Learning how to become an ethical hacker can be daunting at first. Every page tells you to know everything about everything or else you’ll be a script kiddie.
But that’s not true!
Follow this guide from top to bottom and you’ll find yourself in the infosec field sooner than you thought.
This is a long guide, so you might want to bookmark it, read on, apply the steps and come back later.
Why should you listen to me?
I’ve worked as a Software Dev, and currently, I’m studying part-time with the goal to become an ethical hacker, while working part-time at an ethical hacking company.
I’m not some faceless hacker telling you stuff. You can watch me introduce myself here:
Become An Ethical Hacker
In order to become an ethical hacker, you’ll need to understand some things about everything and everything about something.
The key is to choose one topic you want to be very good at, and others you’ll just need to get the overall context. I created the quickies for this purpose.
So what do you need in order to become an ethical hacker?
Join The Community
Contrary to popular belief (ethical) hacking is a group activity. The first step you want to do, to become an ethical hacker is to join different communities.
Find a site, youtube channel, subreddit or BB where people talk openly about exploiting hardware and software with the same enthusiasm as you. Then start reading, upvoting or whatever and someday make your own submissions to the community.
Learn To Google
Googling will turn out to be the most useful skill in your journey to
- You’ll be on the edge of technology or scavenging through decades-old legacy stuff. You need to know how to gather
infoand research for the things you don’t know.
- If you encounter a problem chances are high, that another person already had that problem sometime in the past.
But how do you learn to google?
Luckily for you, I have a beginner guide on google on my blog. It includes and introduction to special features and even a 1 Week training plan.
Learn about Security
You’ll need some basic knowledge about Security Concepts. The CompTIA Security+ course and exam offer good basic theories and concepts for beginners.
If you don’t want to pay for the course or books, I’ve created a series of articles covering the subjects of the CompTIA Security+ certifications here.
Don’t forget to apply what you learn with the following steps in this guide:
Do some hacking
What would a ethical hacker be, without hacking. Just ethical, I guess.
Do some applied hacking challenges online for free and legal. You can do this on sites like hacking-lab.com,
If you’re to afraid to try it, or to lazy for that matter, don’t worry.
I have a lot of content on my youtube channel, where I show how to solve such challenges. Here’s one for you to get started:
These competitions usually are called CTF’s (Capture The Flag). The goal is to attack a vulnerable system and find a flag (password, file, anything) and disclose it.
Start by watching and reading a couple of Solutions to these challenges. But it’s important that you’ll start doing them one day.
Learn about systems
Learn about different OSes and what makes them different (or equal). Then choose one OS you like and become a
Some applicable steps to learn about systems:
- Set up a service (like a webserver)
- Start using virtual machines and install different OSes
- Edit stuff in those virtual machines and see what happens
- automate boring stuff using bash, or
powershell, or another CLI
- Try to fumble with configurations and look what happens
- Read Documentations, Google Questions
I like to use
If you fancy videos more than the written word John Hammond, a friend of mine that also creates hacking-videos on youtube, got you covered:
Learn Some Coding
You don’t have to be a pro coder to become an ethical hacker, but you should be able to build a website or an app in order to destroy it later on.
The basic concept of many languages is the same. It’s the implementation that differs, sometimes even syntax.
There are a different couple of paradigm when it comes to Progamming like:
- Object Oriented
- DataBases (SQL, Relational)
- DataBases (NoSQL)
Choose 1-2 paradigms and learn them (via coding in different languages). Choose to learn one well.
If you want to do
some hardware/ reverse engineering C and assembly are your friends.
They’re programming languages, but tend to be more “flexible” or prone
to errors, since you have to do everything yourself.
I would start with C and then do some more coding with a higher-level language like C# or (ugh) Java.
You don’t have to be a perfect coder, you should be able to
Learn How Networks work
Nothing goes anymore without some network
things involved. Learn the basic concept of different protocols. Use
your system knowledge to implement and configure Services.
Maybe do some socket programming in C or some web development, to understand how a basic
Focus on one particular subject you want to be good at (firewall config, socket coding, etc…) and become good at it.
A good guide to network/ socket programming can be found here.
Become an Ethical Hacker
If you’ve come this far, you should have a solid understanding
You’re able to fill missing gaps and learn new stuff fast using google. You should be able to write little scripts to automate tasks, know some basic concepts of networking and how a software works. You’ve even learned some things about hacking, on your road to here.
Now you need to learn about ethical hacking. This includes not only technical aspects
- How do I even start a Penetration Test
- What tools are involved
- What is ethical and what not?
These and more questions are going to be answered by my new series on YouTube:
If you enjoyed this post, make sure to subscribe to my newsletter.