The Guide to Ethical Hacking: Ethical Hacking and hackers have a horrible reputation, but some hackers are making the internet a friendlier, & safer place. Whether they use their superpowers for good or evil, some hackers have genius skills.
But can hacking really be a good thing? (Depends, one mans hacker hero is another mans wanted hacker fugitive.)
Who are ethical hackers and how do you get started as one?
And why would a company willingly say yes to being hacked?
In this post, we will dive into the field of ethical hacking to answer all of these questions and much more.
We will go over some resources that can help aspiring hackers get started. It’s easier than you may think to get involved in ethical hacking.
Hacking has a wide variety of applications—both good and bad—but it’s easy to see how hacking could be used for malicious purposes.
Similar to how leaving your door unlocked or your window wide open could leave you vulnerable to burglars. Hackers can exploit security vulnerabilities in a device, network, or software to gain entry.
The impact of malicious hacking can be very powerful.
Worldwide, the average business has an approximate 27.9% percent chance of being hacked within the next two years. (From 2017 data. Each coming year gets worst.)
Given this data, it’s no wonder that the word hacking makes many people (business owners especially) feel fearful. However, there is a whole different side to hacking that is gaining more recognition in recent years: ethical hacking.
In reality, ethical hacking is one of the most effective ways for a business to protect itself from vulnerabilities that could be exploited by black hat hackers for malicious purposes.
Sounds like any other kind of hacking, right?
The key difference is that a white hat hacker uses hacking skills to help companies find ways to strengthen their security. A black hat hacker uses hacking skills to exploit weaknesses for personal gain.
The goal of ethical hacking is to evaluate the existing security system and find ways to strengthen and improve protection. When an ethical hacker finds vulnerabilities in a company’s software, the company can then resolve the issues before a malicious hacker can exploit them.
If you are still confused about the difference between black hat and white hat hackers, it can be helpful to imagine the system being hacked as a physical home residence. Consider the following example analogies.
Example 1: Black Hat Hackers Analogy – The Guide to Ethical Hacking
- One afternoon, a burglar breaks into a residential house without setting off the activated alarm from Bell Smart Home Alarm System
- The burglar avoids detection by sneaking in at the perfect time while the family is on vacation, and knowing the vulnerabilities of Bells security system.
- The burglar manages to steal several rare and expensive heirloom jewelry and get away without being caught.
- The burglar made a large amount of money by selling the heirlooms to Oliver Jeweler (ohhh yeah.) :-)
It’s pretty obvious that this scenario describes illegal and malicious activities. This example is similar to how a black hat hacker could bypass a business’s cybersecurity system to gain unauthorized access to confidential files in order to sell the illegally obtained information to the highest bidder or for ransom.
Black hat hackers are those who hack illegally for self-gain or malicious purposes. This includes anyone who steals, leaks, accesses data, or disrupts computer devices and systems for malicious intent, financial gain, or any other motive.
The term “black hat” actually stems from old western movies where the criminal would be identified by his black attire and the hero would be recognized by his white hat.
Example 2: White Hat Hackers Analogy – The Guide to Ethical Hacking
A family wants to know how well its security systems function. The family is concerned that the household may be vulnerable to burglars but doesn’t know the best way to improve security.
The family hires a security expert to help detect vulnerabilities in the system. The security expert will recreate a real-life scenario by trying to break into the house. The security expert and the family both sign a written agreement.
The security expert is able to break in one day by bypassing Bells alarm and avoiding the family by striking when they went on vacation.
The following morning, the security expert delivers a report to the family explaining how he was able to sneak in and outlining ways that the household could fix the vulnerabilities that he identified.
In this example, no laws were broken and no malicious activity occurred. This is similar to how a white hat hacker can use ethical hacking to help businesses improve their cybersecurity and avoid future malicious hacking.
It’s easy to see how true white hat hackers are completely different from black hat hackers. But what about scenarios where things aren’t so black and white?
There are other kinds of hackers who don’t have malicious intentions but don’t hold themselves to the same moral standards as true ethical hackers. We call these people gray hat hackers.
Example 3: Gray Hat Hackers Analogy – The Guide to Ethical Hacking
A close friend of the family, who is also a security expert is concerned that his friends family doesn’t have strong enough security to protect their rare collection of heirloom jewelry especially in their bad neighborhood. The security expert/friend writes an e-mail to the family, and calls them but receives only the response of:
“We do care about our families precious heirlooms. But we have a security system already my friend. Thank you.”
