The word “hacker” conjures up images of individuals in dark, dingy basements, breaking into servers or initiating ransomware attacks. It’s an exaggerated image that’s been portrayed time and again by the media, but it’s just one part of the hacking world.
In general, there are three types of hackers:
- Blackhat hackers (or cybercriminals you should be wary of)
- Greyhat hackers (or activists and people who hack for kicks)
- Whitehat hackers (or ethical hackers who help enterprises better secure their infrastructure)
With the rise of data breaches endlessly hogging the headlines, fortifying enterprise infrastructure calls for creative thinking and an unorthodox approach. This is where ethical hacking comes in.
Ethical hacking might be an exciting career choice, with many opportunities. But before you embark on an ethical hacking career, there are some things you should be aware of. This is precisely what I’ll share with you in this post, so keep reading!
What Is Ethical Hacking?
Ethical hacking is performed by cybersecurity experts hired by businesses to intentionally breach their systems. They specialize in penetration testing to figure out how to break something.
This approach helps identify and rectify potential weaknesses before threat actors exploit them. If you think that it’s all semantics, you would be right. What makes whitehat hacking “ethical” is just the fact that companies have hired a professional to attack their infrastructure.
With the number of devices connected to the internet and the amount of data stored online, ethical hackers are now critical to ensuring privacy, security, and regulatory compliance. Some popular ethical hacking methods include cloud security testing, infrastructure testing, and penetration testing.
How Do You Become an Ethical Hacker?
The road to ethical hacking isn’t a straight and clear path. For many, it starts early in life and sometimes out of necessity. Martin Hanic, ethical hacker and board member at Citadelo, says he got into hacking “because everyone had to be a hacker in the time of dial-up modems.”
His primary motivation was not monetary gain, but learning. It all started when he enabled chat on IRC through his Nokia 7110 via SMS for free. However, he only got serious about ethical hacking after spending 15 years in the corporate world.
Hanic got into whitehat hacking because he was unhappy with the state of IT security. This feeling was compounded by security deficiencies in the technology products he and his friends used. He wanted to use his skills to help and have fun in the process.
“The primary benefit of an ethical hacking career is that you learn new stuff every day. You have to. You have to start thinking creatively, sometimes even coming up with some crazy ideas. But what I love the most is getting paid to break stuff,” Hanic added.
Sometimes software engineers become ethical hackers out of necessity. For example, to mitigate risk, they were tasked with identifying weaknesses in enterprise infrastructure, enjoyed it, and never looked back.
However, there is a downside to a career in ethical hacking. For example, it can be disheartening to see security flaws everywhere. You might also find it difficult to use new products because you’re more than aware of the risks. Like traditional security jobs, you can’t discuss your work with friends and family.
How Do You Think Like a Hacker?
Ethical hacking doesn’t depend on degrees or certificates. For the most part, it comes down to practical skills and knowledge. “In my experience, you really have to know how to build something to understand how to break it,” Hanic stated. The key to becoming an efficient, ethical hacker is to have in-depth knowledge about how software and related technologies work.
To think like a blackhat hacker, you have to decide what category you’re going to concentrate on. Whether it’s mobile apps, enterprise networks, or cloud technologies, it’ll help narrow your focus and build expertise. However, you need to be familiar with all aspects of technology in general.
Hanic believes that it’s important to be familiar with all programming languages (or at least the most popular ones) and their basic concepts. For example, if you want to start hacking websites, you’ll have to know JavaScript. When you expand your attacks’ scope, it’ll also help to learn Bash, Python, and Golang.
A typical day in the life of Hanic goes something like this: “I’ll read the news, have a cup of coffee, and stare at the screen and try to understand how the testing target works. Then I’ll drink more coffee, read more documentation, and start poking the app with a stick. I’ll make some notes, drink more coffee, make even more notes, and stare at the screen some more. Then I would have a eureka moment where I start shouting. That’s when I finally find a vulnerability to exploit. Then this whole process repeats.”
What Are the Tools Used by Ethical Hackers?
Ethical hackers use the same tools as do the bad actors. The dark web is full of them, but it’s not enough. You’ll also have to build your own tools depending on your specific hacking assignment.
Some leading hacking tools are as follows:
- Acunetix
- Burp Suite Pro
- John the Ripper
- Kismet
- Metasploit
- NetStumbler
- Nmap (Network Mapper)
- Nessus
- Nikto
- Wapiti
- Wireshark
The tools listed above help breach enterprise systems in different ways. For example, Acunetix is a vulnerability scanner, and Kismet is a network detector and packet sniffer. On the other hand, John the Ripper is a free and open-source password-cracking tool.
According to Hanic, the hacking stages are ”reconnaissance, information gathering, exploitation, privilege escalation, post-exploitation, pivoting in other networks. It’s a lot of work!”
However, regardless of what tools you use or what you do, ethical hacking is about learning on the job, daily. It’s a game of cat and mouse, and we need to play it. In this scenario, the blackhat hackers have the upper hand, as they only need to identify one weakness. But if you make it difficult for them, it’ll be less profitable and less attractive.
Thinking About Becoming an Ethical Hacker?
An ethical hacking career can be gratifying. In the current threat landscape, your expertise will be in high demand. However, to be successful, you need much more than hacking tools and the technical know-how to better secure IT infrastructure. You have to solve problems on the go, think critically and creatively, and evolve with technology and the threat actors who try to breach them.
For those of you thinking of kick-starting a career in ethical hacking, Hanic has the following advice. “There are many books, videos, and training manuals. But they mostly cover specific topics, and there isn’t a general guide. It’s your mindset that matters. In the end, reading won’t teach you. You need to learn by doing it. You must know how to build stuff before you can break it. That’s important. But be prepared to keep learning all day, every day.”