Forum Thread: So...You Want to Be a Hacker?

If you are reading this , you too probably aspire to become a hacker. That's good. Hacking is rapidly becoming one of the most sought after skill sets by IT security firms, pentesters, militaries, spy and espionage organizations, and military contractors. Right now, most of these organizations cannot get enough well-trained hackers, so now is a great time to train as a hacker. That having been said, let's take a moment to look at what makes a good hacker.

The Route to Become a Hacker

The route to becoming a hacker is not an easy one. Some newbies to this field think that all need is some magic "hacking tool" and you can simply hack into any computer. That's far from the truth.

Unlike other IT professions, a great hacker needs to understand most of the information technology disciplines including networking, databases, operating systems, web serving, scripting, cryptography, etc. In addition, the hacker needs to have functional knowledge of multiple operating systems including Linux, Mac OS and Windows. This may take years of experience and/or study. Then, after learning how these various information technology systems WORK, you then need to focus on how to BREAK them. This may require additional training and experience.

Think Outside the Box

Hacking is NOT like other areas of IT. In most IT disciplines, you learn that if you do this... and then that... and then that, the system does what you want. That is NOT usually the case with hacking! Good hackers have to think outside the box or tablet. You have to think about how you can make a system work in ways it was NOT designed to work. We need to understand intimately how systems work, so that we can make them operate in ways that their developers never intended!

Persistence

It also important to note that not every hack works every time. Depending upon the circumstances, a hack might work now and then not work a short time later. We need to then figure what changed and then re-attempt the hack in a different way. In addition, a hack might work once and then never work again. For instance, if you are trying to remote code execution, this usually requires a buffer overflow. When the buffer is overflowed, it sometimes can become damaged and will not work properly again. In that case, you only get one shot to hack the system.

Creative

Hackers must be also be creative. If you expect a cookbook on how to get something done, this is probably not the profession to you. There are good tools available to you, but a good hacker often needs to be creative on how to use them or even tweak them for a specific task.

So...if you want to be a hacker, Null Byte is a good place to start, but it won't be easy. If you put in the time, study and work, though, this can be one of the most fascinating and financially rewarding professions in the world!

23 Responses

But master, with us generally being an underground, or more or less secretive community, how can we make the jump from here to there. I mean, we can't go around posting our CV's on to CEO's desktops with security recommendations attached can we? Or are we all condemned to using SQL injections to extract innocent peoples credit card information that moronic servers are storing in clear text to sell to the highest bidder. Are you taking interns at the moment? How can we actually get our foot in the door of the security community so to speak?

Existing:

That's a great question!

One way to get your foot in the door is to get some hacking certifications. There are a number. There is the basic certification called Certified Ethical Hacker (CEH). Also, there is the GPEN from SANS and the Advanced Hacking certification (ECSA) from EC-Council. In addition, there is a Certified Cyber Warrior (ECW)certification. Any of these would be a good resume builder to enter the legitimate hacking profession.

OTW

The problem is that these courses are a credit card runs worth of money to sit, might as well go get a ba. in comp science. (Or a lucky bug bounty) This is the problem with the way the I.T industry works.

No one wants to sit through a course to learn to do things they can already do, or worse, the common one of doing things successfully one way, but that is not the way the course instructor wants things done (I'm not saying theres NOTHING to be learned in these courses, just bitching about the pricing). It's a vicious cycle, risk ones future career while making money to fund courses to begin/continue ones career.

Rant over.

One thing I find myself asking over and over again, is what do I need to know inherently. Inside and out. I understand the question itself can be vastly complicated, but where I'm running into trouble, is that there is SO much information now. Sometimes I'm not even sure if I'm spending time learning obsolete things or not. I've finally gotten to the point where I'm comfortable with a terminal. But something is just not clicking for me. I know because I haven't had that aha moment yet where I can tie all the random interworkings that I've been studying together, and I would assume that that's because I don't have networking down as good as I should. Sigh, tis a long road, thank you OTW for being a lamen's guru in this time of information overload.

I'm exactly at this point right now today. I was wondering how you feel now that 5 years have passed.

Buddie I hear you im working towards my offsec cert whist working in a completely different field. In my own uneducated opinion start following a few places that write about the current threat landscape and look seriously into course material you'd be surprised what you can get in a torrent this day and age

which is better , kali or backtrack?

Zeyad:

Welcome to our community of hackers here at Null Byte!

They are both good. I use BackTrack because Kali still has a few bugs.

OTW

Ty master , i made an exe file that makes me exploit a pc with a tutorial in youtube , but i can only hack lan computers i can't get anything in wan and for now , i'm learning the linux basics from your tutorials to start a fresh start :)

Hey otw ! YOUR TUTORIALS on linux basics were just amazing i'm on the 6th one now .i'm just a very beginner in the world of IT And i don't know actually who is a hacker , i mean i know(please correct me if i'm wrong) that a hacker is a very knowlegdeable person who can easily understand weak points of a program or network etc. and use them against it. But i don't know what it takes to be a hacker , i mean what background it needs . I'm learning c++ language at school and all i know about hacking is through your tutorials on linux basics , I've installed Kali linux on vmware and also ubuntu 12.10 . Do you think i can learn to hack and

Do you think i should complete c++ first or both can be done side by side.