The friend/security expert is worried that his friends family heirloom jewelry will be stolen if his friends household security isn’t improved soon. The family would be devastated as this heirloom jewelry has been passed down many decades ago.
To prove his point, the concerned friend/security expert disables his friends family home security alarm and sneaks into the home while they are on vacation.
The friend/security expert obviously doesn’t break, harm, or steal anything.
Instead, he leaves an anonymous letter on the friends heirlooms explaining how he was able to bypass the security system of his home and outlining ways to improve the household security with recommendations.
If no changes are made, the friend/security expert plans to announce the homes security flaws to the in-laws ( because the in-laws are really out-laws :-) ) in the hopes that the friend will be forced to finally improve his families home security to protect their heirloom jewelry.
This analogy makes it pretty clear how the line between black hat and white hat hackers can get blurry. Ethical hacking is about more than just having good intentions.
As we will see later on, an unauthorized intrusion is still an unauthorized intrusion regardless of whether or not the hacker was trying to be helpful.
Although all hackers draw from the same skills and knowledge, true ethical hackers only use their abilities to gain access to systems with the explicit permission of the owners.
Now we know what an ethical hacker is and how companies can benefit from hiring an ethical hacker. But what do ethical hackers actually do?
There are a wide range of hacking tools, techniques and methodologies that are commonly used by white hat hackers. Ethical hackers often specialize in certain domains, but most highly-skilled hackers are flexible and constantly learning new strategies.
Vulnerability assessments, penetration testing, and red teaming are three terms that are often confused with one another. They actually represent three completely different approaches that ethical hackers can take. We will discuss them in more detail below.
Each one of these domains can take years to master, and – like the cyber world – is constantly evolving.
A vulnerability assessment (VA) is a method used by ethical hackers and other information security experts to identify, rank, and communicate any vulnerabilities present in a system.
Security researchers, hackers, and end-users can all play a role in finding vulnerabilities in a company’s software, network, and hardware.
No piece of software is perfect, and with every update or new release there are bound to be some bugs. Due to this, most reputable software and hardware development companies recognize the value of frequent vulnerability assessments.
A company may hire an ethical hacker to perform a VA in order to find and repair any problems with the software before they can be exploited by a malicious hacker.
If a software vulnerability isn’t quickly addressed and dealt with, the consequences can be very costly. It is therefore in the best interest of all software vendors to discover and address vulnerabilities before black hat hackers do.
Although each VA can vary in scope, timeline, and approach, most ethical hackers follow these four main stages:
- Create a thorough catalog of all resources and assets in the system.
- Rank the assets by their value or importance to the overall system.
- Find and define any existing or potential vulnerabilities in each asset.
- Work with the company to fix all security issues that were identified in the assessment.
The main difference between a vulnerability assessment and other common ethical hacking techniques is that vulnerability assessments do not recreate a real-world hacking scenario.
In a VA approach, the client and the ethical hacker usually work closely together throughout the entire process.
The client provides the ethical hacker with lots of information and access to resources before the assessment begins, rather than having the ethical hacker gather information from the outside.
There are many tools that hackers use in a vulnerability assessment, often including programs that scan the system environment, analyze network protocols, and audit Android or web application security.
Another way to find vulnerabilities is by analyzing the source code. However, this is probably the most tedious way to find vulnerabilities, and you need to have access to the source code, which is not always given. Reverse engineering in the name of knowledge is always an option.
One example of a popular way to find vulnerabilities is via a technique called fuzzing. Fuzzing is when you purposefully interfere with a program and its input in order to make it crash, which tends to help reveal vulnerabilities.
One common fuzzer is a program called Radamsa, which has been used to find a vulnerability in Apple QuickTime that allowed remote attackers to create a denial of service (DoS) attack via a corrupted movie file.
A penetration test is a method used by ethical hackers to test the defenses and security procedures of a device, network, or system to find out if there are vulnerabilities that can be exploited.
Penetration testing is what most people think of when they picture an ethical hacker. The ethical hacker has to get into the mindset of a black hat hacker and simulate a real-world attack.
