So you want to be a [Hacker/Pentester/Red Teamer]

Come here, have a seat, let’s have a chat about this whole “I want to become a hacker” business.

Feb 18, 2018 · 5 min read

In this article I will be discussing a topic that I get asked quite frequently. The eternal question of “How do I become a hacker” or some variant around it. It is not meant to be a full and extensive guideline or framework about becoming an elite hacker, a master thief and so on. It’s an introduction and pointers towards the right direction.


Now that we’re done with the introductions, let’s get serious about it. Are you for real? No seriously, in all my years so many have come to me asking for advice, and I see them giving up half way. The best advice and warning though I can give you is that it sounds sexy and fun but it’s really hard to master and most people will give up. I’m not trying to be elitist or anything. It’s the stupid reality and I wish it wasn’t that way. If I can do something please, just talk to me, message me, grab me and buy me a coffee, I’m open to help!

All said and done, it’s just that the main element required is passion and determination. When I have someone saying they didn’t have “time to study and practice” then I know it’s a dead-end for them. Wait until have to worry about a wife, children, work stress on top of everything, wait until shit finally gets real! — Find the time!

But don’t be deterred, this is meant to be a pep talk as delivered by a Drill Sargent.

Certifications and credentials

Let’s start with a goal in mind, that usually helps as a motivation. Overall the best course and certification you can do is OSCP delivered by Offensive Security. Definitely a good starting point and although pricey a good investment. Offensive Security as an organisation is quite unknown outside the core of the infosecurity community but on the other hand OSCP as a certification is in every hiring manager’s playbook. Another set of certifications, albeit UK-centric and quite pricey are those delivered by the CREST organisation. CREST is simply put the member’s club you need to be part of to do any sort of infosecurity work in the UK. There are chapters outside the UK such as Singapore, Hong Kong, Australia and even the USA but a bit removed from the shiny CREST aegis within the UK. Also CREST certifications are more centered around organiations than individuals.

If you look at the syllabus from either Offensive Security or CREST you can get a good idea of what’s required to get there. To close this certification chapter and to declare full impartiality, it is worth noting that in other nations such as the Netherlands or Japan, (two places I’ve called home) certifications from the point of view of a hiring manager or a government are completely and definitively not a prerequisite. To quote (most likely not in Verbatim, but I promise close enough) one of the best CISOs I even worked with from a Dutch multinational bank,

“Do you think hackers come with university degrees and certifications that cost thousands of euros? I know that some sixteen year old in his bedroom can still cause serious damage to my organisation. So when I’m looking at who to hire to hack me, I couldn’t care less about certifications.”

Let’s get dirty!

In the meantime I do not like to study for the sake of studying. I’d rather be learning by example; find a question and try to figure out the answer while learning the new skills required to answer it. It might sound too pedestrian but it works especially for those with a hacker mindset.

So have a look at the following resources:

Hackthebox labs interface — So many machines to hack, so much to do! 😍😭

Especially Hackthebox.eu is an amazing resource. If you can do the challenges there you’re already at a good level! If you can do the “Rasta Labs” challenges as well then send me your CV!

OSI can go🖕itself!

Oh, a lot of people will tell you that you need to learn the fundamentals of networking and application design. OSI models, and other snobby snooty IT bullshit, etc. Feel free to ignore all of that young apprentice! Any computer science graduate will think I’m being sacrilege right now. Well, yes I am and no I am not. In a time of abstract virtualisation environments (Amazon Lambda, Ethereum Virtual Machine, etc.) and software defined networks; in a world where the pure concept of what is actually real and what is virtual, what is behind the “cloud” and where the hell is this “cloud” anyway, I want someone, anyone to just go on and please explain to me how is Layer 2 versus Layer 8 of any importance to someone who is starting to hack today? And no don’t get me wrong, I do not mean disrespect in regards to pure fundamental knowledge about how networks work, sure even the young apprentice reading this will get there at one point or another. I’m purely saying that the model of what belongs where is rapidly changing and for so many reasons it’s really not necessary to actually know these things as a prerequisite to get hacking!

To get hacking, get building

It might be my entirely hands-on, non-academic, blue collar, coal mining, sheep herding, working at a warehouse in Pontypridd upbringing coming out of the closet again but honestly, you’re better off designing a small network lab at home and building a small Windows Domain so you can learn from that. You may also want to build your own router/firewall using some variant of Linux instead of using your broadband provided router. Maybe try using RADIUS and WPA2 Enterprise instead of PSK at home (and what is that by the way?!). How about understanding what makes an RF (radio frequency) signal strong or weak, why frequency matters, what the hell is “bandwidth” anyway?! And while you’re at it just replace all of your Wi-Fi with an RJ45. Hold on a sec, what is RJ45 anyway? What is Cat5 and Cat6? What the hell does “shielded” mean?!

…You get my point right?!

Code is Poetry

Finally, you will want to learn at least one programing language and Python is the language to learn these days. Some, of the hipster, younger, bearded coffee drinking variety seem to like go-lang. Windows fan boys always go for PowerShell and that’s a very good idea by the way as a second choice. If you’re into the occult, virgin sacrifices, if you wear black lipstick and black nails and you feel that the world is just an illusion, Perl is your language!

Conclusions

Just go forth and hack. And remember, wax on, wax off!

Ari Davies

Written by

Director of Red Teaming, Extreme Hacking and Breach @ Deloitte — ($views == mine && $views != Deloitte) | ハッカー

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade