How to become a cool hacker. How to acquire hacking skills. Channel your current work in the right direction

This article was created for those readers who know that hacking activity (in the usual negative sense of the word) is illegal and entails a number of negative consequences both for the hacker himself and for society as a whole. For comparison, let's imagine an apartment burglar - he acts illegally, committing and sometimes stealing it. In this sense, a hacker is no different from this type of person: both are found, tried and imprisoned.

Therefore, the first rule in mastering this business is: before becoming a hacker, read the legislation and think about responsibility.

The hacking case became popular almost immediately after. Today you can often hear: “I want to become a hacker, a cracker,” and questions about how to break a site filled the Internet, even taking into account the fact that recently there have been many examples of show trials in the case about information pests of the network space.

Definition

Before you become a hacker, you need to understand what it is. There are several myths in society regarding this computer craft, and all of them are only partially true.

Firstly, it is believed that a hacker is a programmer who is very knowledgeable in this field and hacks programs, databases, security systems, etc. Part of this statement is true, namely that these people have highly qualified. The rest is not true: initially, program hackers used workarounds, solving a lot of complex problems. Those who crack programs for destructive purposes are called "crackers" and are not particularly respected among programmers.

The word “hacker” itself is sometimes used when talking about a first-class specialist who knows the slightest subtleties of his craft and knows how to solve professional problems in an unconventional way.

But now, most people understand hackers as attackers who steal information that is not intended for publication or falling into the wrong hands (for example, passwords, secret government documents, personal user information, etc.).

Also, the understanding of hacking in society is so blurred that those who create and distribute viruses and illegally gain access to money accounts are also included in their ranks.

It can be said that large group He also considers people pests.

We will adhere to the concept of a hacker as a capable and intelligent programmer whose activities are not aimed at destruction and theft.

How to become a hacker: creativity

To be a hacker, you need to become a creative person, because the basis of this activity is finding atypical solutions.

The peculiarity of hacker activity is diversity, so it is necessary to solve new problems that require a non-standard approach. This is how skill develops, which is the main sign of a hacker.

knowledge and languages

To become one, you need to have high level intelligence, specific knowledge and practice.

The most important thing is to learn to program. To do this, choose a language, study it and practice it. For a true master, it is not enough to know one language perfectly, so you need to understand the very principle, the method of any language in order to be able to learn any other in a couple of days, correlating some differences with those already known.

How to become a hacker: practice

Books and lessons can only give a general theoretical idea about this matter, so if you have no desire to teach languages, but want real practice, then the most effective method- read other people's codes and write your own.

Cybercriminals with deep knowledge of programming and experience in finding vulnerabilities in software are developing a variety of “thieves’ tools” that allow them to penetrate computer devices and networks in order to search them and steal information that is “valuable in itself” (for example, a bank account from which money can be withdrawn) or data that the theft victim’s business competitors can pay for (for example, technological know-how).

In addition to the above-mentioned cases of “ordinary theft” and theft of information of a “very personal nature” (correspondence, photographs, etc.), in the last few years new types of hacker activities have appeared, carried out on behalf of government intelligence services as part of “cyber weapons testing”, which can be used in cases of war.

Malicious software can be purchased or downloaded for free on the Internet by any hacker who is unable to independently create “thieves’ tools.” But you still need to learn how to use these programs, first of all, in terms of searching for vulnerabilities in widespread operating systems ah and applications. And here the “older comrades” took care of the younger generation of cybercriminals, offering them systems like Armitage for Metasploit, which allow them to automatically select vulnerabilities and exploits for them. However, in most cases, this hacking tool requires settings, which makes it difficult to use for novice hackers who are not very keen on any training.

