Introduction!
First off, let’s just agree that saying ‘a Career in Cybersecurity is a bit like saying ‘a Career in Banking’, i.e. it’s an umbrella term that incorporates dozens of niches within the industry. In Cybersecurity we can, for example, talk about digital forensics as a career, or malware/ software detecting, auditing, pentesting, social engineering, and many other career tracks. Each of these sub-categories within cybersecurity deserves a separate blog post, but, for the purposes of this piece, let’s focus on some important generic requirements that everyone needs before embarking on a successful career in IT Security.
If you have no experience don't worry. We ALL had to start somewhere, and we ALL needed help to get where we are today. No one is an island and no one is born with all the necessary skills. Period.OK, so you have zero experience and limited skills…my advice in this instance is that you teach yourself some absolute fundamentals.
Let’s get this party started.
1. What is hacking?
Hacking is identifying weaknesses and vulnerabilities of some system and gaining access to it.
Hacker gets unauthorized access by targeting system while ethical hacker has official permission in a lawful and legitimate manner to assess the security posture of a target system(s).
There are some types of hackers, a bit of “terminology”.
White hat — ethical hacker.
Black hat — classical hacker, get unauthorized access.
Grey hat — a person who gets unauthorized access but reveals the weaknesses to the company.
Script kiddie — a person with no technical skills just used pre-made tools.
Hacktivist — a person who hacks for some idea and leaves some messages. For example strike against copyright.
Actually, the goal of ethical hacking is to reveal the system's weaknesses and vulnerabilities for a company to fix them. Ethical hacker documents everything he did.
2. Skills required to become an ethical hacker.
First of all to be a Pentester you need to be willing to continuously learn new things on the fly and or quickly at home. Secondly, you need to have a strong foundational understanding of at least one coding/scripting language as well as an understanding of Network and Web Security.
So here are some steps if you want to start from now…
- Learn To Code (Programming).
- Understand basic concepts of Operating System
- Fundamentals of Networking and Security
- Markup and as many technologies as you can!
3. What Platform To Code In:-
That depends on what platform you’ll be working on. For web applications, I suggest you learn HTML, PHP, JSP, and ASP. For mobile applications, try Java (Android), Swift (iOS), C# (Windows Phone). For desktop-based software try Java, C#, C++.
I would like to recommend Python as well because it's a general-purpose language and getting more popular nowadays due to its portability.
But what really is necessary for every programming language is to learn the fundamentals of programming, concepts like the data types, the variable manipulation throughout the program at the OS level to the use of subroutines aka functions, and so on. If you learn these, it’s pretty much the same for every programming language except for some syntax changes.
ProTips:-
- To be an expert at any programming language, understand the OS level operations of that language (varies in different compilers), or learn assembly language to be more generalized
- Don’t get your hopes high if you can’t achieve results in a short span of time. I prefer the “Miyagi” style of learning. So keep yourself motivated for what comes next.
- Never underestimate the power of network and system administrators. They can make you their *hypothetical* slave in a corporate infosec environment 😀
Resources To Get Started:
I would like to share some resources that I found best in learning from scratch.
There is a whole list of resources I have created for your help 😉(https://github.com/husnainfareed/Resources-for-learning-ethical-hacking/ )
Another advice…… Regularly follow http://h1.nobbd.de/ to b updated with HackerOne Public Bug reports You can learn a lot from them, Follow https://www.owasp.org/index.php/Cat…
Alternatively, You can Join Slack Community for Hackers
https://bugbounty-world.slack.com/
Also You should Consider practicing Your Skills on
http://www.vulnerablewebapps.org/
http://hackyourselffirst.troyhunt.com/
https://github.com/s4n7h0/xvwa
http://zero.webappsecurity.com/
http://crackme.cenzic.com/kelev/view/home.php
https://www.owasp.org/index.php/Category:OWASP_WebGoat_Project
HackerOne Public Reports!
These Reports might help you guys to get some in-depth idea of BugBounty hunting...
Some of the points to be noted:
- By a Self-Learner: Why? Because without it you won’t learn from things you experience, you won’t be able to solve your problems.
- Educate yourself on daily basis: read articles, write-ups, videos, or slides to educate yourself
- Know your target, before proceeding makes sure to know your target. Invest most of your time in identifying your target identifying the services the target uses.
- Map the target: get a better view of the target’s infrastructure in order to get a better understanding of what to target.
- Walk the path no one travels: Don’t be the common dude out there. Think out of the Box, think what the developer missed think what common guys are targeting, depending on that choose your path.
- Be a ninja: You need to be fast and precise as a Ninja. Know, Map, Target your victim precisely and quickly. This only works if you are good at taking a different path and if you are unique.
If you want to know more about Recon and how to chase Bug Bounty read this article “How To Do Your Reconnaissance Properly Before Chasing A Bug Bounty”.
0 comments:
Post a Comment