be a good language initially if you’re new to coding

    Some of the free resources to learn coding are:

    ·         Geeksforgeeks

    ·         FreeCodeCamp

    ·         W3Schools

    ·         JavaTPoint

 

v  Basic Hacking Skills:

Now, after we’ve built a solid foundation, we can move towards learning some basic hacking skills

These basic Hacking Skills include:

·         Scanning and enumerating ports

·         Identifying a vulnerability

·         Differentiating between a bind shell and reverse shell

·         Performing a basic buffer overflow

These basic hacking skills are a must before we move up in the hierarchy. If these basic skills are not acquired, our whole ethical hacking pyramid might crumble.

To acquire these skills, you can go through the below-mentioned resources:

·         TryHackMe (Free or Paid)

·         YouTube Courses 

 

v  Beyond the Basics:

After you’ve mastered some basic hacking skills, you might want to move up in the hierarchy and want to go beyond the basics.

These skills might include:

1.       Active Directory Pentesting

2.       Web Application Pentesting

3.       Wireless Pentesting

The above-mentioned skills might not be inclusive and are not all the skills you need to know about ethical hacking. But if you want to just strike into the industry and get that entry-level job, these will cover most of the questions asked during the interview.

  1. Active Directory Hacking:

    The skill sets for Active directory hacking are:

    §  Kerberos

    §  LLMNR Poisoning

    §  TGT

    Resources:

    §  YouTube Courses 

  2.   Web App Hacking

    To check  if you have the Web App Hacking skill sets, you can ask yourself the following questions:

    §  What is the OWASP top 10?

    §  What is SQL injection?

    §  How would you enumerate a web app?

    §  What can Burp Suite be used for?

    If what I am talking about is like  a foreign language to you, you might want to go through the following resources:

    §  PortSwigger Academy (Best in the Business)

    §  Hacker101

    §  BugCrowd University & HackerOne Write-Ups

  3. Wireless Hacking: Wireless hacking is one of the easiest in the group. You can even go through it by reading only a few blogs.

            The interview questions that might get asked about wireless hacking are:

§  What is a four-way handshake?

§  How do WPA2 PSK and Enterprise differ?

§  What can a tool like EAPHammer be used for?

Resources:

§  Hacking WPA2 Personal

§  Hacking WPA2 Enterprise 

   

 

v  Above and Beyond:

Now, we have discussed only the technical skills. But only the technical side will not take you far in the industry. You have to have some sort of soft skills to be able to stick and grow in this field. You have to have a strong desire to learn. Learning ethical hacking only because it's cool will not take you far. You have to get consistent in the learning process. Make sure you create strong connections with people with the same vision. Have communication skills, learn to work in a team, try out some leadership roles, and become comfortable with public speaking. These soft skills when combined with technical skills will make you a monster within the industry. 

Keep learning, keep growing. :)

Comments

Popular posts from this blog

Consider telephone book database of N clients. Make use of a hash table implementation to quickly look up client‘s telephone number. Make use of two collision handling techniques and compare them using number of comparisons required to find a set of telephone numbers

Find Your Purpose