Although vulnerability assessments can usually cover a wider range of information, penetration testing is a more realistic way to evaluate specific system weaknesses.
The difference between the two approaches comes down to breadth vs. depth. This is why the two methods are often used together.
There are two types of penetration tests:
- White box test: Before the penetration test, the ethical hacker is given detailed information about the system being tested. This often involves the hacker performing a vulnerability test. The penetration test is then performed after the ethical hacker has been given an inside look at the system.
- Black box test: The ethical hacker is given little or no information about the system before starting the penetration test. This is usually done to recreate a real-world scenario and find out how much damage could be done by a malicious hacker from the outside. In this case, the ethical hacker has to perform reconnaissance on their own.
If you were an ethical hacker performing a penetration test, you would need to go through the following steps:
This stage involves gathering as much information about a target as possible. This information will help you design and execute your attacks in the subsequent phases.
Good intelligence gathering enables you to determine what entry points and potential weaknesses exist in a system. Entry points can be physical (e.g. service door), electronic (e.g. login prompt), or human (e.g. John M. the receptionist).
There are four categories of intelligence gathering:
- Open Source Intelligence (OSINT): Researching publicly available information about a target.
- Passive Intelligence: Gathering information in a way that can’t be detected. This is usually limited to caches or archived information.
- Semi-Passive Intelligence: Gathering information while trying to remain undetected by hiding or camouflaging your actions to look like normal internet traffic on the target network.
- Active Intelligence: Gathering intelligence in a way where your actions should trigger alerts and alarms. This allows you to see how your client’s security systems detect attacks and defend themselves.
After the gathering of as much information as possible, you will begin to probe the system to understand how it behaves and find out how it will respond to an attack.
You will probably take advantage of software tools to scan the target’s network and infrastructure. You might want to monitor the network over a period of time to gather as much data as possible.
You may also spend time inspecting and analyzing the software’s code while it is static and while it is running, which is called dynamic analysis.
In this phase, you will attempt to enter and exploit the vulnerabilities that you have discovered.
Here are some techniques that you might use during a penetration test to try to gain entry:
- Bypassing network or web application firewalls
- Exploiting cloud services
- SSH attacks
- Exploiting poor or default passwords
- SQL injections
- Cross-site scripting
- Denial of Service (DoS) attacks
- MAC address spoofing
You may also have to use social engineering to gain access. This involves misleading or manipulating people (sounds like my ex :-) ), typically employees of the company, to infiltrate the environment.
Examples of social engineering include:
In order to successfully exploit any vulnerability, you have to first evade or bypass any countermeasures or defense mechanisms that might be present.
As part of this phase, you can also try to assess how much damage can be done by exploiting the vulnerability.
You may try to see if you can steal data, intercept traffic, or crash processes. However, it’s important not to overstep the boundaries of your ethical hacking agreement with the client.
The goal of this third phase is to find out how long you can maintain your connection without being detected. Noting the various methods to plant back doors or trojan horse.
Some kinds of attacks take place over the course of days, weeks, or even months. You may want to try, if possible, to hide the intrusion and maintain access over a period of time.
At the end of your penetration test, you will create an in-depth report of everything that you learned during the test.
This includes a description of all vulnerabilities discovered, how critical they are, how they can be exploited, possible consequences, and recommendations for how to improve security.
Red teaming is similar to a standard penetration test, with a few important differences.
A red team is a group of ethical hackers or cybersecurity specialists who test a specific product, service, or physical facility to test the environment’s defenses.
A red team tries to recreate a real-world invasion as much as possible. Because of this, the majority of the company’s IT and security teams aren’t given details about the test beforehand unless absolutely necessary.
The test often takes place over a longer period of time than other methods. Red teams usually use a combination of software tools, social engineering techniques, and exploits of the physical environment.
It might seem odd to hire an ethical hacker, however, getting into the mindset of a black hat hacker is the only way for a business to truly test their defenses.
A company that does not want to hire an ethical hacker has to rely on having a perfect defense for every possible attack. This leaves the company at a constant disadvantage.
Even if a company has the best defenses in the world, the reality is that a hacker only needs to find one weak spot to compromise the whole system.
It’s nearly impossible to find out what that weak spot is without putting your defenses to a realistic test. A skilled ethical hacker can save a company a significant amount of time, money, and effort.
