Many of my aspiring hackers have written to me asking the same thing. "What skills do I need to be a good hacker?"
As the hacker is among the most skilled information technology disciplines, it requires a wide knowledge of IT technologies and techniques. To truly be a great hacker, one must master many skills. Don't be discouraged if you don't have all the skills I list here, but rather use this list as a starting ground for what you need to study and master in the near future.
This is my overview list of required skills to enter the pantheon of this elite IT profession. I've broken the skills into three categories to help you go from one rung to the other more easily—fundamental, intermediate, and intangible skills—and have included links to related articles on Null Byte for you to get acquainted with.
These are the basics that every hacker should know before even trying to hack. Once you have a good grasp on everything in this section, you can move into the intermediary level.
It probably goes without saying that to become a hacker you need some basic computer skills. These skills go beyond the ability to create a Word document or cruise the Internet. You need to be able to use the command line in Windows, edit the registry, and set up your networking parameters.
Many of these basic skills can be acquired in a basic computer skills course like A+.
You need to understand the basics of networking, such as the following.
- Public v Private IP
- Routers and switches
- OSI model
- MAC addressing
As we are often exploiting these technologies, the better you understand how they work, the more successful you will be. Note that I did not write the two guides below, but they are very informative and cover some of the networking basics mentioned above.
It is extremely critical to develop Linux skills to become a hacker. Nearly all the tools we use as a hacker are developed for Linux and Linux gives us capabilities that we don't have using Windows.
If you need to improve your Linux skills, or you're just getting started with Linux, check out my Linux series for beginners below.
Wireshark is the most widely used sniffer/protocol analyzer, while tcpdump is a command line sniffer/protocol analyzer. Both can be extraordinarily useful in analyzing TCP/IP traffic and attacks.
You need to become proficient in using one of the virtualization software packages such as VirtualBox or VMWare Workstation. Ideally, you need a safe environment to practice your hacks before you take them out in real world. A virtual environment provides you a safe environment to test and refine your hacks before going live with them.
A good hacker understands security concepts and technologies. The only way to overcome the roadblocks established by the security admins is to be familiar with them. The hacker must understand such things as PKI (public key infrastructure), SSL (secure sockets layer), IDS (intrusion detection system), firewalls, etc.
The beginner hacker can acquire many of these skills in a basic security course such as Security+.
In order to be able to hack wireless, you must first understand how it works. Things like the encryption algorithms (WEP, WPA, WPA2), the four-way handshake, and WPS. In addition, understanding such as things as the protocol for connection and authentication and the legal constraints on wireless technologies.
To get started, check out my guide below on getting started with wireless terms and technologies, then read our collection of Wi-Fi hacking guides for further information on each kind of encryption algorithms and for examples of how each hack works.
This is where things get interesting, and where you really start to get a feel for your capabilities as a hacker. Knowing all of these will allow you to advance to more intuitive hacks where you are calling all the shots—not some other hacker.
Without scripting skills, the hacker will be relegated to using other hackers' tools. This limits your effectiveness. Every day a new tool is in existence loses effectiveness as security admins come up with defenses.
To develop your own unique tools, you will need to become proficient at least in one of the scripting languages including the BASH shell. These should include one of Perl, Python, or Ruby.
If you want to be able to proficiently hack databases, you will need to understand databases and how they work. This includes the SQL language. I would also recommend the mastery of one of the major DBMS's such SQL Server, Oracle, or MySQL.
Web applications are probably the most fertile ground for hackers in recent years. The more you understand about how web applications work and the databases behind them, the more successful you will be. In addition, you will likely need to build your own website for phishing and other nefarious purposes.
To become good hacker, you must not be caught! You can't become a pro hacker sitting in a prison cell for 5 years. The more you know about digital forensics, the better you can become at avoiding and evading detection.
The beginner hacker must understand TCP/IP basics, but to rise to the intermediate level, you must understand in intimate details the TCP/IP protocol stack and fields. These include how each of the fields (flags, window, df, tos, seq, ack, etc.) in both the TCP and IP packet can be manipulated and used against the victim system to enable MitM attacks, among other things.
Although one doesn't need to be a cryptographer to be a good hacker, the more you understand the strengths and weaknesses of each cryptographic algorithm, the better the chances of defeating it. In addition, cryptography can used by the hacker to hide their activities and evade detection.
Reverse engineering enables you to open a piece of malware and re-build it with additional features and capabilities. Just like in software engineering, no one builds a new application from scratch. Nearly every new exploit or malware uses components from other existing malware.
In addition, reverse engineering enables the hacker to take an existing exploit and change its signature so that it can fly past IDS and AV detection.
Along with all these computer skills, the successful hacker must have some intangible skills. These include the following.
There is ALWAYS a way to hack a system and many ways to accomplish it. A good hacker can think creatively of multiple approaches to the same hack.
A hacker is always coming up against seemingly unsolvable problems. This requires that the hacker be accustomed to thinking analytically and solving problems. This often demands that the hacker diagnose accurately what is wrong and then break the problem down into separate components. This is one of those abilities that comes with many hours of practice.
A hacker must be persistent. If you fail at first, try again. If that fails, come up with a new approach and try again. It is only with a persistence that you will be able to hack the most secured systems.
I hope this gives you some guidelines as to what one needs to study and master to ascend to the intermediate level of hacking. In a future article, I'll discuss what you need to master to ascend into the advanced or master hacker level, so keep coming back, my novice hackers!