There is so much potential within the field of hacking. You can keep on learning forever and never get bored or do the same thing over and over while earning some nice rewards. So how do you become a hacker? Where should you start? What steps do you need to take and what should you avoid?
In this article, I’m going to try my best to answer these questions, because after all I became a hacker in one year — but first, let’s break down what a hacker is so we know what we’re working towards.
What is a hacker?
I think that every hacker is unique and has their own skillset, so let’s avoid giving some cookie-cutter definition and instead focus on the attributes that make a good hacker.
Hackers are creative
As a hacker, you’ll find a lot of new problems but not many answers. This is a blessing and a curse at the same time. A curse because you won’t always have someone to help you find the answers but a blessing because you’ll have the chance to do some trailing blazing with a bit of out-of-the-box thinking. This means you’ll need a lot of creative thinking. And this creativity is needed in all aspects of hacking, from bug bounties to Penetration testing to malware analyst, every hacker needs to be as creative as a graphics artist.
Hackers love to solve problems
I think one of my defining aspects of being a hacker would be my need to solve puzzles. It's an itch I have to scratch — yet it didn’t start out this way. As humans, we try to remove the boredom in our lives with constant entertainment or simply changing from one task to another. Yet by doing this we neglect a small but powerful aspect of the human mind. I found that when I don’t avoid or neglect my boredom I begin to see problems where others have trouble seeing. I started to see puzzles and solutions simply because I wasn’t avoiding this state of mind. Over time, I learned to enjoy the process of discovering new puzzles (and solving them), even if they were discovered during a boring task. Embrace the boredom!
Hackers fight the established order
This topic may sound like all hackers are pure anarchists who love to fight the government but that’s not what I’m talking about. A long time ago I read this statement, "Trust, but verify" — and it stuck with me ever since. I don't like to be told that stuff works a specific way simply because it’s known to work that way. When you question things you tend to find vulnerabilities that others have overlooked or simply not even considered. You should question everything, even me! This was my mentality when I first started hacking, and it’s exactly what led me to discover things I would have never thought possible, all because I chose to ignore my gut feeling of how a system worked.
Hackers are (usually) very competent
Hacking is more than executing a script and calling it a day. Our trade requires a lot of passion even for the things we don’t care about. Hacking is a symphony of multiple areas of knowledge playing a beautiful song, but to know what to play as a whole, we need to know how to play every instrument very well. It’s a niche and while I do believe there is training that can be followed for this, I also believe that there are some aspects you have to master but simply can't study for. This means that at some point, you have to dive in and pursue that thirst for knowledge on your own. This is what makes hackers into some of the most multi-disciplined and skilled people types of people I’ve met.
General steps to become a hacker
Cool, so now that you know what the attributes of great hackers are, let’s determine what skills you’re going to need. If you want to become a hacker you need to know what you'll specialise in, because there are a lot of jobs. Yet while the specialisation might vary, hackers all share some fundamental skills. Here are the basic skills you need to master to become a sneaky hacker like me:
1. Learn how to program
This part is essential. It’s not so much about the actual programming languages but more to understand programming concepts. If you can understand how something was designed then you’ll know where the vulnerabilities lie. I ranked the following languages in the order that I think you should learn first to last — I’ll explain a little bit about why I think these are so important.
HTML (And possibly CSS): While not directly applicable to hacking, it will teach you the basics of what the web is built upon and it's a great introductory language for those looking to create something visible in a fast way with a big tolerance for errors. A great addition would be CSS, to make those web pages shine!
PHP: PHP allows you to take your web applications from boring static websites to snazzy back-end driven workhorses. You’ll be able to create useful applications to store data and much more. The disadvantage of this language is that it will allow some things that stricter languages such as ASPX don’t allow. But given the fact that you can easily deploy a PHP application and get a bit more of an error tolerance is a major plus.
Python: Python is a generalist language that any hacker can use to whip up a quick script in a pinch. Python is multi-platform, which means that it will run on all operating systems that support it, but unlike other bulkier languages such as Java, you can run it much quicker. It's also less strict for the end-users but forces them to make their code clean and readable by its design.
2. Learn how to run and use Linux
This might seem daunting at first, especially if you are not used to using anything but windows. Well, get past that fear because Linux is pretty essential to hacking as many of the popular tools are built on Unix-based systems so many hackers stick to Unix for its open nature and customisability. You can hack on a Windows system, it’ll just be a little harder starting out since most tutorials and popular tools are written for Unix.
3. Learn the basics of networking
It is really important to know what goes on within a network. You need to learn how packets are being sent from one computer to another because eventually, you will need to learn how to interpret this traffic and analyse it carefully. This is why it really pays off to start with this skill early. I would highly recommend you start with the basic stuff like learning how to set up your own wireless networks at home. This can go beyond the basics as well, you don't have to stick to installing a wireless access point but you can try playing with things like your firewall settings and port forwarding. Once you are comfortable, start analysing other networks.
4. Read articles on hacking
Whatever image of hacking you have in your head, chances are it's wrong due to pop culture. We've grown up thinking hacking looks a lot like bashing on a keyboard. So to find the link between what you've been practicing on your own and what's real, it helps to read from the real hackers to see how their techniques have been applied in the real world. Don't let the complexity discourage you though. In the beginning, things will not make a lot of sense but as you read more, you will find that you will start understanding things that you did not before.
Now that we've covered a lot of the basics, it's time to look further into picking a specialisation. As I’ve stated before, there are a lot of aspects to hacking and I don't think one should rule out the other but it's good to start somewhere.
Choose a specialisation
It might seem like the choice you are about to make is final but nothing could be further from the truth. All of the options below are just an entry point into what is a very fluent field that can allow us to interact and learn things from other disciplines. I keep comparing hacking to science and I think my comparison keeps proving itself valid. Just like science we eventually need to know things from many disciplines to become a better hacker.
Web application hacking
Web application hacking may seem like a narrow field but it can lead to many options. You can either try your luck and skill level against other hackers in bug bounty hunting or we can go into more stable jobs such as penetration testing. The cool thing about web application hacking is that it will also allow us to go into either very functional exploits such as business logic flaws and very technical ones such as insecure deserialisation plus anything in between.
Hacking networks is very technical, if you pursue this specialisation, you could become a penetration tester or Systems Operation Center Management — basically taking charge of a network to secure, manage and respond to incidents. To get there, you’ll need to focus on network engineering with base certificates such as Cisco's CCNA helping to strengthen our knowledge, albeit with less of a focus on security and more of a focus on general network knowledge. As a security-wise hacker you can try sites like hack-the-box and vulnhub which allow us to practice our hacking skills and then go for security certificates such as eJPT and OSCP.
Analysing malware can be a bit more daunting but the rewards are much bigger. Hackers can look forward to a more specialised job in which learning will play a central role. To get here, we will have to focus more on static code analysis and decompiling applications.
From all of this, I hope that I was able to give you an insight into what hacking is and what it takes to become a hacker. It will certainly take some time but with dedication and hard work, you can break into this field. It's never too late to get started and it might take a while, but if you take one step every day, you can become a hacker in a year.