Imagine that an IT company is designing new software. They are on a tight schedule, however skipping security testing could have serious consequences in the future.
Which one is easier: including every kind of defense imaginable so that the software is immune to every possible attack or hiring an ethical hacker to identify the software’s most vulnerable areas?
Consider the following real-world example of what can motivate an organization to work with ethical hackers:
- In 2017, a Microsoft Windows based ransomware attack known as WannaCry compromised dozens of hospitals across the UK. Hospital employees were locked out of their computers, and over 19,000 appointments had to be canceled. It’s estimated that the attack cost the UK’s National Health Service (NHS) £92 million in IT repairs and lost revenue. Following the attack, the UK’s National Health Service created a new Security Operations Center with £20 million in funding to improve and evaluate security using ethical hacking.
An ethical hacker on the software design team not only makes the process of security testing faster and more efficient but also more effective.
That means that a company that hires an ethical hacker is both saving money and creating a stronger product.
When a company hires an ethical hacker, they are looking for someone with cybersecurity expertise who can fully take on the perspective of a malicious hacker in order to replicate realistic attacks.
Ethical hackers need to have advanced knowledge about the methods, skills, and mindset that black hat hackers use to compromise security defenses.
Companies are also looking for someone who is professional, communicative, and transparent. Companies often have to place a lot of trust in ethical hackers. It is a role that comes with a lot of responsibility.
Ethical hackers have a responsibility to fully inform the company of everything that they discover during testing.
Ideally, the ethical hacker will also work with the company to ensure that all problems and vulnerabilities are safely resolved after the testing is complete.
Ethical hacking can sometimes exist in a confusing legal gray area. In most of the world, existing laws on ethical hacking are ambiguous and don’t clearly cover all possible scenarios.
Both hackers and companies must take steps to protect themselves and make sure no laws are being broken.
The best way for both parties to make sure they are legally in the clear is to sign a written agreement that defines the job that the ethical hacker is being hired to do.
One of the main differences between legal and illegal hacking is whether the hacking was authorized or unauthorized.
The written agreement is proof that the ethical hacker is legally authorized to try to exploit the company’s security vulnerabilities and gain access to the system.
Before hiring an ethical hacker, companies must also do their research and make sure that they are not asking the hacker to do anything illegal.
Organizations may be breaking the law by asking hackers to access confidential customer data without getting customers’ permission.
For a company hiring an ethical hacker, a written agreement can be an opportunity for the company to make sure their hacking request is legal and create proof of what exactly they gave the hacker permission to do.
Meeting the following four conditions are the best way for both parties to protect themselves and avoid legal consequences for ethical hacking:
- The ethical hacker and client both agree on and sign a statement of work (SOW) that describes the goal of the ethical hacking, what the hacker is being asked to do, what actions the hacker is allowed to take, what the hacker will deliver to the client when the project is complete, and any boundaries and limitations given to the hacker.
- If the ethical hacker may be exposed to confidential information, the hacker should be asked to sign a non-disclosure agreement so that private or sensitive information is properly handled.
- Both parties should sign a liability release document that frees the ethical hacker from any responsibility in case of service interruptions or problems due to authorized actions taken during the ethical hacking engagement.
- The ethical hacker should make every effort to be as transparent as possible with the client. Full disclosure is one of the most important principles of ethical hacking.
A written agreement is great and all. But what about situations that aren’t so black and white?
Imagine a white hat hacker who unexpectedly runs into a security flaw on a company’s website. The white hat hacker tries to assess the security flaw to find out whether they should try to report it to the company.
While doing so, the white hat hacker unintentionally gains access to the website’s confidential payment database. The white hat hacker quickly and privately informs the company of their discovery and even gives them some ideas for how to fix the problem.
To the white hackers surprise, instead of being thanked and rewarded by the company, she is hit with legal charges for her unauthorized access to the system’s payment database.
Unfortunately, there have been multiple real-world examples of this very scenario. Even though the hacker’s intentions were good, the law doesn’t always take intentions into consideration.
Things get complicated when you consider the fact that not all ethical hackers are directly hired by a company. Instead, some white hats act as vigilantes. They spend their time trying to find and report security flaws that companies have failed to fix themselves.
They often have noble intentions, with their main goal being to make the world a more secure place. In legal terms, this is sometimes called good faith hacking.
