Have you wondered what it takes to be an ethical hacker?
Ethical hacking is also known as “white hat” hacking or pentesting. It is the practice of using hacking techniques and tools to test the security of a computer system.
The goal of an ethical hacker is to improve the security of the system. This involves identifying and addressing weaknesses that can be exploited by malicious hackers.
Ethical hacking involves simulating the types of attacks a malicious hacker might use. This helps us find the vulnerabilities in a system and apply fixes to prevent or reduce them.
Recent reports say that the demand for Cybersecurity engineers is at an all-time high. If you are thinking of a career in cybersecurity, this is a perfect time.
Whether you are new to the field or have some experience under your belt, this guide will help you get started on your ethical hacking journey. So let’s dive in!
Learn the Different Types of Cyber Attacks.
The first thing you have to do is understand the different types of attacks. This will help you give an idea about what you will be dealing with as a cybersecurity engineer.
Here are some common types of cyber attacks.
- Malware attacks: These attacks involve the use of malicious software. This includes viruses or ransomware that lock the system and asks for payment. You might remember the Wannacry ransomware that ravaged businesses in 2017.
- Phishing attacks: These attacks use fake emails, websites, and social media messages. This attack tricks users into giving out their private information like logins, credit card details, etc.
- Denial of service (DoS) attacks: These attacks try to crash a target system using too much traffic. A server can only handle a specific number of requests. If the server exceeds its capacity due to a DoS attack, it will become unavailable to other users.
- SQL injection attacks: These attacks involve injecting malicious code into a database. This happens due to poor security practices in building a web application. If successful, hackers can take over and even destroy an entire database.
- Cross-site scripting (XSS) attacks: These attacks involve injecting malicious code into a website. For example, if your website has a comments section without proper checks, malicious scripts can be injected into it. This script can then get saved into your database and also run on your customer’s browsers.
- Password attacks: These attacks involve attempting to guess or crack passwords. There are many tools available like John the Ripper and Hashcat.
- Wireless attacks: These attacks involve targeting wireless networks like cracking a company’s WiFi. Once a hacker gains access to the WiFi, they can listen to every computer that connects to that WiFi.
These are a few examples of the many types of cyber attacks that exist in today’s world. It is important that you understand different types of attacks and their impact. This will help you to plan your training as well as choose a sub-category to specialize in.
Develop Your Skillset
Now that you know the different types of cyber attacks, how do you develop your skillset? Here are five steps that will help you move from beginner to professional.
Learn Linux Fundamentals
Most servers run on Linux operating systems. Though most users use Windows, Linux is still the dominant server operating system in use. From AWS to Azure, most cloud servers are also deployed using Linux.
Learn Networking Fundamentals
You need to know networking basics if you want to get into ethical hacking. I cannot stress this enough. A strong networking background will get you from beginner to intermediate pretty quickly.
I would recommend this Youtube playlist from Neso Academy. They have done a great job in putting together all the Networking concepts together.
Learn Basic Programming
There is no alternative to learning to code in 2023. Tools like ChatGPT only enhance the way you work, not do it for you. So you need some programming basics. Or you will run into the risk of remaining a Script Kiddie.
Try these two resources.
TryHackMe is a platform that provides virtual rooms for learning cybersecurity skills. These rooms are interactive and they help you learn the method of finding and exploiting vulnerabilities. This is all done in a simulated network, so you will get some real-world practice without causing any damage.
They have also grouped rooms together to create pathways. These pathways help you to focus on a single topic. eg. Offensive security, defensive security, web app security, etc.
Here are two pathways you can start with:
Labs / Certifications / Community
Once you have completed the above steps, you can call yourself a mid-level ethical hacker. The next step is to get proficient by gaining some real-world hacking skills.
Here are the things you can do:
- Join HackTheBox and start cracking some virtual machines.
- Prepare for a certification like Pentest+ or OSCP
- Join a community like Stealth Security to keep learning about new tools and techniques.
By doing these steps and continuing to learn and practice, you can build a strong skillset. Do note that ethical hacking requires a strong foundation in Linux and networking, so don’t skip those steps.
Master a few Pentesting Tools
There are a few tools you must master before you can call yourself an ethical hacker. These tools are industry-standard and will most likely be used in the company you are looking to get into. Let’s look at each one of them.
- Nmap: Nmap is a popular scanning and enumeration tool. Nmap helps us to find open ports, services, and vulnerabilities in a system. This is usually the first tool you will learn as an ethical hacker.
- Wireshark: Wireshark helps us to analyze networks. When you connect to a network, you can use Wireshark to see the packets of data in real-time. As an offensive tool, Wireshark also helps to perform man-in-the-middle attacks.
- Burpsuite: Burpsuite is an all-in-one web application auditing tool. Burpsuite helps us to debug issues in web apps, capture requests and responses, and even brute-force login attempts. Burpsuite is also popular among bug-bounty hunters.
- Metasploit: Once you have found a way to get into a system, Metasploit will help you generate the payload. Metasploit is a powerful tool that comes with a lot of scanners, payloads, and exploits. You can also import results from other tools like Nmap into Metasploit.
- Nessus: Nessus is an all-in-one scanner that helps us find vulnerabilities. It also provides recommendations on how to resolve those vulnerabilities. Nessus is a paid tool with a limited free option but is commonly used in enterprises.
In conclusion, ethical hacking is a valuable and rewarding career choice. Given the gap in demand and available security engineers, this is the perfect time to start a cybersecurity career. Please remember that ethical hacking requires a strong foundation in networking and Linux, so don’t skip those lessons before you start working with a pentesting tool.