I am often asked how I became an ethical hacker, so I have put together three tips for those interested in becoming one. I can understand why there is so much interest in ethical hacking– it is a classic case of good vs. evil. In order to be an ethical hacker – a white hat - you have to understand how the unethical hackers - black hats – work. The topic interests a lot of people, not just security analysts and security professionals. It should be noted that the same three tips could help you become an unethical hacker as well. Please use your forces for good!
- Practice - As with many other types of skills, there's no substitute for hands-on experience when it comes to becoming a better ethical hacker. There are many great free resources on the net that I've used to improve my skills. Aman Hardikar has pulled together one of the best collections of ethical hacking and pen-testing resources. He provides links to dozens of Capture-the-Flag-type sites where users’ skills are tested in progressively more difficult scenarios. He also provides links to virtual machines that can be set up in a practice lab, as well as other great training resources.
- Read Books, Not Just Blogs – Books on ethical hacking explore the topic at a deeper level than blog posts. I recommend "Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses", by Ed Skoudis and Tom Liston. Ed is one of SANS top course authors and instructors, and I personally find his writing smart and engaging. His book is perfect for anyone with security/OS/networking knowledge that wants to understand how hackers do what they do.
- Get Involved with Online Forums - There are hacking forums for white hats, black hats and even grey hats. I recommend spending time in all of these forums (yes, even the black hat ones). Most of these forums are full of great info and how-tos covering SQL injection, XSS, command injection, reconnaissance/information gathering, scripting and countless others. You can learn a lot about AV-evasion, bot-for-rent services and available hacking tools. You’ll be shocked to see how easy it is for low-skilled black hats to get access to these tools and tutorials, so it is important white hats keep up-to-date to combat them. There are many great forums out there, but one in particular I’d recommend is hackcommunity.com.
Those are my three tips for sharpening your ethical hacking skills. What are some of your favorite resources for keeping up with black hats? Comment below.