And finally, for the laziest individuals who want to quickly become hackers from scratch and get adrenaline from hacking anyone, free AutoSploit software is available on the Internet, providing complete automation of a cyber attack. Now any teenager can run AutoSploit just for fun (even without selfish intentions) and see “what comes out of it?” And this is what happens:

  1. AutoSploit using search engine Shodan independently finds Internet-connected computers, servers, IoT devices, industrial controllers, video cameras, smart home equipment, etc.
  2. then the Metasploit software is pulled up, which one by one identifies vulnerabilities in a long list of Shodan and attacks them,
  3. once the attack is successful, AutoSploit “opens the gate” to the compromised device,
  4. the owner of AutoSploit feels like the winner of the “fortress”, walks around it wherever he wants, and maybe “fools around”.

In the “best” case for a hacking victim, they can watch her through a home video camera. What if an “idle hacker” accidentally got into a power plant or some production equipment?

No one can guess how the invisible Internet tour of the enterprise might end. And here, finally, those small companies that neglect IT protection will have to think about it, believing that no one will even try to hack their corporate networks, since they (these companies) are of no interest to competitors. And they have “micro-sums” in their accounts. Now it becomes clear that even if they do not try to hack the network consciously, it can be hacked accidentally by some “pampered person.” And what actions in the office network will his “childhood fantasy” push him to - it’s scary to think! So, gentlemen, think about IT security “before”, not “after”.

How to become a hacker from scratch? – I see this question very often on various thematic portals and forums, and now I will try to give a detailed answer to it. Basically, absolute beginners, or, to put it more clearly, “dummies,” are interested in this. Having heard about the various exploits of Anonymous, AntiSec, LulzSec, many guys also want to get acquainted with this culture, become part of it, gain knowledge, skills...

The desire is very laudable. But do they all understand the meaning and significance of the word Hacker?? Very often, when asking people who are not interested in this topic, you can get one answer that this is a person who is engaged in creating malware, carding credit cards, phishing, spamming, password guessing and much, much more.

But they don’t know that such a person cannot be called a hacker at all, he is just an ordinary cracker or cracker (from the English crack - hacking), in fact, an ordinary criminal who deserves punishment to the fullest extent of the law.

So, who can be called a hacker?? Wikipedia defines it as a person who has thorough knowledge in the field of IT and computers. But this approach is too one-sided in my opinion, because even Eric Raymond original text“How to become a hacker” (required reading, search) does not provide an exact definition.

In my humble opinion, a hacker is, first of all, a creator, a creator, striving for knowledge, self-improvement, striving to squeeze the maximum possible out of himself and his hardware. That's all the difference from an ordinary mortal, as well as many idiots who consider themselves hackers.

And yet, how do you become a hacker from scratch? What needs to be done for this?

1. Get one of the Linux options and learn to use your PC to its fullest.

Almost every person in our country already has his own Personal Computer, or even two. The first step of a future hacker is to get Linux distribution or one of the BSD versions, and install it on your personal computer.

I agree, there are many other operating systems in our world. But they are distributed in compiled machine codes, and you cannot easily study these codes, much less modify them. Learning to hack on machines that run Windows is almost as stupid, how to learn to dance while being plastered from head to toe.

2. Learn to use the Internet and write HTML.

The Web is a giant hacker's toy that even politicians say is changing the world. Even for this reason alone, you should learn to work with the Web, although there are many other good reasons.

Just learning how to operate a browser will not be enough for you (everyone can do this); in addition to all this, you must learn to write in HTML (in combination with CSS), the markup language of all Web documents. However, if you don't know how to program yet, then writing HTML code will help your mind learn some very useful habits. Therefore, I recommend that you make your first home page. Also learn XHTML, which is designed more carefully than regular classic HTML.

3. To become a hacker from scratch, you definitely need to learn how to program.

This is not at all as difficult as it seems to the uninitiated person. You just have to start. And it’s better to do this with the Python programming language. It is quite simple, but its syntax is quite strict, and a deep understanding of the basics will save a tremendous amount of time when learning the following programming languages.

After all, it won’t be limited to Python alone. Java, C and C++ are also required to study.

The purpose of this training is a deep understanding of the processes occurring in the computer. Superficial knowledge is not enough, because pretty soon it will become a significant limitation in hacker activity.