Security researchers may also use hacking techniques to evaluate security flaws in networks, devices, or software as part of their research.
Bug bounty programs and vulnerability disclosure programs (VDPs) can offer some legal protection to ethical hackers.
A bug bounty program is a reward system offered by a software developer or website to any white hat hacker who discovers and reports a vulnerability to the company.
Typically, bug bounty programs are explicitly defined and outlined by the company to the public in writing. This can act as a written agreement and provide an area of safe harbor to ethical hackers and protect them from civil or criminal charges.
Vulnerability disclosure programs (VDPs) are similar to bug bounties, but do not offer financial rewards. They create a secure channel for white hat hackers and security researchers to report vulnerabilities discovered in good faith.
As cybercrime becomes a growing threat to businesses in the digital age, more and more organizations are announcing their own VDPs.
Many companies recognize that VDPs and bug bounty programs can be the best way to improve their security and encourage hackers to report their discovery rather than publicly announcing the vulnerability or exploiting it.
If you are interested in getting involved in bug bounties, the most important thing is to read the terms and conditions of the program very carefully.
Ethical hackers must make sure that their actions are completely covered by the written terms of the program to protect themselves from any legal consequences.
Let’s go over some real-world examples of ethical hackers and the good and bad consequences that they faced for their hacking activity.
These examples help explain how ethical hacking can be legal or not depending on the circumstances and context.
University of Washington software engineer and cybersecurity researcher Dave Dittrich is best known for his research on Distributed Denial of Service (DDoS) attack tools.
After a series of large-scale DDoS attacks around the world caused panic in the late ‘90s and early 2000s, Dittrich began investigating compromised hosts using ethical hacking techniques.
His research sometimes forced him to access personal information from account holders with compromised systems.
Dittrich frequently speaks about how his hacking activities could have landed him in serious legal trouble. Even though his intentions were good, some of his actions could have been viewed as unauthorized intrusions.
Luckily, Dittrich has never faced any legal consequences for his hacking. Part of the reason that Dittrich’s actions were considered ethical hacking was because he worked hard to follow strict ethical guidelines.
The researcher tried to be transparent and communicative with all of the DDoS attack victims involved in his research. He also informed government authorities of his activities and all of his research findings.
Dittrich is now a big advocate of ethical hacking to combat malicious hacking tools. He believes that ethical hackers need to work together to create and follow a strict hacking code of ethics to protect themselves and others.
The story of British software development student Glenn Mangham is a great example of the risks involved in unauthorized hacking even if your intentions are good.
In 2011, Mangham noticed some security vulnerabilities in the Yahoo! search engine. Using hacking techniques, the software development student explored the vulnerabilities in more detail.
He put together a report on his activities and findings, which he then sent to Yahoo! along with recommendations for how to improve the security.
Yahoo! considered Mangham’s actions to be ethical hacking. The company thanked him for his report and even gave him a reward of several thousand pounds for his efforts.
However, Mangham’s luck changed later that year when he tried the same routine with Facebook. Encouraged by his previous success, this time he took more extreme actions on his hunt to find vulnerabilities.
Mangham successfully hacked into the account of a Facebook employee, which he used to gain access to several Facebook servers.
While exploring security vulnerabilities that he encountered, Mangham downloaded confidential source code from the Facebook servers onto his home hard drive. He claims that he was trying to put together a report similar to the one he created for Yahoo! in order to help Facebook improve their security.
Unfortunately, Facebook saw things differently. The company found evidence of an unauthorized breach and went straight to the FBI, who tracked the intrusion back to Mangham.
When British authorities confronted the software development student, he immediately admitted what he had done and tried to explain his intentions, but it was too late.
Facebook did not view Mangham’s actions as ethical hacking. The company’s lawyers argued that unauthorized access was never harmless and should be punished regardless of the hacker’s intentions. Mangham was sentenced to eight months in prison for his actions.
Charlie Miller is an American cybersecurity researcher and well-known ethical hacker who has previously worked for the NSA, Twitter, and Uber.
Miller has been publicly rewarded multiple times for discovering critical security flaws in popular devices and software. He has never faced legal consequences for his hacking because he follows a strict code of hacking ethics.
Here are some examples of what Miller has accomplished with ethical hacking:
- 2007: Miller discovered a critical vulnerability in the Safari iPhone application that could be used to hack and hijack iPhones. Apple was able to successfully fix the problem after Miller reported his findings to the company.
