The Roadmap to become an Ethical hacker
--
INTRODUCTION
First off, are you someone who is interested and want to get into cybersecurity now I want to give you some path and roads where you can start off, and how to go about mastering that and sharping your ability and your knowledge.
who is an ethical hacker? and what does an ethical hacker do in the real life.
A hacker is someone who gains unauthorized access to any computer system thus without permission such as manipulating or having some prior documents, files, keys, etc..
and of course this is illegal and you may be able to get in trouble so thankfully, that the world has changed furthermore, ethical hackers or white hat hackers are being trained for that particular field and with that being said it is now possible to make a living as a hacker legally. Those people are specifically trained to attempting or penetrating computer systems/ network etc.. which makes suitable for the company thus ethical hackers have permission from the owner to testing out such as; malicious, vulnerability, potential security flaws of a computer system.
hopefully, everything is fully explained so far we can dive into roadmap of a hacker what should he/she learn and what makes him/her as a good hacker, which she /her understands everything properly.
Roadmap of an Ethical Hacker
There are a lot of process and things which I want to cover however I am going to make everything clearly and being explained understandably.
- programming and CS fundamentals
- Networking and OS Fundamentals
- Application Security
- Choose your specialization such as;(binary security, web application security(bug bounty hunter)
- Mobile forensics, pentesting, application security
- Network security
- Red team
- Blue team
- Purple team ( like me:))
Oke !! I’ve covered about these concepts however I did not cover about the fundamentals yet. Lets explain more in detail.(I will explain some of them)
Programming and CS fundamentals
Most people do not like programming let’s a few of them because they are willing to hack someone or phish that target with normal automatic tools(Metasploit) but do not forget strong skills come from good CS/programming fundamentals. the best hacker often comes from programming background they do understand the syntax admirably for instance they can illustrate how the software works or they can build their own tool and that sounds great because with those experiments u might build your malware (RAT,worms,viruses) or other things and it is important to have knowledge about any programming language not (mandatory) there are a lot of resources and courses out there, just pick one and go for it.
And the question which I could be asked is of course which programming should I learn than ( good question)
Which Programming language should I learn?
I am going to explain which language what it does and which purposes can be done?
— — — — — — — — — — — — — — — — — — — — — — — — — — — — — -
Language: HTML
Purpose: web hacking
Login forms, and other data entry methods on the web use HTML forms to get data
— — — — — — — — — — — — — — — — — — — — — — — — — — — — — —
Language: JavaScript
Purpose: Web Hacking
JavaScript is really powerful language, been able to get cookies and it can be executed on the client browse
— — — — — — — — — — — — — — — — — — — — — — — — — — — — — —
Language: SQL
Purpose: Web Hacking
with this language u may be able to inject to bypass web application, login forms, tables, database etc….
— — — — — — — — — — — — — — — — — — — — — — — — — — — — — — -
Language: Python, Ruby, Bash, Perl
Purpose: creating tools, scripts
these languages are my favorite because you will create your own tools and scripts which occurs some brute force,MITM,etc and it comes in handy to understanding and customization the tools and scripts which have already been created
— — — — — — — — — — — — — — — — — — — — — — — — — — — — — — -
Language: C/C++
Purpose: writing exploits, malware, shell codes
these two languages are also my favorite however is much harder than Python etc.. u might create your own rootkits, exploits, malware, etc…
— — — — — — — — — — — — — — — — — — — — — — — — — — — — — —
Network Security
Dig deeper in this field because every system must be working with internet so as to communicate each other. Learn about OSI model, vulnerability, and more.. after this you will learn a lot about WIFI hacking and other powerful acknowledgement.
Mobile application security
In this field you will be going to learn about the anatomy of phones, thus you will learn the security, hardware, software everything however.
In this field, you will learn about IOS, android etc you should focus on learning about the security features of modern mobile operating system
(every person uses a phone it is the small version of a computer)
Communication Skills
In this area you have to communicate with your team leader, partner which is extremely important to have this field because as a Hacker you must write report your vulnerabilities which you have found and must be shared your technical knowledge to your clients in order to clear the doubts and issues
you have to focus and being detailed in your writing, and be as clear and concise as possible as you can.
Understanding cryptography
This part is significantly important because most secure information are encrypted so it refers and derive from mathematical concepts and it is kind of rule based calculations called algorithms to transform messages in ways that are hard to decipher however, Ceaser Cipher is not difficult as much.
please consider to learn at least the basic fundamentals it is recommended by extreme good hackers.
Web application security
In this part you should focus on the potential security vulnerabilities that commonly affect web application, and as web security engineer you should be able to understand CVE, web mechanism and more. It becomes more complex. Securing web application has participated into a field of its own thus you want to become a good web pentester, you should practice a lot there are a lot of free web pentesting sites such as ; OWASP, DVWA, JUICE and more and in order to understand the web security mechanism you ought to learn and understand OWASP top 10 vulnerability.
do some practice and take notes from your experience !!!
Lastly, it is of course not enough to learn everything theoretically you have to deal it in practice way, it is important to combine your knowledge what you have learnt those theoretical vulnerabilities , create team, meet some experienced ethical hackers and ask for help, learn the both side, red team, blue team you have to defend yourself and hack your way. I want to put some links where you can start.
There are much more resources and books which you can read and being put that in your practical process
Linux penetration testing OS
Kali Linux:
the most infamous distro from the folks
Parrot OS:
also a debian distro however it offers full portable lab for security
android tamer:
this virtual/live machine for android security professional
Blackarch:
arch linux based pentesting distro, compatible with arch installs
Lionsec:
linux pentesting for Ubuntu
Tail:
Anonymously browsing , TOR network
social media platforms
telegram: @Black_Mamba010 also going to share some python, CTF, and much more
LinkedIn: https://www.linkedin.com/in/ahmetgöker
YouTube: https://youtube.com/TurkishHoodie
please consider to follow and subscribe my channel there are coming awesome resources and explanation about this
Happy hacking .
Costs of hacking
Millions of people around the world have been victimized by criminal hackers, leading to billions of dollars in financial loses
National security
Hackers and other cyber criminals attempt to break in to US government system, including defense operation
Stopping hacking
The FBI and other police organization around the world have for several years been arresting individual hackers and members of organized hacker rings on charges of stealing millions of dollars via malicious hacking
Many Thanks.
