How to get in cyber security and where to start
A friend: “How do I get into cyber security?”
Me:
Where do we start
Where do you want to go?
Just like IT is a broad topic (and I mean very broad), same goes for cyber security. You cannot be an expert in every aspect of security. However, it’s not a bad idea to have some general knowledge of various topics. It’s actually highly recommended so you can think outside the box by combining things in a way it’s not meant to be used.
What are your career plans?
It doesn’t matter if you are an IT guy looking for a career switch or if you are still a student. It’s important to know where you want to be in a few years. That will help you in working towards your goals and getting the right certificates.
A great website to map out your career jobs is cyberdegrees. You can select what you want to become and which certificates and courses are relevant.
To have an idea of your loan, payscale is a great website to check that.
Which knowledge is needed?
Basic knowledge and understanding about networks and servers is a must. Without these, you will not be able to get into security. Yes it will cost you some time to learn this, but you simply cannot do this without that knowledge. Below are some links to get you started, but keep in mind that actually doing it (making your hands dirty) is much better than binge-watch infinite amount of playlists on youtube or Pluralsight. When watching a video, try to poke around and actually execute the commands they used in the video’s.
- Linux general knowledge: Linux Essentials course on PluralsightΒ or a video playlist on youtube
- Linux command line knowledge:Β linux-cli-fundamentals course on Pluralsight
- Networking general knowledge: TCP/IP and Networking Fundamentals for IT Pros on Pluralsight
What programming language do I need to learn?
You don’t have to know programming languages in depth to be able to audit the security of a program.
To avoid discussion: Yes, you will find more vulnerabilities if you know the language in which the application is written. But it is not required to just start pentesting it.
Many of you have a background in some language, that’s certainly a plus. But you don’t need to learn a few languages before you can start with security.
However put python somewhere on your personal roadmap if possible. Many hackers swear by it because the scripting and automation potential is enormous. I haven’t learned it in depth myself because I keep procrastinating (don’t judge, I am a human being like anyone else). A good book which my colleagues recommend is: “Black Hat Python: Python Programming for Hackers and Pentesters“.
What operating system should I use?
There is Windows, Mac, Linux and some others. Personally I have no preference for one of these. They all have their pro’s and con’s. Before you start bashing about the security of Windows: yes it is true that in the past there were serious issues with critical Windows vulnerabilities. But with the latest updates on Windows 10, they improved a lot. All operating systems have vulnerabilities anyways.
As mentioned before, it’s a must to learn Linux. Everybody has it’s own opinion on which Linux flavour (Ubuntu, Mint, Fedora,…) is the best. But if you are just starting out, I should recommend Ubuntu Desktop.
The next steps is to learn how to set up a webserver (if possible, skip Apache because NGINX is taking over marketshare and it’s lighter on resources). Head over to the ubuntu website and download the Ubuntu CLI (Server) version and install it in a Virtual machine. To host your virtual machines, I recommend virtualbox (which is free to use).
Google for: “install ubuntu server 16.06 in virtualbox”. Change the OS and OS version accordingly.
Google for “set up a web server NGINX ubuntu 16.06”. Change the OS and OS version accordingly.
You will use virtual machines a lot in security, so make sure you are comfortable with linux servers and virtual machines. You may want to investigate malware, run certain scripts in a sandboxed environment or you want to poke around with some Capture the flag challenges from VULNHUB. I recommend the VULNOS series byΒ “c4b3rw0lf” (which is someone I know in real life).
Kali Linux
If there is one thing you should remember from this blogpost, it’s this one: Kali Linux. This is the most advanced penetration testing distribution at the moment of writing. Kali Linux is basicly a debian OS, but stacked and filled with hacking tools pre-installed. It’s also running as root because most actions you will do on Kali require admin rights π
This distribution is frequently ran inside a virtual machine for easy of use. Keep in mind that Wifi hacking and network scans are more difficult due the limitations of virtualisation. This can be solved by using an external wifi or network adapter.
