Ethical hacking or penetration testing describes the process of finding and disclosing security flaws in system architectures and being paid big money to do so. But how exactly do you become an ethical hacker? How do you go about acquiring the skills for this lucrative field?
In this article, we’re going to highlight a few
key steps you can take for preparing for a career in ethical hacking and
Be active in the open-source
There are a lot of blogs and communities for the
open-source world. It helps to follow reliable sources of information in the
security field. If you want the latest information on popular antivirus
software, you can turn to a website like antivirusrankings.com.
DistroWatch does a great job of covering the latest Linux distros, and Phoronix
covers a lot of kernel-related news.
Many open-source projects, including Linux
distros, have release notes and bug trackers on websites like Git and
Launchpad. When you can not only read but understand
and replicate security flaws from
bug trackers, you’ll have a much better grasp of how hackers operate.
Now, usually, when critical security flaws are
posted as news on all the tech news websites, the developers are already aware.
You have to understand that journalists have a tendency of hyping things. So
when you read a headline on a tech blog like, “Critical flaw in x Linux system allows hackers to do x!”, it’s
usually old news (in the hacker scene), and
if the vulnerability isn’t already patched, one is likely around the corner.
So don’t rely on tech blogs for “discovering” the latest flaws and system vulnerabilities. A lot of tech blogs just copy-paste and spin articles from each other, in a race for site traffic – though there are good ones with original journalism. Still, the places you’re going to find the latest exploits and security vulnerabilities are within the communities themselves, like bug trackers and even IRC channels.
Become familiar with popular
There’s really no universal approach to
“hacking”, it’s highly dependant on the architecture being targeted. Pretty
much anything to do with tinkering around with systems and files gets labeled
as “hacking” by mainstream culture. Your friends might call you a “hacker” for
decompiling Android apps, but that’s amateur hour stuff. It doesn’t even
qualify as “hacking”.
If you want a serious career in ethical hacking,
you need to learn what ethical hackers actually do, and the
various systems that are most commonly targeted by hackers. This means becoming
familiar with various Linux distros, Linux administration, various flaws and
vulnerabilities in the systems.
You should then move onto servers. Installing a
server in your own environment, then trying to break into it. Some of the most
popular Linux distros for server operation include:
- Red Hat Enterprise
- SUSE Linux
- Oracle Linux
- Arch Linux
That’s just naming a few of the most popular
Linux distros that are used as server platforms. There are more than 300 Linux
distros out there, being an open-source operating system, but not all of the
distros are used as server platforms. By becoming familiar with the most
popular ones, you’ll be able to narrow your focus to the ones that are most
popularly used by larger companies.
Oh, and definitely learn to code, particularly languages like Python, Ruby, Perl, C* – you can skip Microsoft .NET. Nobody cares about that.
Find a mentor
To expand on our previous point about being part
of the open-source community, it would be highly beneficial to try and find a
mentor. There are a lot of hacker groups, finding them isn’t too hard. IRC is
usually a good place to start. Express an interest in learning, but don’t ask
anybody to “teach you how to hack”. You’ll be ridiculed and told to RTM (read the manual).
Also lower your expectations. Realize that many
hackers are self-taught, and really don’t have the ability to teach somebody
else. A mentor, especially in the hacking scene, is not somebody who teaches you the skills, because it’s
your job to learn on your own. A mentor can
answer questions for you, and point you in the direction of instructional
materials and exercises that helped them.
Of course, you run the risk of falling in with
the wrong type of hacker group when looking for a mentor. Be very wary of the
IRC channels you join, the personalities you interact with. I used to casually
hang out on IRC channels and knew quite a few hacker personalities – some were
arrested for blackhat activities, others graduated to professional careers in