- 2008: A hacker conference in Canada awarded a $10,000 prize to Miller for demonstrating how a security vulnerability could be used to hack a MacBook Air in less than 2 minutes.
- 2009: Miller exposed a security flaw in iPhone’s text message processing system that left iPhones vulnerable to DDoS attacks.
- 2011: Miller found a critical vulnerability in the battery chips of Apple laptops that could easily be exploited to infect the laptop with malware or damage the device.
- 2012: Miller exposed a method that hackers could use to bypass Google’s mobile app store protections, making it possible for hackers to create malicious Android apps to steal data, send spam, or take money. Google was able to repair the problem with Miller’s help.
- 2015: Charlie Miller and fellow ethical hacker Chris Valasek discovered a vulnerability in the Jeep Cherokee’s internet-connected entertainment system. With only the car’s IP address, the two hackers were able to remotely control the car’s engine, breaks, steering wheel, and more by sending commands to the car’s internal Controller Area Network (CAN). Fiat Chrysler, which owns the Jeep Cherokee, was able to quickly create a security patch after Miller and Valasek disclosed the issue.
The real-world examples in the previous section show how a hacking code of ethics can make the difference between a hacker’s actions earning a $10,000 reward or a prison sentence.
Following ethical hacking guidelines is the only way to safely and legally get started as a hacker. It is also much easier to make money as an ethical hacker than as a black hat or gray hat.
A growing number of companies around the world are realizing the importance of investing heavily in cybersecurity. This rising awareness means that the field of information security is growing faster than ever.
With the current booming demand for skilled ethical hackers creating jobs and driving up salaries, the outlook for aspiring white hat hackers has never been brighter.
There are even examples of black hat hackers switching sides because there are so many more opportunities for ethical hackers than in the past.
One of the most famous cases is Kevin Mitnick, an incredibly talented American black hat hacker who is believed to have gained unauthorized access to hundreds of devices and networks over several decades.
Mitnick evaded authorities for many years, but he was finally caught, arrested, and sentenced to five years in prison after a high-profile FBI pursuit in 1995.
Today, Mitnick is an extremely successful security consultant who has provided ethical hacking services to some of the largest companies in the world. The former black hat hacker’s story is both fascinating and inspirational to anyone who is considering a career in hacking.
Thanks to a growing awareness about the benefits of ethical hacking, there are a ton of resources and opportunities out there for ethical hackers to take advantage of.
Ethical hacking is a fun and interesting field to get into, but it can also be a great way to make money. There are two main paths that ethical hackers can take to earn a living.
Many ethical hackers are hired by businesses or consulting firms. Here are some common job titles that attract ethical hackers:
According to Payscale, the average yearly salary for a Certified Ethical Hacker in Canada is $80,000 – $110,000 CDN as of 2020, but the top earners can make over $110,000 CDN.
Here are some average salary ranges in 2020 for an ethical hacker in the US based on location:
- Washington, DC: $70,182 – $125,937
- New York, New York: $50,518 – $128,634
- Atlanta, Georgia: $51,682 – $112,217
- San Antonio, Texas: $53,824 – $91,432
Some ethical hackers prefer to work alone rather than joining a company. These hackers usually make their money through bug bounties.
Many websites and software developers recognize the value of offering people motivation to disclose any bugs or vulnerabilities that they encounter rather than exploiting them or announcing them publicly.
A bug bounty is a reward offered by a website or software developer to users and ethical hackers who find and report a bug to the company. The biggest rewards are usually offered for the discovery of a bug that could potentially be exploited by a malicious hacker.
The legal protections for bug bounty programs are discussed in more detail earlier in this article. In general, the most important thing is to read the terms and conditions of the bug bounty program carefully and follow the guidelines given by the company.
Bug bounties can be a great way for talented ethical hackers to earn money. Here is a list of a few bug bounty programs offered by well-known companies, along with possible earnings:
Many websites host information about their bug bounty programs on the hackerone database. (see screenshot below.)
One of the best things about ethical hacking is that it is accessible to everyone. There is no single correct way to become a great hacker.
Ethical hacking is different from many other careers where you must follow a strict, traditional path to become successful. In fact, some of the most famous ethical hackers have been completely self-taught.