4. Learn English.

It's simple: the sooner you do this, the better, because English is the base language of the more advanced part of the hacker community. It is no secret that the Soviet Union and its inhabitants are characterized by a certain inertia, and we need to be on the cutting edge of technical developments and innovations, which, unfortunately, mostly take place abroad. There's no escape here...

I guess I’ll stop here, but don’t forget to read Eric Raymond.

Before you start talking about the stages of training, you need to specifically answer the question: who is a hacker? It is impossible to become a hacker without knowing what he does and what lifestyle he follows. Almost every person has watched films where hackers hacked not only ordinary payment systems, but also government agencies with only one goal: to get vital information and use it for your own purposes, for example, sell it for a lot of money and so on. But is it really that simple? Why are hackers elevated to such a high level?

In fact, a hacker is an ordinary programmer who knows program code and knows how to hack it. He does not pursue the goals that are demonstrated in the movies, he does not want to steal information and then threaten that it will become publicly available, and so on. First of all, a hacker is an experienced programmer, so in the past, when there was no opportunity to learn programming from the best institutes, they learned everything on their own and hacked websites and programs. Hackers were interested in how the program worked, so they thoroughly studied the code and made similar programs themselves.

Nowadays, hackers are considered criminals who do not know programming, but they even hack government agencies. There are many “hackers” who are not hackers, but lead a similar lifestyle and happily include themselves in the list of criminals. Even inexperienced “hackers” can harm your computer or website, so you need to have good antivirus. Inexperienced programmers work easier - create malicious script, and then send it to a website or computer under the guise of a normal program, and they don’t even know how this or that program works.

It is unlikely that in your life you will meet a truly experienced and effective hacker who knows the operating principles of the OS, programs, codes, and so on. Experienced hackers do not talk about their activities; most often they work alone, since the responsibility for their actions is too high.

5 steps to become a real hacker

1) Be patient, you must have an analytical mind and realize that mastering any skill will take time, possibly years.
2) Study at the institute at the Faculty of Applied Mathematics, of course, this will take time, but every famous hacker has this education.
3) Buy books on the basics of operating systems and programs, security systems and networks, but the choice depends on what you are going to hack. You also need to master cryptography and learn how to develop cryptographic systems.
4) You must understand encryption models, learn how to create encryption systems and ciphers yourself. Without this skill you will never become a hacker.
5) Read thematic magazines, there is even a magazine called “Hacker”. It is read not only by hackers, but also by ordinary users who want to learn the structure and functioning of programs. You should also visit hacker forums where people share their experiences and give advice to newbies. Of course, you shouldn’t ask dozens of questions, since no one will answer them - learn gradually.

Let me guess - you liked films about spies since childhood. You weren't particularly interested in studying, but your grades were okay. You grasped everything faster than others. And from your youth you were drawn to computers. Something inside you was drawn to the hacker community, but you understood that you were a good person and did not want to ruin other people's lives or end up in prison.

What to do, you ask. The answer is to become a white hat hacker so you can do all these illegal things without the risk of getting jailed, but while still making money.

I want to warn you right away - I am not an expert. I was only able to get a legitimate hacking job once (and I'm still doing it). But I worked a lot in other IT sectors, dreaming of going into security. As a result, I was able to communicate with a lot of people and read a lot of useful information.

Does not exist universal method getting your first job in information security. Recently, Twitter launched the hashtag #MyWeirdPathToInfosec, where you could read the stories of different people about how they got into this field. They were completely different - some had been to prison (not the best option), someone used to be a musician, some got a job right after college, someone was offered a job after hacking a company and telling a story about how it was done (I don’t recommend this option either).

The main thing is to look around - career opportunities often come from the most unexpected places.

My journey into cybersecurity

I remember my first “hacking” experience. I was about ten years old and learned how to save web pages locally. I went to home page Google, downloaded it and edited it in Notepad so that the text “Luke was here!” appeared on it. When I opened the edited page, I was delighted. I felt like I had fooled Google. Just look, FBI agents will start knocking on the door. Maybe I should tell my parents before they find out?

