Become an Ethical Hacker
In today's article, I will explain to you the steps to become a White Hat hacker.
The problem is that the word hacker is also associated with pirates and other malicious people. We will focus on the White Hat/Ethics hacker in this article.
Tomorrow, I will explain you the difference between Black, White and Grey hat hackers.
I just wanted to show you the good one first and to make you understand that a hacker is not only an information thief or a computer destroyer. He work towards the common good and It's a shame that he have a negative connotation nowadays.
WHAT STUDIES DO YOU HAVE TO DO TO BECOME A HACKER?
Starting with the question "should I study?" It is immediately apparent that many known hackers have come out of school without any degree.
Note that Bill Gates, Steve Jobs, Mark Zuckerberg among others have all left the university without going to the end.
Some will say that they are exceptions, it may be, but it shows that the quality of a hacker can be proved by something other than degree, there is no need to study. Indeed, a hacker learns a lot "on the field".
Being a hacker is not a job, it's a qualification that you can receive or give it to yourself.
Instead, we use the terms "Computer Security Officer", "Security Consultant", or "System Administrator and
Security" when we talk about the professions closest to the ethical hacker's state of mind. A programmer is often also called a hacker following what he does.
An ethical hacker who looks for breaches in corporate systems to secure them usually holds an engineering degree, and of course many great hackers are also graduates. For those who are interested in such a course, you can look at the Pro License CDAISI which is much about computer security although other IT licenses are just as compatible with computer security.
That said, "looking for breaches" must absolutely be done with all the necessary permissions. It's simple, if you didn’t have the written permission beforehand, you're not an ethics hacker, but a bad one.
WHERE TO START?
The state of mind is not enough, you must also have the required skills.
Some would say that you should start learning HTML. I find it useless.
You must learn to program, but the original language does not really matter.
The hacker learns a lot by himself as soon as he needs to know something. Being passionate, there won’t be any learning problem.
That said, the most normal and easy method of learning to become a hacker is to take all aspects of hacking one by one.
We begin by understanding the ethics of a hacker, concepts and definitions.
Then we try to understand the breaches by categories: web breaches, software, systems, human, etc to know how to protect ourselves and patch them on our own systems and websites.
Hackers generally use open source distributions and programs, talk about breaches, help users and write articles to better protect themselves.
A hacker knows how to use Google, so he knows how to find information, although comprehensive training can greatly facilitate his task.
HOW TO TRAIN?
There are games, platforms and other websites that allow you to train legally.
Many challenges are available on the Internet which gives an overview of your own capabilities.
Here are some resources that might interest you:
- The famous HackThisSite.
- The international CTF challenges.
- Some Wargames.
- The famous conventions in security BlackHat and DefCon.
For those wishing to find a job in computer security, you can take a look at YesWeHack which propose job offers directly related to the world of hacking
A CERTIFICATION FOR THE ROAD?
Recognized certifications in hacking exists: Certified Ethical Hacker and Offensive Security Certified Professional
It is recognized around the world, but of course it has a cost.
There is also the CISSP certification (to prove expertise in the field).
Thank you @vijbzabyss (I had to copy/paste your nick to get it correct ^^) for this article. I mean sincerly!
I've been looking for the past 5 days for some quality content on SteemIt and it's tricky to find its way around!
This one is teaching and resourceful <3
Thx man! I appreciate a lot..
Here are some beginner resources for you:
https://yoirtuts.com/index.php?title=Hacking_TEAM_Hack
https://yoirtuts.com/index.php?title=Finfischer_Hack
https://github.com/ctfs/write-ups-2014
https://github.com/ctfs/write-ups-2015
https://www.owasp.org/images/1/19/OTGv4.pdf
https://forum.bugcrowd.com/t/level-2017-discussion-jason-haddix-bug-hunters-methodology-v2/3048
Tools:
https://blackarch.org/tools.html
https://github.com/danielmiessler/blackhat-arsenal-tools
So kind of you!
Very informative Article as always !
Keep up your work :)
I think the most important thing is to be interested and willing to learn.
Thx a lot man!
Nice info! I remember when I started to learn. It was with https://www.cybrary.it/ it's free and they have nice stuff about security!
Gonna take a look, thx man!
I suppose it would be great to mention about "white hats", "gray hats" and "black hats" as well in order to share the idea of intentions of "hackers".
Je voulais faire un article pour chaque afin que l'article soit interminable :) J'ai vu que tu parles français ;)
Ce serait effectivement super d'avoir d'autres articles avec davatange de détails. Peut-être juste rajouter une ligne en intro pour bien distinguer, et que les lecteurs comprennent que hacker≠destructeur/voleur.
ca permettrait aussi d'aborder une notion préliminaire pour ces prochains articles ;)
Tout à fait! Je débute dans l'écriture d'article pour un blog donc je pense pas encore à tout, merci pour tes précieux conseils!
Et good job pour l'anglais. Je me suis fait avoir et n'ai pas soupçonnee qu'un francophone se cachait derrière ! 🕵
Merci beaucoup!!
Comment tu mets des émojis? Moi ça donne ça: :smirk: @vinyll
Malheureusement le coup des
:smiley:ne marche pas ici.Sur un Mac, tu presses Crtl+Cmd+Space et la liste des émoticones apparait sur la zone de texte 🤜🤛
J'ai un Windows mais merci pour tout quand même! :-)
One more comment (ok, last for now or I'm becoming a spammer :/) to mention that
"should I study?is missing the closing quote sign.Well seen!
You got a 100.00% upvote from @stef courtesy of @vijbzabyss!
Please don't aspire to become an "ethical hacker". Aspire to become a hacker.
If you want to become a CEH hacker, then you will be nothing , but a hack, not a hacker.
Some beginner resources:
https://www.goodreads.com/book/show/1914619.The_Web_Application_Hacker_s_Handbook
http://www.infosectoughguy.com/2017/06/how-to-learn-sql-injection.html
https://www.owasp.org/index.php/OWASP_Vulnerable_Web_Applications_Directory_Project
That's your point of view, but I do not think it's the same for everyone. I think that a white hat can be as good as a black hat, the only thing that changes is the purpose.
This article sucks, sorry for my honesty. Hacking has nothing to do with ethics and I get the idea you have never hacked anything.
Maybe for you but as you can see, others don't think like that.. You can't say that my article sucks just because you don't agree with my point of view. Show some respect for the writing work I have made plz. We just dont' have the same definition of a hacker. And I'm not the only one who think that if you look on the internet...
But I respect your point of view.
My apologies for not respecting your writing. I just have very strong opinions on this topic.
I also have a background of doing bug bounties and CTF's. I've hacked lots of stuff and I've not always had good reactions to my hacking. I once found a xss bug in a famous ecommerce site in my country and I was nice enough to report it to them, there reaction was: that I was issued a warning and next I would be issued a lawyer's letter if I were to share the information with other people regarding this incident.
There is no ethics, the really good guys from a technical perspective are the really bad guys or atleast the guys who have really hacked stuff they weren't supposed to but did coz they were curious. Most of us are really grey hats. The blackhats among hackers are those who are just in it for the money, but some of them are also very good at what they do and if they were given to make the same amount money legally, then they probably will, but bug bounty programs such as hackerone or bugcrowd don't pay great, unless perhaps you are living in a third world country.
If you want to read some hacking stuff that I wrote:
https://steemit.com/hacking/@throwawayaccount/the-psychology-of-thievery
https://steemit.com/hacking/@throwawayaccount/social-engineering-intro-to-social-engineering-for-complete-newbie
People are always afraid of think they don't understand and hacking is something that seems dark and complicated. People don't like that and are afraid of it. And they are right when you can see all the think that can be done nowadays..
You have really done a nice job with the bug you have found, their IT teem was just jealous of your skills ;) They just wanted to protect their-self but they could have been more thankful
Yes for me, it's hard to be always the good withe hat, exactly the same for the life, everything change with your actual state of mind and your need of curiosity or money..
Gonna read it thx man!
Sorry for downvoting /flagging your stuff. I'm gonna remove the flags. Thanks for understanding my point of view.
No problem man, it's always hard to have taken the red pill and to be then accepted by the society. Don't hesitate to comment my post when you don't agree with something! Like I said, I'm not a pro and I'm just informing and advising what I think to be good for the steemit community
CEH is terrible imo. Oscp is the way to go and involves real world type hacking challenges. I suggest look into OSCP. I used to work on penetration testing and I can vouch for OSCP.
Added to the article, thx man!! :)