Keep in mind that no one becomes a talented hacker overnight. Learning hacking skills takes time, effort, and dedication. Even experienced hackers are forced to constantly learn new skills because technology changes so rapidly.
If you are invested in learning and constantly improving your skills, then you are already off to a great start.
Since there are so many possible paths to take as an aspiring ethical hacker, we are going to break things down into formal and informal steps that you can take.
There is no specific degree or major that is required for a career in ethical hacking, but taking courses in information technology, computer science, computer engineering, or even mathematics can help prepare you to enter the field.
Any degree that involves learning programming languages and software development will be the most relevant for ethical hackers.
If you lack real-world experience, one of the best ways to make yourself stand out as a talented ethical hacker is to obtain a certification. There are a few different credentials that ethical hackers can get.
To become a Certified Ethical Hacker, you need to receive credentials from the International Council of Electronic Commerce Consultants (EC-Council).
The CEH is an entry-level certification. Obtaining it proves that you understand on a theoretical level what ethical hacking is, how it is different from non-ethical hacking, what kinds of attacks exist, and how to protect against them.
The exam is made up of 125 multiple choice questions covering topics such as: footprinting and reconnaissance, network scanning, sniffing data, hijacking servers, SQL injection, system hacking, web application hacking, and social engineering. The exam lasts about four hours.
After you have obtained your CEH credential, you are also eligible to take the CEH practical exam. This is an intermediate-level certification.
While the entry-level CEH credential is all about demonstrating that you understand ethical hacking methodologies and tools, the practical exam is about proving that you also know how to use them.
As its name implies, you’ll be putting to practice all the theory that you’ve encountered while obtaining CEH. The exam is more difficult than the CEH and will require about six hours of challenge solving—20 challenges in total—on a virtual network with machines to be hacked.
The OSCP certification is for ethical hackers who want to prove that they not only know how to hack but actually know how to do so according to a strict standard of ethics and business etiquette.
It’s one thing to be a good hacker, but it’s another thing to be a professional and ethical hacker. To pass the OSCP you will perform a penetration test against a live simulated network with vulnerable devices.
You’ll be hacking in conditions that mimic reality. At the end of your penetration test, you’ll have to write and deliver a report of several hundred pages on your findings.
This is an advanced certification, but obtaining it proves that you’re an outstanding ethical hacker.
One of the best ways to get started is to start learning one or more programming languages. You can sign up for a formal programming class, but you certainly don’t have to.
There are many excellent free online resources for both beginner and advanced hackers to improve their programming skills. Here are a few examples:
- Codecademy is an interactive site that is great for beginners. You get to learn the basics of different programming languages in a practical way.
- Codewars is a fun, interactive way to learn basic and intermediate coding in several popular programming languages.
- Free Code Camp advertises itself as a coding bootcamp. After you work your way through the curriculum, you will have the opportunity to work on real projects for nonprofits.
You can also find some excellent free programming courses on online learning platforms like Coursera, edX, Udacity, Udemy, and even on Youtube.
There are lots of resources out there that help ethical hackers learn new skills and practice their existing knowledge. Here are some resources to learn basic hacking techniques and even apply hacking skills in realistic simulations:
- Cybrary offers free online training courses on a wide range of hacking and cybersecurity-related skills.
- Bug Hunter University is a great resource created by Google that helps aspiring ethical hackers learn how to create professional vulnerability reports for bug bounties.
- Hacksplaining is a fun, interactive site that teaches lessons on different hacking techniques. This is a great place to learn the basics of hacking techniques, as well as how to defend against them.
- Hack Me is a free community-based project where you can build, host, and share vulnerable web application code for educational and research purposes.
- EnigmaGroup is a resource for potential ethical hackers to develop their penetration testing skills.
- Hack This Site promotes itself as a free and legal training ground and community for hackers to test and expand their hacking skills.
If you are really looking to dive into ethical hacking, these additional resource lists may be helpful to you.
- Free Security eBooks: Free hacking and cybersecurity eBooks hosted on Github.
- Online Hacking Resources Database: List of forums, blogs, YouTube channels, articles, and references on a variety of hacking skills and topics.
- Courses and Trainings: List of reputable courses and training sessions on cybersecurity topics.
- Social Engineering: Resources and materials to help you learn real social engineering techniques.