BTW can you explain me (or give a link to any article concerned if you don't have enough time) about black hats and ethical hacking . i mean can i be called an ethical hacker if i have no certifcate concerning that but doing good work.

I don't expect you to be having so much time to answer such a long ques quickly so please take your time to answer .
THANKYOU FOR READING SUCH A LONG thing.

OTW:

I know you said that thinking outside the box is an important skill for being a truly skilled hacker and to do this one must become intimately knowledgable with the system being hacked. I assume that this means spending many hours learning how operating systems, Apache servers, lower level languages and higher level languages work and how to use them. I guess what I am looking for is confirmation that these things are things that will be worth diving into, assuming that learning to be a truly skilled hacker is worth the work.

On a side note, what are your thoughts on people learning to hack in their mid-teens? Like is it really possible to obtain enough knowledge to become a penetration tester for companies or does that level of expertise only come after years and years of work?

Polyhistor:

Obviously, I think that becoming a "truly skilled hacker" is worth. Even if you never become a penetration tester/hacker, the knowledge you will have gained goes far beyond the average IT professional, That knowledge will serve you well in just about any undertaking in the IT disciplines.

I think it is work studying hacking even in your mid-teens. It may take few years, though before you actually get a job hacking. I have, however, seen some very talented teens working as penetration testers, but it is rare.

OTW

What pc do you need to hack with and how do you hack gat v online please tell me

Hacking is an art. And this art can take a lot of effort. And if you want to learn to do it just for the thrill of it then just leave it alone. You are disrespecting hackers and killing their reputation by hacking games and you're cheating. Fair playing and losing is better than cheating and winning. At least you'll be true to yourself. But still you want to do this then search for cheat engine and read some tutorials and understand basic concepts in games like variables,etc. Dont be a script kiddie.

Hi master OTW. I loved your tutorials and I just wanted to ask an question that which language to prefer for exploit writing because exploits are written in so many languages that I couldn't find the right one.still I would prefer c++ or java. Can you tell me which one to learn first. I know python is good but I'm gonna learn it after I learn one of these.I'm 14 years old and currently learning C. I have basic networking skills and metasploit knowledge and can edit packets and launch exploits and other things. Can you please guide me what to do next and which one to learn first out of both of them. Plase take your time to answer and thanks for reading such a long question!!

Hi Master OTW,

I am from Electronics engineer background and only has little programming skill.

Recently me and my family got scammed by an investment website and all our savings were gone when they faked a trading record that eat up all our money. Is there anyway to hack into and change the value for that? We are only genuinely wanted to revert back our capital and not gain from it. I wanted to learn to hack by myself but I'm afraid that they will shut down the website soon which means we have no chance at all to recover. I have tried to talk to the company but they are not going to refund anything to us. Really appreciate your help on this.

Thanks

Hi guys, I really need some help here. My sister is getting depression after the incidents as she put her bet for her children education fund but the scammer had wiped out her savings too. Just need some advice here. Pm me for any advice. Thanks

Exploit Dev/Adjusting/fuzzing

I'm relatively new to hacking. The problem I encounter often is fuzzing adjusting exploit code without a copy of the target application so I can examine with

gdb/olldbg.

When you can't get a copy of the application - either because it is ancient/vuln version no longer available for download - or its a licensed copy and expensive.....

I'm familiar enough (not super experienced) with GDB and Immunity, ollydbg to adjust a NOP, get my code to land on an EIP.... but.... I don't know how to test that - without the actual app....

I can't be the only one that has run into this problem - there must be some clever way of dealing with that. Any suggestions would be greatly appreciated

But master, with us generally being an underground, or more or less secretive community, how can we make the jump from here to there. I mean, we can't go around posting our CV's on to CEO's desktops with security recommendations attached can we? Or are we all condemned to using SQL injections to extract innocent peoples credit card information that moronic servers are storing in clear text to sell to the highest bidder. Are you taking interns at the moment? How can we actually get our foot in the door of the security community so to speak?

Can someone please advice me on which computer to buy for hacking.
thanks.

Depends how serious you want to invest. Most dev and coders agree a basic HP is good, Dell hava lot BLoatware so....... MS & Mac hav no USB ports and if youre serious and not into stupid MS/Mac clouds for file transfers/saving, youre best off steering clear of them too. I gotta new ASUS (gamer) laptop (Zephyrus) as I am serious and I needed a lot of portts, a decent PCI slots and ram slots for upgrading, etc, which so many silly flimsy new MS & mac don't have these days. u need slots, u need ports, u need decent ram amount and upgradability (slots) , u need a wiffi card/wifi adapter, etc,etc, need not be a Gamer laptop like mine but Acer/Asus is a good option, esp Lenovo ThinkPad (yoga etc) as they are the "go to"" for all serious hackers/coders , are cheap and have decent ports. u don't need expesive, as things in hacking get broken and damaged due to hacking itself, u just need ports /slots.

Share Your Thoughts

  • Hot
  • Active