It’s the beginning of 2022, what better time could there be to start hacking your way to a career?
Breaking into the InfoSec space can be a daunting experience, especially if you’re a fresh graduate or someone who is currently in education and is aspiring to pave their way into an Ethical Hacking role. How exactly do you become an Ethical Hacker? What is a “Penetration Tester” anyway? Well in a nutshell – a Pentester / Ethical Hacker (used interchangeably) is someone who conducts practical testing on various pieces of applications or assets to a company to assess its security posture with specific guidelines set in place. In simple terms, a Pentester is paid to hack their way into web applications, internal networks, mobile applications, and IoT devices (to name a few) to replicate the actions of what the bad guys can do. Essentially, if a Pentester can break into a network – so to can the adversaries. That is pretty much a very high-level overview of the job description, now how exactly does one learn the skills and knowledge required to perform such tasks? Where do you begin? These are all common questions I’ve encountered and asked myself too in the past. In this blog – the aim is to give 5 tips that can really help a beginner go from “Zero to Hero” in the most efficient way possible. Whether you’re a student or not, I’m certain these tips will propel you forward. These are all my own opinions, derived from my personal experience and misconceptions I’ve seen in my time of interviewing Junior candidates:
1. Networking Fundamentals
Know your basics of Networking. It’s important you understand at least the basics of how TCP/UDP works, what DNS is and how it operates, knowing the difference between a Router/Switch, understanding how IPv4 works such as Public and Private IP addresses, and understand what a CIDR notation means (e.g. /24). This is just scratching the surface, but I cannot emphasise enough how important the fundamentals of Networking can propel you so far in Pentesting. By no means do you need to be CCNA qualified as that is probably more than enough – maybe think about taking a basic Networking course on an online platform. I for one learned Networking throughout my Cybersecurity degree and 2 semesters of it was enough to kick-start me in picking up Ethical Hacking.
2. Labs, labs, and more labs
Once you feel you understand a bit of Networking and how the Internet works – it’s time to dive right into the fun part and get hands-on practical experience. Theoretical knowledge can only take you so far! What I recommend to everyone is to buy a VIP subscription on HackTheBox (roughly £10/month) and start grinding out all the Easy rated retired machines from the oldest date and work your way up, eventually, you’ll land on the Medium rated and will notice the difficulty increase. HTB is absolutely brilliant, it’s currently the best platform out there and the skills and knowledge you’ll learn from bashing your head at their labs for 1 month is something you won’t get anywhere else, trust me! They have writeups and YouTube walkthroughs for all retired machines but do refrain from peeking at these and try your best to hack your way through.
TryHackMe is another platform that is starting to become widely popular and although they do have excellent training material – I refrain from recommending this as their labs are too easy compared to HTB and they hold your hand throughout most of them. You want as close as a realistic experience possible – so stick with HTB. If you can root around 20-30 of their boxes, you’re in a really good spot! I got too addicted and reached 70 before moving on, but it isn’t needed!
3. Certifications? You just need one, IDEALLY
There is a huge misconception regarding certifications in the InfoSec space. Some regard them as the “be all end all” and use this as a metric to determine an individual’s worth, but this is not the case. As a matter of fact, it’s straightforward when it comes to Pentesting as to “which certification do I need to go for?” You ideally want to have the OSCP by the time you’re applying for jobs if you’re someone who is fresh out of Uni and hasn’t worked before in the InfoSec space.
Again, this is purely opinionated and there is lots of evidence of people landing jobs without OSCP and with OSCP. I speak from personal experience and the many Junior candidates I’ve interviewed. We don’t knock back candidates without OSCP by any means, however, there is a very large skill gap between someone who has graduated University with OSCP vs someone who has graduated with CCNA, CCNP, Security+, A+ and all those abbreviations.
What folk don’t understand is that yes networking helps a ton in Ethical Hacking – but as the job title suggests, you’re paid to hack as opposed to conducting a networking audit. The OSCP teaches you (in a gruesome way) how to use common tools and attacking web applications and internal networks to a good standard, in my opinion. A Pentesters methodology is crucial, and this cert heavily emphasises the importance of recon, enumeration, working under pressure (24hour exam with 5 machines), exploiting services, and writing a realistic pentest report. They have recently added Active Directory to the exam, so there’s another reason folk should think about going for this.