If you are new to Kali Linux, make sure to follow a few tutorials to get your hands dirty.
News and informationstreams
Today it’s a challenge to not be swallowed by all the information we are thrown to our heads. We all have our sites we check on a regular base, and to just add a few extra on the list will not make your life simpler.
However, one advantage of keeping up to date with (security) news-site is that you are unconsciously making clear where you want to go. You read more articles of things you are more interested in. You remember articles and topics better which amazed you the most. Use that trick to see a pattern in your own search behaviour. Are you reading more articles of IoT? Start looking for more individual hackers posting their findings on hacking fridges and IoT stuff. Are you more a mobile guy? Start looking at XDA and … More interested in datadumps and general hacking? Start following Troy Hunt.
People to follow on Twitter:
- Troy Hunt: Pluralsight author. Microsoft Regional Director and MVP for Developer Security. Online security, technology and βThe Cloudβ. Creator of @haveibeenpwned.
- Nicolas Krassas: a news-feed with all info related to security
- Internet of Shit: a satire account which laughs about today’s shitty implementations of IoT devices
- MalwareTech: tweets which you will more and more will understand as you get deeper into security. His sarcasm is amazing.
Security resources
First of all, by using “specific keywords” on Google you may find many books and resources for free. Keep in mind that cheap and legal alternatives exist and contain the latest versions of these resources. Amazon Kindle ebooks is a subscription which allows you to read all your books for democratic prices. Pluralsight is something I extremely recommend for both learning a programming language as well the security courses.
Videos
I highly recommend video’s from Troy Hunt on Pluralsight Troy Hunt. He manages to explain complex security on an beginners level, with a real hands on approach. You may know Troy Hunt fromΒ haveibeenpwned.com, he is the creator of that website.
Links
- Awesome Hacking List: A collection of awesome lists for hackers, pentesters & security researchers.
- Awesome Hacking: A curated list of awesome Hacking tutorials, tools and resources
- Awesome Web hacking: This list is for anyone wishing to learn about web application security but do not have a starting point.
Security books
- The Hacker Playbook:Β Practical Guide To Penetration Testing
(More to come soon)
Blogs and websites
- Security Affairs: security news-site with also interviews with hackers.
- Krebs on security: in depth security news and investigation.
- Troy Hunt’s blog: blog mainly focussed on data breaches and IoT. However, several different topics surface once in a while.
- Reddit Netsec: interesting links and topics passing by. Also check the Hire thread, it may be useful for finding a new job.
Bug Bounty
A bug bounty program is a deal offered by many websites and software developers by which individuals can receive recognition and compensation for reporting bugs, especially those pertaining to exploits and vulnerabilities. Below are some platforms which offers a way to submit their bugbounties.
- HackerOne:Β a vulnerability coordination and bug bounty platform that connects businesses with cybersecurity researchers. You can learn a lot by reading the public write-ups and findings.
- Bugcrowd: connects organisations to a global crowd of trusted security researchers.
Practice material
- Hack this website: hack This Site is a free, safe and legal training ground for hackers to test and expand their hacking skills.
- DVWA: a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment.
- The Juice shop: Juice Shop is written in Node.js, Express and AngularJS. The application contains 47+ hacking challenges of varying difficulty where the user is supposed to exploit the underlying vulnerabilities.
- theZoo: a project created to make the possibility of malware analysis open and available to the public. BE CAREFUL!
- Awesome CTF: a curated list ofΒ Capture The FlagΒ (CTF) frameworks, libraries, resources, softwares and tutorials.
Open Web Application Security Project
The Open Web Application Security Project (OWASP) is a worldwide not-for-profit charitable organisation focused on improving the security of software.
It will be your go to website for all standardisations and information around hacking.
