“How did you start ?
what Os do you use?
Can you hack my **** facebook ?
What are the steps?”noobs
This is some of the few questions I get from starting cybersecurity enthusiasts (usually referred to as noobs). I won’t say I was never there. I was once a noob with similar questions. I also approached a known “hacker” and asked him to be my mentor asking for the steps. I’ll quote what later I learnt from him.
“There’s no single procedure to get into any profession especially a Technical one that doesn’t involve practice and research, and most importantly the drive within.”Shellcode
Get your facts right
Many people run to cybersecurity with the mentality that within a few years they will be the next Kevin Mitnick that they’ll get the ultimate hack and go underground. If you are one of those people, let me bring you back to earth “That ain’t happening”.
Cybersecurity or information security is not about accessing your boyfriends or girlfriends Facebook or WhatsApp account it’s not about getting access to a bank and stealing millions of dollars, there is more to it than just that so get the facts right.
Know exactly what you want
“If you don’t know what you want avoid what you don’t want, that in itself is a good start.”
Yeah who doesn’t want to know how to hack. But what do you want to hack and why do you want to hack. Cybersecurity or hacking is very broad so know where you want to focus your attention. When we think hack we think steal, wrong I don’t disregard the fact that cybersecurity or info security entails gaining access to systems and there are those who do so with malicious intentions, yeah that’s true but what we leave out is that it also entails securing vulnerable systems and there are those who do so legally.
Info security is also a career. Yeah, we have those people who get paid to hack into systems or spread awareness on different security mechanisms. There are also those similar to freelancers known as bug hunters who conform to bug bounty programs like Hackerone
Get the basics
The importance of introductory courses and basic computer knowledge is never stressed enough. I remember I hated reading articles that were labelled introduction to or for beginners just to go back to them later in life. Learn the basic operations of a computer, networking protocols and the overall architecture.
I know you might think its a waste of time, maybe you have read other articles saying start by installing Kali Linux operating system, learn a programming language, start with online CTF and so on. I respect their opinion but you can never be a plumber without getting your hands dirty first.
Wait, what? Yeah, information is power and I commend you for taking your time to go through this article, cause articles are a rich source of information.
Also, join the various tech communities. Having people who are passionate about the similar thing you are into is one of the irreplaceable gold mines in any tech-related field for you can never know everything. You can ask questions but the rule I always use is google before you ask. Google is the best friend of pentesters and programmers for that thing you are trying to do the possibility of it already being done is about 90%
Learn and Learn and Learn
You may have heard people say if you are to get into Cybersecurity you need to learn programming. This is pretty true or I would say obvious but they also list down languages they think is the best according to me that’s wrong or rather spoonfeeding.
If I tell you python is the best language to begin with you will end up with that mentality hence being close-minded hence limiting to the possibility of exploring and even coming up with your own ideas and methodologies. No language is the best for anything, with programming anything is possible so learn and learn and learn all you can in relation to what you are doing an android pentester (hacker) needs to learn java but you were told to learn python see what I mean.
Research and Practice
After knowing exactly what you want let’s say web pentest and learning all the basic protocols and web technologies. Research on the various exploits the best source I have come about is medium, it contains a boatload of write-ups.
Practice what you have learnt at least two or four hours a day. Don’t be stupid and practice on sites or machines you don’t have authority over or a “Get out of jail” card.
There are multiple sites like hackthebox and several virtual machines you can practice on.
Share the love and join our Telegram channels