The Hacker Mindset
One of the key traits that sets apart hackers from run-of-the mill IT folks is the "hacker mindset." This mindset is best described by four attributes:
Problem solving
Commitment to freedom
Creativity
Helping your fellow hacker
Much has been said already here on Technic Hubs about helping our fellow hackers, so I won't repeat it. I will, though, re-emphasize that Technic Hubs is a newbie-friendly environment for learning hacker skills—and I intend to keep it that way. Mistreatment of those trying to learn will not be tolerated here.
Hackers believe in freedom. That's why Linux and so many of the hacking tools are open source. This freedom extends beyond the software and includes freedom of the internet, freedom of information, and freedom to exchange.
The hacker mindset is not limited to a single way of doing things. The hacker realizes that there many, many ways to get the same thing done. When a hurdle arises, they find a new way to bypass it. Sometimes this means using our tools in ways they were not intended, and sometimes it means creating our own tools. To use an overused—don't be boxed in by others' ways of doing things. Think outside the box!
Problem-Solving
The hacker must be a problem solver. This skill comes from repeatedly solving problems without asking someone else to solve it for you. Although it may be easier to Google for the solution, or ask someone with more experience, this will bypass the process of learning how to break down problems into manageable units and solve each one analytically. ALL hackers have this skill. Without it, you will doomed to frustration and mediocrity. It's okay to ask for help when you are stuck, and our Technic Hubs community is a great place to ask as there so many knowledgeable and helpful hackers here, but problem-solving is a skill that is only developed and strengthened by practice.
You might be able to ask and get a quick answer here, but if you solve it yourself, you will be strengthening your analytical and problem-solving skills that will not only serve you well as a hacker, but in all endeavors of life.
Persistence
Going hand in hand with the problem-solving skills is persistence. When faced with a hurdle or problem, the true hacker does not throw up their hands and quit, rather they persist until they create a solution. Sometimes those solutions may takes hours or days or weeks or months, but the hacker doesn't quit. They are confident that eventually they can crack the problem, and in the meantime, their persistence is yielding new knowledge and strengthening their very valuable problem-solving skills.Basics Background
The hacker must have some basic skills of the IT field. These would include Linux basics and networking basics—at a minimum. To be capable of writing your own scripts, you need basic BASH scripting and preferably one of the following scripting languages: Perl, Python, or Ruby.To delve deeper into exploit development, knowledge of assembler and C is required. If you want to attack databases, SQL knowledge is required. When attacking websites, a whole host of web languages is useful.
In many cases, it's useful to learn how to build something before you try to hack it. For instance, once you have built a web app, then its easier to understand how to hack them. This isn't required, but some people find it a better route. There are some hackers who are incapable of building anything as their mindset is one of finding flaws and breaking things.
The hacker must develop some hacker-specific skills. As mentioned above, they have a knowledge of networking and Linux, but then must build upon that knowledge by becoming conversant in one of the hacker operating systems, such as Kali, and some of the more widely used tools, such as:
Metasploit
Nmap
Hping3
Wireshark
BeEF
Aircrack-ng
Snort
Cain & Abel
Burp Suite
Nikto
Nessus, Nexpose, or OpenVas
Sysinternals
Sqlmap
Dsniff
Splunk
Tamper Data
p0f
A good password cracker, such as John the Ripper or Hashcat, or any number of other password-cracking tools
Although this not an exhaustive list, I believe these to be the most important tools for the aspiring hacker to master.
Choose a Focus
The world of information technology is vast. There are so many technologies and languages and no one can master them all. If you try, you will likely be stuck in a superficial understanding of all of them without the deep enough knowledge to master any. The same applies to hacking. Choose an area to focus your efforts in and master it. Once you have mastered that one, then look to master another. No one masters them all—and definitely not at the same time. Attempts to master all of the IT skills, and thereby hacking skills, will only lead to frustration and mediocrity.
Certfications
The IT industry, in general, and the hacking industry, in particular, like to see certifications. The reason for this is that certifications tend to be skill-specific, while degrees tend to be broad and theoretical. For someone trying to enter this field, the certifications are a surefire way to impress a prospective employer.As a starting point, I suggest the CompTIA certifications such Security+, Network+, and A+. These vendor-neutral certifications will provide you the fundamental skill sets necessary to advance to the next level.
Then I would suggest a hacking certification. The Certified Ethical Hacker (CEH) is the grand daddy of ethical hacking certifications, but it is not held in high regard in the industry. That is why we will be offering our own certifications (CWA, CWE, and CWP) beginning in January 2016.
For those with advanced skills, there is the GIAC Penetration Tester (GPEN) certification and the Offensive Security Certified Professional (OSCP) certification. Both are well regarded in the industry, and they require hands-on skills to pass, unlike the CEH.
The growth of the IT security field and hacking have made this a prime time to study hacking. This growth and the concomitant demand for hackers will likely continue for many years into the future, making this career path a bright one for those with the aptitude and work ethic to study hacking.
No comments:
Post a Comment