Monday, July 15, 2024

How to Prepare for a Career in Ethical Hacking and Penetration Testing

Ethical hacking or penetration testing courses describes the process of finding and disclosing security flaws in system architectures and being paid big money to do so. But how exactly do you become an ethical hacker? How do you go about acquiring the skills for this lucrative field?

In this article, we’re going to highlight a few key steps you can take for preparing for a career in ethical hacking and penetration testing.

Be Active in the open-source community

There are a lot of blogs and communities for the open-source world. It helps to follow reliable sources of information in the security field. If you want the latest information on popular antivirus software, you can turn to a website like DistroWatch does a great job of covering the latest Linux distros, and Phoronix covers a lot of kernel-related news.

Many open-source projects, including Linux distros, have release notes and bug trackers on websites like Git and Launchpad. When you can not only read but understand and replicate security flaws from bug trackers, you’ll have a much better grasp of how hackers operate.

Now, usually, when critical security flaws are posted as news on all the tech news websites, the developers are already aware. You have to understand that journalists have a tendency of hyping things.

So when you read a headline on a tech blog like, “Critical flaw in x Linux system allows hackers to do x!”, it’s usually old news (in the hacker scene), and if the vulnerability isn’t already patched, one is likely around the corner.

So don’t rely on tech blogs for “discovering” the latest flaws and system vulnerabilities. A lot of tech blogs just copy-paste and spin articles from each other, in a race for site traffic – though there are good ones with original journalism. Still, the places you’re going to find the latest exploits and security vulnerabilities are within the communities themselves, like bug trackers and even IRC channels.

Become familiar with Popular targeted systems

There’s really no universal approach to “hacking”, it’s highly dependant on the architecture being targeted. Pretty much anything to do with tinkering around with systems and files gets labeled as “hacking” by mainstream culture. Your friends might call you a “hacker” for decompiling Android apps, but that’s amateur hour stuff. It doesn’t even qualify as “hacking”.

If you want a serious career in ethical hacking, you need to learn what ethical hackers actually do, and the various systems that are most commonly targeted by hackers. This means becoming familiar with various Linux distros, Linux administration, various flaws and vulnerabilities in the systems.

You should then move onto servers. Installing a server in your own environment, then trying to break into it. Some of the most popular Linux distros for server operation include:

  • Ubuntu
  • Red Hat Enterprise
  • SUSE Linux
  • CentOS
  • Debian
  • Oracle Linux
  • Arch Linux
  • Fedora

That’s just naming a few of the most popular Linux distros that are used as server platforms. There are more than 300 Linux distros out there, being an open-source operating system, but not all of the distros are used as server platforms. By becoming familiar with the most popular ones, you’ll be able to narrow your focus to the ones that are most popularly used by larger companies.

Oh, and definitely learn to code, particularly languages like Python, Ruby, Perl, C* – you can skip Microsoft .NET. Nobody cares about that.

Find a mentor

To expand on our previous point about being part of the open-source community, it would be highly beneficial to try and find a mentor. There are a lot of hacker groups, finding them isn’t too hard. IRC is usually a good place to start. Express an interest in learning, but don’t ask anybody to “teach you how to hack”. You’ll be ridiculed and told to RTM (read the manual).

Also, lower your expectations. Realize that many hackers are self-taught, and really don’t have the ability to teach somebody else. A mentor, especially in the hacking scene, is not somebody who teaches you the skills, because it’s your job to learn on your own. A mentor can answer questions for you, and point you in the direction of instructional materials and exercises that helped them.

Of course, you run the risk of falling in with the wrong type of hacker group when looking for a mentor. Be very wary of the IRC channels you join, the personalities you interact with. I used to casually hang out on IRC channels and knew quite a few hacker personalities – some were arrested for blackhat activities, others graduated to professional careers in Silicon Valley.

You can take the best cyber security and ethical Hacking course from one of the worlds leading Ethical Hackers Academy.


Latest articles

Critical Cellopoint Secure Email Gateway Flaw Let Attackers Execute Arbitrary Code

A critical vulnerability has been discovered in the Cellopoint Secure Email Gateway, identified as...

Singapore Banks to Phase out OTPs for Bank Account Logins Within 3 Months

The Monetary Authority of Singapore (MAS) and The Association of Banks in Singapore (ABS)...

GuardZoo Android Malware Attacking military personnel via WhatsApp To Steal Sensitive Data

A Houthi-aligned group has been deploying Android surveillanceware called GuardZoo since October 2019 to...

ViperSoftX Weaponizing AutoIt & CLR For Stealthy PowerShell Execution

ViperSoftX is an advanced malware that has become more complicated since its recognition in...

Malicious NuGet Campaign Tricking Developers To Inject Malicious Code

Hackers often target NuGet as it's a popular package manager for .NET, which developers...

Akira Ransomware Attacking Airline Industry With Legitimate Tools

Airlines often become the target of hackers as they contain sensitive personal and financial...

DarkGate Malware Exploiting Excel Files And SMB File Shares

DarkGate, a Malware-as-a-Service (MaaS) platform, experienced a surge in activity since September 2023, employing...
Guru baran
Guru baran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Free Webinar

Low Rate DDoS Attack

9 of 10 sites on the AppTrana network have faced a DDoS attack in the last 30 days.
Some DDoS attacks could readily be blocked by rate-limiting, IP reputation checks and other basic mitigation methods.
More than 50% of the DDoS attacks are employing botnets to send slow DDoS attacks where millions of IPs are being employed to send one or two requests per minute..
Key takeaways include:

  • The mechanics of a low-DDoS attack
  • Fundamentals of behavioural AI and rate-limiting
  • Surgical mitigation actions to minimize false positives
  • Role of managed services in DDoS monitoring

Related Articles