Still from the TV series Mr. Robot

In my time, there were no challenge sites for hackers. Then there was almost no information at all, at least I found little. My first source of information about hacking was Caroline Meinel's site called A Guide to (Mostly) Safe Hacking. The manuals were typed in Comic Sans, which is considered a sign of bad taste among designers from the nineties and zeros. Among them were such classic guides as "Telnet: the main tool of hacking" and "How to hack with using Windows XP part 1: the magic of DOS." They can still be found on the site.

After graduating from school, I got a job in the IT field, started studying computer science, almost finished my education, but I was expelled. Then he became a bachelor of music and began working as a musician. I performed on cruise ships for a few years, then met my future wife, went to the UK, got married, returned to Australia and got a job as a web developer.

All this time, my love for hacking did not fade. I never liked development. I had a great job with great colleagues, but it didn't give me any emotion. One day I was working on a project related to e-commerce and sensitive information, and my boss suggested that I take a course on data security. I wrote to the CEO of a local cybersecurity agency and asked what courses he could recommend. He advised me to get OSCP certified, which I did.

Still from the TV series Mr. Robot

This was perhaps a turning point in my career. The training took two months. and I devoted all my free time to studying the art of hacking. Even when I was tired, I couldn't sleep at night because my mind couldn't stop thinking about tasks. Then I realized that hacking, not development, would become my job.

A month or two after passing the OSCP, I took the online hacker challenge and landed my first job at a cybersecurity agency through a recruiter who posted the challenge.

But enough about me. Here are some tips on what you need to do to get a job as a hacker.

Engage actively with the white hat hacker community

Contribute to the development of tools with open source, write your own, record podcasts, attend hacker conventions, and talk to people on Twitter. You'll learn a lot and meet a whole community of friendly, smart people who can help you.

Write to those you respect

Perhaps you know someone who works in your dream job. Write to them and find out how they achieved it. At worst, you will be ignored, and at best, you will find a mentor and receive important advice that can change your life.

Still from the TV series Mr. Robot

Earn Trust

You may have all the hacker certifications out there, but if during an interview you enthusiastically talk about some illegal deals you've done, no one will take the risk of hiring you. The white hat hacker community often works with top secret information, so employers and clients need to trust you.

If you can’t answer a technical question during an interview, it’s better to say “Sorry, I don’t know, but I’ll definitely look for the answer later” than to try to bluff. The recruiter will see through you, but he needs an honest employee. There aren't many great cybersecurity specialists out there these days, so many companies can hire even a less experienced person if they have the right mindset and attitude. For such an employee, additional training in technical skills is then simply provided.

Get certified

To be honest, many hacking certifications are not a measure of technical skill. However, their presence increases the chances of employment. Certifications show that you are interested in the industry and have spent time and money improving your knowledge.

Take part in challenges

Try some of these from HackerOne, BugCrowd, hackthebox.eu. And be sure to write about your successes on your resume. From the outside, all these challenges may seem like a game, but completing them shows that you are interested in your business and you have some skills.

Still from the TV series Mr. Robot

Don't be afraid of recruiters

Recruiters have a bad reputation for constantly calling and using cunning methods to get the contacts they need. But not all recruiters are like that. Find a good one with the right connections. In particular, you need to look for someone who specializes in the industry information security. Most likely, an ordinary IT recruiter does not know the right people.

Channel your current work in the right direction

Are you a developer? Find a bug in the app you're developing, show it to your boss, and ask for more extensive security testing. Do you work as a system administrator? Find a vulnerability in your network (you probably know where to look for it), inform your superiors about the danger and ask for further testing. No matter where you work, you can earn a reputation as a local security specialist.

You can now say on your resume or in an interview that you were a security specialist, even if your official title was “developer.” You can also mention in the “responsibilities” column that you performed some security tasks.