Ethical hacking or penetration testing courses describes the process of finding and disclosing security flaws in system architectures and being paid big money to do so. But how exactly do you become an ethical hacker? How do you go about acquiring the skills for this lucrative field?
In this article, we’re going to highlight a few key steps you can take for preparing for a career in ethical hacking and penetration testing.
Be Active in the open-source community
There are a lot of blogs and communities for the open-source world. It helps to follow reliable sources of information in the security field. If you want the latest information on popular antivirus software, you can turn to a website like antivirusrankings.com. DistroWatch does a great job of covering the latest Linux distros, and Phoronix covers a lot of kernel-related news.
Many open-source projects, including Linux distros, have release notes and bug trackers on websites like Git and Launchpad. When you can not only read but understand and replicate security flaws from bug trackers, you’ll have a much better grasp of how hackers operate.
Now, usually, when critical security flaws are posted as news on all the tech news websites, the developers are already aware. You have to understand that journalists have a tendency of hyping things.
So when you read a headline on a tech blog like, “Critical flaw in x Linux system allows hackers to do x!”, it’s usually old news (in the hacker scene), and if the vulnerability isn’t already patched, one is likely around the corner.
So don’t rely on tech blogs for “discovering” the latest flaws and system vulnerabilities. A lot of tech blogs just copy-paste and spin articles from each other, in a race for site traffic – though there are good ones with original journalism. Still, the places you’re going to find the latest exploits and security vulnerabilities are within the communities themselves, like bug trackers and even IRC channels.
Become familiar with Popular targeted systems
There’s really no universal approach to “hacking”, it’s highly dependant on the architecture being targeted. Pretty much anything to do with tinkering around with systems and files gets labeled as “hacking” by mainstream culture. Your friends might call you a “hacker” for decompiling Android apps, but that’s amateur hour stuff. It doesn’t even qualify as “hacking”.
If you want a serious career in ethical hacking, you need to learn what ethical hackers actually do, and the various systems that are most commonly targeted by hackers. This means becoming familiar with various Linux distros, Linux administration, various flaws and vulnerabilities in the systems.
You should then move onto servers. Installing a server in your own environment, then trying to break into it. Some of the most popular Linux distros for server operation include:
- Red Hat Enterprise
- SUSE Linux
- Oracle Linux
- Arch Linux
That’s just naming a few of the most popular Linux distros that are used as server platforms. There are more than 300 Linux distros out there, being an open-source operating system, but not all of the distros are used as server platforms. By becoming familiar with the most popular ones, you’ll be able to narrow your focus to the ones that are most popularly used by larger companies.
Oh, and definitely learn to code, particularly languages like Python, Ruby, Perl, C* – you can skip Microsoft .NET. Nobody cares about that.
Find a mentor
To expand on our previous point about being part of the open-source community, it would be highly beneficial to try and find a mentor. There are a lot of hacker groups, finding them isn’t too hard. IRC is usually a good place to start. Express an interest in learning, but don’t ask anybody to “teach you how to hack”. You’ll be ridiculed and told to RTM (read the manual).
Also, lower your expectations. Realize that many hackers are self-taught, and really don’t have the ability to teach somebody else. A mentor, especially in the hacking scene, is not somebody who teaches you the skills, because it’s your job to learn on your own. A mentor can answer questions for you, and point you in the direction of instructional materials and exercises that helped them.
Of course, you run the risk of falling in with the wrong type of hacker group when looking for a mentor. Be very wary of the IRC channels you join, the personalities you interact with. I used to casually hang out on IRC channels and knew quite a few hacker personalities – some were arrested for blackhat activities, others graduated to professional careers in Silicon Valley.
You can take the best cyber security and ethical Hacking course from one of the worlds leading Ethical Hackers Academy.