A Methodology
As you may have seen OTW describe in the past back at the despicable NB, as a hacker you must know these 6 steps to penetrate a system successfully:
- Passive Reconnaissance
- Active Reconnaissance
- Footprinting & Enumeration
- Exploitation
- Privilege Escalation
- Covering Your Tracks
As critical as these steps are – any self-respecting hacker should understand these steps – one must also be aware that, as a hacker, there are a few more things to have under one’s belt…
Key 1: Anonymity
As many of you may already know, anonymity is something about which I care very much – and it’s very important that a hacker maintain his/her anonymity. For those hackers seeking a “darker path,” being anonymous is even more crucial, an important step in avoiding cuffed wrists.
When you’re browsing the internet through your many aliases, it’s paramount that no two aliases collide. This includes clear distinctions between language patterns, time zones, discussion topics, who you talk to, and what you do under each alias. Such diligence demands much skill, focus, and vigilance. Avoid any distraction that could potentially lead to the corrupting of an alias.
Many known hackers behind bars today were tracked down simply because they overestimated their anonymity; they didn’t put enough effort into remaining anonymous. You need to constantly look for where you are “slacking,” so to say, and improve, because anonymity is a very broad, multi-faceted subject.
Key 2: Social-engineering
Often I make note of Social Engineering’s rise to prominence. We’re living in a world in which Internet can be a very dangerous place, and the dangers can be anywhere: websites, forums, chat rooms, and so on. Even to me this is frightening.
I therefore advise all hackers and security enthusiasts to be aware of how important this threat is. Social Engineering is primarily about persuasion.
In order to hone this magnificent skill, one must know his target: who they talk to, their interests and hobbies, friends and families. Then, one must be able to effectively use this information against his target. One may do this in order to obtain user credentials.
In today’s world, the IT Industry is a big part of our daily lives; there are many people capable of skills like Social Engineering. Under the right circumstances, a malicious Social Engineer could even dupe the best of us. I believe the weakest link in any system, is always the human being itself.
Future generations will increasingly become victims of SE; therefore, it is important that the populace is educated about threats lingering as a result of Social Engineering.
Key 3: Scripting
Any hacker intent on progressing should have between one and two programming languages under his/her belt. Without this skill, one’s attacks rely solely on the tools built by others, which means that a particular exploit may be in the hands of other unskilled hackers. Such exploits have likely been reported to all relevant Law Enforcement and Security entities already, so using one would be a waste of time and land an eager hacker with a fine or jail time.
Programming knowledge is also beneficial to one’s creative- and problem-solving skills. A better problem solver can perform better hacks. Understanding of programming also makes it easier to exploit existing software. For this, one may receive a Bug Bounty, a payday, if he/she reports it accordingly.
Key 4: Certifications
Any hacker should seek to hold many of today’s respected certifications, which greatly increase one’s chances of landing a job in the IT-industry.
While some may wish to keep hacking a hobby, I advise that you do not let your skills go to waste because there are many high-paying jobs available in the Cyber Security industry.
Certifications also can boost your confidence and credibility. You can show it to your entourage so they can see how skilled you are. Furthermore, it can be used as a reminder that you are capable of exploiting things and writing valuable code, even though you might be struggling at times.
Conclusion
All of these keys now in mind, I hope you’ve learned something today.
P.S. While I am on vacation at the moment, I aim to keep contributing, although at a lesser frequency.