The most famous project is the “OWASP Top 10“: it’s a powerful awareness document for web application security. It represents a broad consensus about the most critical security risks to web applications. However, this can be a bit overwhelming at first. You might find this a better start.
Other interesting projects are:
- the “OWASP Mobile top 10“: the same as the previous one, but focused on mobile applications.
- the “OWASP Internet of Things project“: we all know how bad the IoT security is, this tries to give guidelines and testing methods to mitigate that.
Let’s gear up
Security hardware
The most known hardware hacking shop is the Hack5shop:
Pineapple: a device which let you perform various wireless hacks. Man in the middle, fake access points, evil twin attack,… All in a graphical user interface.
My personal experience: fun for a day, ends up in the shelf and after a while you realise it’s not worth the money because you can do the same in kali.
Rubber ducky and bash bunny: a keystroke injection tool disguised as a generic flash drive. Computers recognise it as a regular keyboard and accept pre-programmed keystroke payloads at over 1000 words per minute. The Bash bunny also has network related injection tools.
My personal experience: worth the money, also ends up in the shelf but at least you will use it to prank friends and colleagues. Use the -beers on me- slack script to end up with free beer or just a bad relationship with your co-worker. Also check the Mr. Robot script, it’s awesome that it really exists.Β
Bottom line: Will these tools make you a better hacker? No. It will however, make the learning process more fun and that can be a good reason to buy these. Ultimately, the learning process may be boring and hard at some points. Therefore a hardware tool that can cheer up the process can be an extra motivator.
Also keep in mind that many other devices (like antenna’s) sold in that store can be found much cheaper on Amazon.
Security software
Maybe you already did some research and you remember paid tools like “Burp Suite Pro”, “IDA pro”,… However, piracy is not the answer where. The community has lots of free tools available. Paid versions are tempting to obtain by using a crack. Most pirated security software is backdoored so you likely just end up fucking up your own opsec. If you really disagree, use a virtual machine for it to limit the damage (keep in mind that your network and even host can still be exposed).
I don’t want to list which tools are best for which task. Every hacker has it’s own arsenal of hacking tools and scripts gathered over the years. However, if you have zero clue on where to start, here is a good starting point:Β https://awesomehacking.org/
Make sure you first master the basic tools in Kali before you go trough these.
Improve your own security
I don’t need to express why it’s important to not get hacked as a security expert. It just destroys your credibility.
Piracy
Don’t use pirated software on your main machine. Lot’s of pirated software contains malware or at least a backdoor. The days “cracking for glory and streetcred” are over. It’s just to easy to earn money with distributing malware, which is the main reason why this is so frequently done in pirated software.
No pirated software includes:
- Installing cracked games for “more ingame coins and XP” on your phone. There are easy to use scripts to put a backdoor in APK’s , so don’t be surprised it happens so frequently.
- Using a cracked windows. Windows 10 doesn’t require a license anymore. The only “irritating thing” that differs from an activated version is the Watermark in windows 10. Which doesn’t matter in VM’s used for security or testing.
- Using cracked software licenses (don’t even think about cracked Antivirus, it’s just as paradoxical as it can be).
Two Factor Authentication and password manager
Use two factor authentication (2FA) everywhere where you can. 2FA list of websites is a list of websites which support 2FA. Even if your password appears in a data-breach, hackers cannot log in with your password when 2FA is enabled. The password is “rendered useless”.
Check if your email account appears in a data-breach Hacked emails. Then you will probably understand why it’s important to enable 2FA.
Use a password manager to store all your uniquely generated passwords. Don’t use the same password. Just for the simple reason that if your password leaks out, bad actors will try your email and password on other services. When you use the same password on multiple sites, they can log in with these credentials.
I use 1Password, but there are also things like keepass (free).
Use adblockers
Some people are against it because it ruins the cashflow of certain websites. Honestly: the internet has fucked up my experience with ads over the years. It distracts me (my job is mostly on the internet, so I don’t want to be distracted during my job by irrelevant shit). Ads contain malware, and can even deliver 0day’s. The currently best adblocker in my opinion is “uBlock origin” or just use a pihole to secure your entire network (including your iPhone which cannot have a system wide adblocker). Popular adblockers like “adblock plus” are getting paid by advertisers to allow certain ads, so try to avoid these.
Nobody is going to jail for 5 dollar/month
A VPN is cool: you can do what you want because it “hides your ass” (pun intended). Wrong.
Nobody is going to take full responsibility for all your actions on the internet, just for 5 dollar/month. If there is a 3 letter agency knocking on the door, you are not going to stand up and facing jail for a random dude on the internet.
A VPN will hide change your IP, and it probably makes tracing you cost a bit more effort (which is in most cases enough to stop searching for you). But depending on your committed crimes, they will put more effort in tracing you (filling in a warrant template and send it to your VPN provider) and they will find you.
Cody Andrew Kretsinger, a 23 year old from Phoenix, Arizona (USA) is now facing 15 years in prison after being arrested by the FBI, an alleged member of malicious hacker group LulzSec in which he used the moniker βrecursionβ, he is believed to be involved in the hacking of Sony Pictures Entertainment servers using a SQL injection to obtain confidential information and post it on the Internet, British based Hide My Ass VPN Β handed over his home IP on receiving a court order, according to the indictment Cody Kretsinger Hide My Ass VPN username was βrecursionβ, the same nickname he used in the hacking group, allegedly he also completely wiped clean his computer hard disk after hacking Sony Pictures.
You can use an independentΒ VPN comparison website, but keep in mind that no VPN is 100% safe to use. To make things worse, all major VPN providers use publicly known VPN keys, which can be/are used to decrypt your traffic.
(Source:Β Twitter)
Although it’s “good enough” for regular piracy, don’t assume immunity while using it for hacking.
DOX yourself
What can you find about yourself? What can a hacker find of you? Do a full dox on yourself.
- Google your own name (obvious, but just do it).
- Google your own username and Google that username again.
- Try to find your own email address in the search results. If you find one, you need to make that disappear by either removing that profile or updating it so it’s not visible anymore.
- Feel ashamed when you find your 14 years old self on a random blog and maybe remove that post.
- Google your phone number and email addresses. If it got linked to your name, try to break that link by updating your profile on that site.
- Input your email addresses on hacked-emails. If you are breached, go change your passwords now.
- Go to your facebook, copy the username in the URL and paste it onΒ Graphs.Tips. It displays even the pictures you “hide” on your profile, but can be visible by others using these kind of tools. Good time to actually remove them and update your privacy settings.
- Use a tool like “Cree.py” to stalk your locations on your Instagram. Keep in mind that this tool may be broken due the lack of updates. But worth a try.
There are many other things you can do, but these are the basic things. Privacy is often overlooked.
Use an Anti Virus security solution
Everybody has it’s own opinion on which AV is the most secure. If you want an independent review and comparison, check this AV test. In addition to an Anti Virus solution, I highly recommend Hitman Pro Alert. It’s a complementary AV, which means it runs by the side of your current Anti Virus solution. I really recommend it because it protects against bad USB attacks (rubber ducky), exploits and ransomware. For mac I recommend Littlesnitch, it requires some fine-tuning but is the best firewall solution for advanced users on Mac.
Don’t use TOR (and especially the TOR browser) on your main machine
The websites on TOR are not regulated or protected by features like google safesearch and malware protection. Chances are much higher you will get infected on the dark web than on the “normal” web. Therefore, don’t install Tor straight on your daily used device.
It’s much better to use a VM with an OS like Tails. However, running a Virtual Machine is still not perfect: if your host is infected, it may be screenrecording or keylogging your actions in the VM.
Feedback
Any feedback on this article is welcome. This can be a handy link that I should include or something which you strongly disagree (which is perfectly possible due this article being based on my experience and opinion).