As I said before – you do NOT need OSCP, but it definitely helps you a lot. If you’re considering sitting an exam, stay away from CEH, CompTIA, and Cisco! Don’t spend money and time on something that won’t propel you further ahead from the rest and which is not Pentesting related. I obtained OSCP before my 4th year of Uni and it 100% helped me in job hunting. One may argue that the OSCP is unrealistic – this, I can agree on in some aspects, however, the sole purpose Offensive Security are trying to get across is the importance of recon, enumeration, and exploitation. It isn’t a Web-based exam, they have OSWE for that!
4. Pick an area to “Specialize” in
By area, I’m referring to either Web Applications or Internal Infrastructures (Active Directory) and by specialize I’m referring to knowing an area really well that you’re super comfortable with. Of course, you can’t specialize at this point in time – it’s a loose reference!
There’s a lot of aspects to Pentesting – you have IoT, Mobile Apps, Social Engineering, Hardware, Cloud, etc. however Web and Active Directory are 2 major components and I’d say learn both of these but pick the one you’re more passionate for and learn them at a 70:30 ratio maybe. Again, it’s opinionated and it’s what worked for me and several others I know personally. If you’re passionate about Web Applications – go to Portswigger Web Academy and spend time learning their material as they teach you lots of client/server-side vulnerabilities that you actually see in real life. Make a start on attempting Bug Bounties on Hackerone, Bugcrowd, YesWeHack, Intigriti, etc and see where it takes you. Having Bug Bounty experience is the closest you will get to a Penetration Testing job and it’s probably the best way forward, but know that it’s really tough and competitive and you may have unfortunate luck sometimes – but do try! If you picked AD, do the HTB AD lab machines, take AD courses (linked below), create a virtual lab on VMware, and start reading tons of blogs and practice attack vectors. You can even take another certification such as the CRTP which is an excellent introductory course to AD Pentesting. In the other areas, I stated above you should for sure make an effort to know the basics of it, but there’s way too much to learn, and impossible to squeeze everything in at a high standard.
Remember, these tips are for beginners to follow an efficient roadmap and the worst thing you can do is try learning everything at once, and at the end of it, you only really know each area on a very fundamental level. AD was something that heavily intrigued me, so I chose that as an area to try becoming really good at! Once you’re satisfied with the depth you’ve gotten into for the area of expertise – switch over to the other side and spend time on that. I focused a lot on the Web after I got my OSCP, for example.
5. Stay PASSIONATE
The most important piece of advice is the simplest of all – stay passionate!
Passion is what will get you through all the struggles this journey will bring you, it’s what makes every day a matter of enjoying yourself and having fun, as opposed to having to “study” every day. Nobody likes to study (unless of course, that is your passion) but we do like to learn and have fun at the same time. Hacking should be a hobby, just as we play football or other sports as a hobby, we play to enjoy ourselves and improve at the activity. The same mindset should apply to learning hacking techniques and doing labs, if you follow this mentality, you’ll enjoy every day and it won’t feel the same as studying – even though you technically are studying, I hope that concept makes sense!
Some advice I was given years ago when I first discovered Ethical Hacking was to remain passionate and to never lose it, as when it comes to sitting your interviews – your employer will see your passion shining through when you’re talking about yourself and expressing what you know. The very first interview I had for a Pentesting role many years ago whilst I was in my 2nd year of Uni was a success purely because my passion overlooked my lack of experience. I found this advice hard to believe until that had happened, so it’s something I now advise everyone.
Everyone will recommend a different roadmap for beginners; some will say Programming is essential and a huge part of a Pentesters toolkit. Whilst this is true – it isn’t something you need to focus on initially. Others may say you need a strong knowledge of Networking, however, I disagree and believe the opposite to be true. Finally, some may in fact say certs define you and you need all the abbreviations after your Surname, but this most definitely is not the case! Practical skills overshine theoretical knowledge by a landslide. A key piece of information to keep in mind is that these are tips for beginners to start paving their way and picking up the necessary skills needed. Once these are solidified, one should definitely expand their skillset by looking into Phishing, OSINT techniques, Cloud testing, and much more!
Here are some links to a few platforms I recommend and can say with certainty will help you in kick-starting your journey:
To find out more about our Penetration Testing click here.