Thursday, March 28, 2024

How to Prepare for a Career in Ethical Hacking and Penetration Testing

Ethical hacking or penetration testing courses describes the process of finding and disclosing security flaws in system architectures and being paid big money to do so. But how exactly do you become an ethical hacker? How do you go about acquiring the skills for this lucrative field?

In this article, we’re going to highlight a few key steps you can take for preparing for a career in ethical hacking and penetration testing.

Be Active in the open-source community

There are a lot of blogs and communities for the open-source world. It helps to follow reliable sources of information in the security field. If you want the latest information on popular antivirus software, you can turn to a website like antivirusrankings.com. DistroWatch does a great job of covering the latest Linux distros, and Phoronix covers a lot of kernel-related news.

Many open-source projects, including Linux distros, have release notes and bug trackers on websites like Git and Launchpad. When you can not only read but understand and replicate security flaws from bug trackers, you’ll have a much better grasp of how hackers operate.

Now, usually, when critical security flaws are posted as news on all the tech news websites, the developers are already aware. You have to understand that journalists have a tendency of hyping things.

So when you read a headline on a tech blog like, “Critical flaw in x Linux system allows hackers to do x!”, it’s usually old news (in the hacker scene), and if the vulnerability isn’t already patched, one is likely around the corner.

So don’t rely on tech blogs for “discovering” the latest flaws and system vulnerabilities. A lot of tech blogs just copy-paste and spin articles from each other, in a race for site traffic – though there are good ones with original journalism. Still, the places you’re going to find the latest exploits and security vulnerabilities are within the communities themselves, like bug trackers and even IRC channels.

Become familiar with Popular targeted systems

There’s really no universal approach to “hacking”, it’s highly dependant on the architecture being targeted. Pretty much anything to do with tinkering around with systems and files gets labeled as “hacking” by mainstream culture. Your friends might call you a “hacker” for decompiling Android apps, but that’s amateur hour stuff. It doesn’t even qualify as “hacking”.

If you want a serious career in ethical hacking, you need to learn what ethical hackers actually do, and the various systems that are most commonly targeted by hackers. This means becoming familiar with various Linux distros, Linux administration, various flaws and vulnerabilities in the systems.

You should then move onto servers. Installing a server in your own environment, then trying to break into it. Some of the most popular Linux distros for server operation include:

  • Ubuntu
  • Red Hat Enterprise
  • SUSE Linux
  • CentOS
  • Debian
  • Oracle Linux
  • Arch Linux
  • Fedora

That’s just naming a few of the most popular Linux distros that are used as server platforms. There are more than 300 Linux distros out there, being an open-source operating system, but not all of the distros are used as server platforms. By becoming familiar with the most popular ones, you’ll be able to narrow your focus to the ones that are most popularly used by larger companies.

Oh, and definitely learn to code, particularly languages like Python, Ruby, Perl, C* – you can skip Microsoft .NET. Nobody cares about that.

Find a mentor

To expand on our previous point about being part of the open-source community, it would be highly beneficial to try and find a mentor. There are a lot of hacker groups, finding them isn’t too hard. IRC is usually a good place to start. Express an interest in learning, but don’t ask anybody to “teach you how to hack”. You’ll be ridiculed and told to RTM (read the manual).

Also, lower your expectations. Realize that many hackers are self-taught, and really don’t have the ability to teach somebody else. A mentor, especially in the hacking scene, is not somebody who teaches you the skills, because it’s your job to learn on your own. A mentor can answer questions for you, and point you in the direction of instructional materials and exercises that helped them.

Of course, you run the risk of falling in with the wrong type of hacker group when looking for a mentor. Be very wary of the IRC channels you join, the personalities you interact with. I used to casually hang out on IRC channels and knew quite a few hacker personalities – some were arrested for blackhat activities, others graduated to professional careers in Silicon Valley.

You can take the best cyber security and ethical Hacking course from one of the worlds leading Ethical Hackers Academy.

Website

Latest articles

Wireshark 4.2.4 Released: What’s New!

Wireshark stands as the undisputed leader, offering unparalleled tools for troubleshooting, analysis, development, and...

Zoom Unveils AI-Powered All-In-One AI Work Workplace

Zoom has taken a monumental leap forward by introducing Zoom Workplace, an all-encompassing AI-powered...

iPhone Users Beware! Darcula Phishing Service Attacking Via iMessage

Phishing allows hackers to exploit human vulnerabilities and trick users into revealing sensitive information...

2 Chrome Zero-Days Exploited at Pwn2Own 2024: Patch Now

Google has announced a crucial update to its Chrome browser, addressing several vulnerabilities, including...

The Moon Malware Hacked 6,000 ASUS Routers in 72hours to Use for Proxy

Black Lotus Labs discovered a multi-year campaign by TheMoon malware targeting vulnerable routers and...

Hackers Actively Exploiting Ray AI Framework Flaw to Hack Thousands of Servers

A critical vulnerability in Ray, an open-source AI framework that is widely utilized across...
Guru baran
Guru baranhttps://gbhackers.com
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles