By: Nihad Hassan
January 26, 2022
How To Learn Ethical Hacking On My Own
By: Nihad Hassan
January 26, 2022
The advancement of computing technologies and the proliferation of the internet worldwide have shifted a significant part of people's daily lives into cyberspace. Organizations of all types and sizes increasingly utilize digital technologies to conduct and support most of their work operations. The massive shift to cyberspace has brought numerous benefits for individuals and organizations, but it also introduced serious security problems concerning protecting sensitive data and other digital assets. Criminals have ridden the digital transformation wave and transferred most of their criminal activities into the internet.
Organizations are now deploying different security solutions to protect their data and network from cyberattacks, such as Firewalls, SIEM, and IPS/IDS. However, the best method to fight against cybercriminals is to think like hackers using their tools, methodologies, and attack tactics. By gaining this knowledge, cyber defenders will remain one step ahead and mitigate many devastating cyberattacks.
This article will shed light on the ethical hacking concept and discuss how someone can prepare to become an ethical hacker on its own without following a specific ethical hacking certification path.
What is ethical hacking, and why is it increasingly in high demand?
Various terms are used to refer to the "ethical hacking" concept. Such terms as Red Teaming, Penetration Testing, and white hat hacker. Ethical hacking uses the same black hat hacker's techniques, tools, and methodologies to legally infiltrate networks and other computer systems. The aim is to test the security of target organizations' devices and networks, discover security vulnerabilities, and close them before they get exploited by cyber attackers.
Learning ethical hacking has become very important to counter today's advanced cyberattacks. For instance, ethical hacking skills help cyber defenders to:
Understand black hat hackers' minds and how they think when planning and executing their attacks.
Learn about the latest attack methods and tools utilized by cybercriminals, so they can better plan security defense.
Help secure sensitive data and mitigate data breaches that lead to significant financial and reputation losses. According to the Ponemon Institute's 2020 "Cost of Data Breach Study," the global average for a data breach is $3.83 million, while the average cost of a data breach in the US is $8.64 million.
Ethical hacking helps discover design flaws and any design errors in software applications or misconfigurations errors in software and hardware devices.
Is ethical hacking legal?
Yes, as long as you have obtained the necessary authorization from the principal entity (individual or organization) to infiltrate their computer networks and other computer systems and applications.
The outcome of an ethical hacking assessment is to determine weak points and security vulnerabilities and work to close them before they get exploited by malicious actors.
Popular ethical hacking certifications
The best method to learn ethical hacking is to follow a proper certification path; this helps you follow an asymmetrical approach to learn the ethical hacking domain's skills, technologies, and legal and compliance issues. The following list the most popular certifications related to ethical hacking:
- Certified Ethical Hacker (CEH)
- CompTIA PenTest+
- Global Information Assurance Certification (GIAC)
- Offensive Security Certified Professional (OSCP)
Key ethical hacking topics
To begin your journey in ethical hacking, there are several essential skills that you should master. Here are the top eight skills any serious ethical hacker must know about.
Mastering Linux is essential to execute many security and penetration testing tools. Understanding Linux console commands, networking and managing files within the system, and some shell programming are insensible skills for ethical hackers. Many Linux distributions are designed for penetration testing and come pre-equipped with a plethora of security tools, such as:
The ability to find information online is a critical skill for ethical hackers. Gathering intelligence from publicly available sources is also known as Open Source Intelligence (OSINT). Before conducting any penetration testing exercise is online reconnaissance (or intelligence gathering). During this phase, the attacker, hence the ethical hacker, will search the internet to find any information to help him find an entry point into the target network. OSINT involves passive reconnaissance only; however, in ethical hacking, you may need to conduct active reconnaissance as well, such as using Nmap to scan the target computer network.
Familiarity with some programming languages
You do not need to be a programmer to learn ethical hacking, but knowing how to program will aid you when executing some security programs or design scripts to automate some repetitive tasks.
Python is a popular general-purpose, high-level programming language. It is an open-source language and comes with rich libraries for various hacking and security tasks.
Know how the database works
IT systems, especially content management systems, are run on databases. Many cyberattacks are executed to compromise data stored in databases. There are also many database-specific attacks, such as SQL Injunction. Knowing the various databases engines and their scheme is another skill ethical hackers should master.
The most critical skill for ethical hackers is knowing how computer networks work, in addition to the various network devices and other network security solutions, and how they all interact to defend against cyberattacks.
Social engineering attacks remain a top concern for organizations. For instance, 98% of cyber attacks rely on social engineering. A well-crafted social engineering attack can penetrate the most secure network. This is why learning how SE attacks work and the different methods criminals employ to craft and disguise their attacks are essential to know legitimate, ethical hackers.
Understanding how security solutions works
Ethical hackers should understand how to evade security solutions, such as antivirus, IDS/IPS, and firewalls. Ethical hackers should have the necessary theoretical and practical knowledge to know the different types of detection employed by antivirus (signature-based and behavioral-based detection), so they can craft their attacks to surpass them.
Knowledge of computer security attack tools, such as password cracking tools and network sniffers, is also necessary. The ethical hacker needs to use the same tools black hat hackers utilize to break into protected resources.
Understanding of Vulnerability Analysis
Ethical hackers should know to perform vulnerability scans of servers, endpoints devices, wireless devices, and Internet of Things (IoT) devices to discover security vulnerabilities and outdated programs/unpatched operating systems. The vulnerability scan is limited to scanning the target organization's IT environment. For instance, other components such as third-party providers must also be inspected where necessary to discover security gaps.
As a part of the vulnerability scan, ethical hackers should work to discover any errors in work processes that can lead to security vulnerabilities – for example, using the same password for more than three months should be prohibited.
Learning ethical hacking involves knowledge of various security tools, attack methodologies, and deep general knowledge of computer operating systems and networks. The continual advancement in computing technology makes the ethical hacking profession very challenging, as new digital technologies emerge every year. Black hat hackers and other malicious actors are constantly developing new ways to infiltrate modern solutions, requiring ethical hackers to remain top-notch concerning technical skills and security mindset.