Today’s post is to answer a very commonly asked question by many people on social media or YouTube comments. So if you are one of them who is wondering, I hope these guidelines will help you to get started. Disclaimer: The purpose of this post is to help others get into ethical hacking. The author will not be responsible for any misuse of the following information.
1. Learning programming
If you are already in the tech field, congratulations. You can skip this step. However, if you are new to the tech field, it is important to learn to code. There are four most important high-level languages to learn which are:
C++ is very important as it teaches you many things such as pointers, heaps, etc which other high-level languages do have but it is not visible to the programmer. You might have heard rumors of C++ being one of the most difficult languages to learn. If you managed to learn it, other programming languages will definitely be simpler for you.
Besides learning many things, C++ also helps you to understand Assembly language better when you do reverse engineering in the future on C/C++ programs. Many of the actual applications are running on C++ such as Firefox, Google Chrome, etc. Therefore, learning C/C++ is a must. You can pick it up on Derek Banas’s YouTube channel here.
Python is the next high-level language to learn. Learning Python is useful as it helps you to script exploits quickly as well as there are many libraries available that help with binary exploitation such as Pwntools. Besides that, Python is usually used for website’s backend application hence learning Python will be helpful. Once you learned C++, Python should be very easy for you to pick it up. You can check out Derek Banas’s YouTube channel on Python here which his programming tutorials are always amazing.
Leaning PHP is very important as many websites are still running on PHP. Learning PHP will also help you to understand better on web requests, input sanitization, etc which will help you in web hacking. You don’t have to master PHP as compared to C++ and Python. A basic understanding will do. Learn it enough to understand PHP source code when you attempt those grey-box web application challenges in Capture-The-Flag (CTF) sites such as HackTheBox.
I wouldn’t really consider SQL as a programming language but it is something you must learn. Learning the SQL helps you when you develop websites or desktop applications as you need to query the database to Create, Read, Update, or Delete (CRUD) data from the database. Besides that, learning SQL will help you to understand SQL injection easily in the future.
2. Learning assembly language and computer architecture
Learning the assembly language is very important due to these two benefits:
- Reverse engineering
Reverse engineering is important as it helps you to find vulnerable parts in an application such as possible buffer overflow (BOF), format string attack, Use-after Free (UaF), etc. As an application is usually compiled, we won’t be able to see the source code unless we decompile. However, sometimes decompilation is not accurate or some vulnerabilities can only be seen at the assembly level.
Once you learn assembly, you can then learn shellcoding. Learning shellcoding is important as sometimes there is little space available in the buffer so you have to craft your own shellcode. If you are not sure what shellcode is, it is basically bytes of instructions in hexadecimal send as user input that will be executed by the victim system, result in spawning a shell or a reverse shell so that you can access local files in the server or escalate to admin rights.
Therefore, you can start learning x86 assembly before learning x64 assembly. Once you learned these two, it should be easy for you to learn other assembly languages such as Smali for Android mobile application reverse engineering.
When learning computer architecture, you should learn it side-by-side with assembly. This means that as you learn assembly, you should learn about CPU, stacks, heaps, registers, clock-cycles, etc. You should also learn about page table, Virtual-Address Space (VAS), threads, concurrency, and many more. These will help you to understand the computer better before you attempt binary exploitation in the future. A good book to pick up is the Operating System Concepts 8th Edition by Abraham Silberschatz, Peter B. Galvin, and Greg Gagne.
3. Learn computer networks
Learning how the internet works is important as often it may be the first step/knowledge required to attack a remote system. You can easily borrow free CCNA books from the library. You should learn about routers, IP address, TCP/IP, ports, different types of firewall, Domain Name System, services, tunneling, etc. Understanding the network will help you to do enumeration before attacking a remote system. Besides that, it also helps you to learn to exfiltrate data out of a network discretely without being discovered.
4. Learning the command-line (Windows and Unix)
Often many non-techies in the current era have zero interaction with the command-line, let alone knows what it is. Command-line is usually text messages you send to the computer and it will do something based on your instruction rather than the usual Graphical User Interface (GUI) where you click on stuff on the computer.
Learning the command-line is important as that is usually the interface when you successfully access a victim’s computer through reverse shell or SSH. You have to learn both Windows’s CMD and GNU/Linux or Mac’s terminal interface here as both of their commands are different.
5. Learn exploitation techniques
To utilize what you have learned previously such as assembly language, web programming languages such as PHP, and computer networks, you learn about the existing exploitation techniques being used.
Some of the existing exploitation techniques to learn are:
- Buffer overflow
- String format attack
- Return-oriented programming (ROP)
- Use-after Free
- SQL injection
- Cross-site scripting (XSS)
- Server-site template injection (SSTI)
- Race conditions
6. Practice on Capture-The-Flag (CTF)
CTF is basically challenges or servers where you have to hack in to get a flag or bypassing the security mechanisms of software to get a flag. A flag is basically string/text to submit to the CTF’s website to prove that you have completed the challenge. Therefore many CTF challenges such as Pwn (binary exploitation), web, reverse engineering, or CVE vulnerability machine. These will help you to practice your skills and learning new things.
There are many websites to do CTF. Two of the popular ones are TryHackMe and HackTheBox. TryHackMe is more learning-friendly as there are steps of hints or guides you. HackTheBox is more difficult. Easy challenges or machines in HackTheBox are usually medium levels in other CTF websites. I generally like to practice on HackTheBox more. If you want to practice on HackTheBox, I would remember you do practice on Pwn challenges, web challenges, reverse engineering challenges, and machines.
Besides those two websites, you can practice anytime anywhere, you can also join CTF competitions to learn or even win some money/prizes. Go to https://ctftime.org/ to look at the list of upcoming CTF competitions you can join. Those with higher weights are usually more difficult and reputable. For those starting out, I would recommend you to join those lower weights or zero weights competitions in case it is too difficult for you.
7. Learning deep learning (optional)
This is a field that is less common as it is more popular among academic researchers in Universities. Learning deep learning will help you to understand more of those security mechanisms protected by artificial intelligence and how to use an adversarial attack to bypass them. The adversarial attack includes space-time features attack through perturbation etc. I only have some experience in it when I was in University. Who knows you might actually like this area and choose to become a researcher in your local University?
8. Keep learning and don’t stop!
There are always new things to learn. The field of security is very big and there are always new exploitation techniques invented. Every week, you might see a new CVE vulnerability released to the public. Learn about them. Follow those proofs-of-concept (PoC) or write-ups and you will learn something new.
Hacking is not something you will pick up in a week or months. It might take you a year or years to become good or being acknowledged by the public as a Hacker. If you have a high IQ, you probably can become good in a year or so. It took me years to reach my current level with University helping me to learn things I didn’t learn online by myself. Despite being in this for years, I am not a hacker and inspiring to be one. Once you join CTFs or read PoC of CVEs by true hackers, you will feel you are not considered one yet. If you feel you are already a hacker, I tell you, you will get complacent and stop learning. Even pro hackers like LiveOverFlow don’t consider himself as a hacker!
Keep learning. There are also tons of good resources such as:
- Binary exploitation, game hacking, web exploitation, browser exploitation, etc.
- HackTheBox’s retired machines’ walkthrough
- Exploitation writing
- Guided Hacking
- Game hacking
- John Hammond
- CTFs walkthrough, malware analysis, pentesting, binary exploitation, etc.
I hope these tabs have been helpful to you. Feel free to leave any comments below. You may also send me some tips if you like my work and want to see more of such content. Funds will mostly be used for my boba milk tea addiction. The link is here. 🙂