counter easy hit
Tools to know before you start coding
Tools to know before you start coding
July 14, 2020
How you should not wear a mask
How you should not wear a mask
July 15, 2020

What you need to know to become a Hacker

What you need to know to become a Hacker

What you need to know to become a Hacker

So this question is asked quite frequently, and I thought it would make the most sense to explain what you’ll need to know to become a hacker in this post.

Now, before we get into the technical details, first some background about me. I have a Master of Science in Computer Science with a concentration in Telecommunications and Network Security. I have a Bachelor of Science in Information Technology with a concentration in Computer Forensics and a double minor in Computer Science & Cybersecurity. And I have been a member of a Red Team for the past couple of years.

So what are you going to need to know to be a Hacker? Here are the key concepts from the Study Guide that I used to prepare for an exam to get my Red Team Job




Hacking has become every American's worst nightmare

Hacking has become every American’s worst nightmare

What you need to know to become a Hacker

Programming/Scripting

You’ll need to know basic programming concepts, and how to read and interpret scripts/code. You will need to be familiar with Shell scripting (e.g., cmd, wmic, bash), Interpreted languages (e.g. Python), and how to Interpret source code and scripts (e.g., Flow, variables, loops). You should be pretty familiar with Scripting and/or programming language. You’ll be able to find tons of information online regarding learning how to code.

Computer Architecture & Networking

You’ll need to understand the fundamentals and theory behind computer design, computer networking, and basic computing concepts. Some things you should be aware of is, Computer Math numbering systems and conversions, Computer concepts (e.g., CPU architectures, virtualization), Memory organization and layout, Storage concepts (e.g., hard disk drives, solid-state drives) and the difference between the kernel and userspace. A good resource for learning this is Computer Organization and Design ARM Edition: The Hardware Software Interface.




Operating Systems (Windows and Linux/UNIX)

You’ll need to learn of computer systems administration, software interactions, and I/O interactions in either Windows or Unix implementations. Some things you’ll need to know are Standard administrative commands, Local system configurations, Data security and integrity protection, Antivirus concepts, and file systems. A great resource for learning Operating System is the book Operating System Concepts Tenth Edition. That website contains tons of useful information for that book including slides and study guides. But as a prerequisite for learning Operating Systems, you should already be familiar with basic data structures, computer organization, and a high-level language, such as C or Java.

Network Design

You’ll need to be aware of the operations, management, and maintenance of computer networks, protocols, and standards and how they integrate with one another. Some things you should be familiar with are IP / subnetting, Ethernet, Routing, Network layout and design (i.e., network topology) and Networking device concepts (e.g., routers, firewalls, intrusion detection systems). There is a great CCNA prep course available here that you can learn this from. A good book to learn about Networking is Computer Networking: A Top-Down Approach, By James F. KuroseThis is also a good resource for learning about networks from a security point of view




Networking Applications and Services

You’ll need to know Protocols, and ports for standard network services, Network services, and ports on standard Windows/Unix installs, Network-related commands and Network service administration and configuration. For this, you can use the resources from above.

So those are the Fundamentals that you need to know to become a Hacker. Once you have those down, you can move onto learning some more advanced concepts.

Advanced concepts

Some of those concepts would be:

  • Information security tools and techniques: Network monitoring, Network mapping, Vulnerability scanning, penetration testing

  • Offensive information security

  • Digital forensics and data recovery

  • Voice/data communications (satellite, RF, wireless, and telecommunications networks)

  • Public key infrastructure and encryption systems




  • Command-line tools

  • Network traffic analysis

  • Computer and network forensics

  • Vulnerability and malware analysis

  • Low-level protocol and packet analysis

So I am aware that many people want to become a Hacker or Penetration Tester professionally so I will briefly be discussing how one can best do that.

A great infographics of why Hackers hack

Great infographics of why Hackers hack

Here’s what you need to know to become a Hacker:

  • Education
  • Experience
  • Certifications
  • Good ways to practice

Education

For a Degree, I’d recommend a degree in Computer Science, Computer Engineering, Computer Security, Cybersecurity (Technical Track), Cyber Operations, or Information Technology. I’d recommend attending a school that is either an NSA Accredited CAE-CD or [CAE in Cyber Operations](https://www.nsa.gov/resources/students-educators/centers-academic-excellence/cae-co-centers/




Experience

You’re going to need some experience if you’re going to become a Pen Tester or Red Team Member. Some good experience to gain would be UNIX/Linux system administration, Windows system administration, Network Security, Network Administration – security and engineering, networking equipment (routers/firewalls/switches) and VPN administration

Certifications

Some good entry-level Penetration Testing Certifications would be the OSCP, very practical, and well respected. And the Security + is generally a baseline for Security Jobs. And I’d advise against the CEH, its not practical at all and you can just memorize the answers and pass without actually knowing how to hack anything

Good ways to practice

Theoretical knowledge is nothing if you cant practice it. There are a number of different ways you can get experience in Offensive Security (Legally of course). Capture the Flag Events such as the National Cyber League are great ways to apply your knowledge. And HacktheBox (while a bit more advanced) is probably the closest you can get to a real-world Network Penetration Testing environment.




Conclusion

I couldn’t cover everything here, but I hope I was able to give you guys some solid knowledge that you can build on. Feel free to ask me any questions or send me a message if you have any questions. Thanks!