DEV Community: Wor Yu Kai

My journey into cybersecurity

Wor Yu Kai — Wed, 19 Jun 2024 14:39:11 +0000

My Journey in Cybersecurity, in chronological order

@ 11

At the age of 11, I began to grow fascinated by how computers work, and even more intrigued by how hackers hack these intrinsically designed machines. I was introduced to the world of ethical hacking by my close friend then, who he himself was quite well versed in the topic. However, he was not an ethical hacker himself, rather he wanted to be a black hat hacker. Yet, I supposed he was not willing to take the rest, as he never attempted to break into systems illegally, which was best for him as the world of hacking is not forgiving. Black hat hacking can cause one to be arrested, and result in fines and/or even up to years in prison.

@ 12

At the age of 12, I created my first Metasploit Payload, which I was attempting to use to hack the webcam on my brother's computer. However, perhaps something went wrong within the payload itself, or my brother's firewall blocked the payload, and consequently I was unable to successfully hack his webcam. I suppose my brother had already known this before hand, because he seemed confident in allowing me to try install the payload. After this incident, I spent several days trying to fix the payload, without realizing that there were other possibilities like the firewall or antivirus blocking the payload. At this point of time, I also did not know what was a port, hence I also failed to realize that the port my payload was using could have been closed.

As a result of lacking ports and computing knowledge, I also tried to connect to my brother's computer via RDP(Remote Desktop Protocol), without knowing that port 3389 used for RDP was closed by his firewall, and RDP being disabled by default on his computer. It was only after trying for several hours(and failing), did I finally attempted to look up the internet for a solution to my problem. Voila! I had found the solution, which was to open the port on the firewall and enable RDP! However, it was too late because my computer usage time for the week was used up. Consequently, I forgot about this short term goal of mine, until today.

@ 13-14

During ages 13-14, I was mainly scouring hacking forums to see how hackers think and act, and learning about the various ways they exploited systems and vulnerabilities. What shocked me was how easy it was to exploit these vulnerabilities, owing to the rise of automated hacking tools in the contemporary digital era. I fondly remember one of these tools being SQLiDumper - Which was made by AngelSecurityTeam. The tool enabled users to perform operations like Dork Searching , Vulnerability Scanning ,SQL Injection , XSS , LFI and RFI. Furthermore, it was in a GUI(Graphic User Interface), which allowed beginner 'hackers' to utilise the tool and exploit vulnerable databases, without even knowing how to do it the manual way in Linux by using the shell. Although I believe the tool was made for penetration testing by ethical hackers, many malicious users used this tool to perform data-breaches on various websites. I also noticed the uprise of hacking tools being sold by programmers, like account checkers and database dumpers/dorking tools. Unlike SQLiDumper, these tools were made by malicious creators, for malicious users, who could access these tools without prior knowledge to hacking at all. Of course, this was highly worrying, but I could not do much to stop these malicious users nor creators. Dare not I dabble in such vices, because I know the legal consequences of doing so.

@ 15

I did not dabble much into cybersecurity when I was 15, as I was busy preparing and studying for my upcoming important exams. It was difficult to balance between studying and leisure during this period of time, hence I made the difficult choice to put cybersecurity aside temporarily for a while, to focus more on my studies. However, the time came during around November that year, when my mother's bank account was hacked by malicious actors. This rekindled the spirit in me for cybersecurity, as I realised how vulnerable we were, even with the utmost security protocols being put in place. 2FA and OTP are no challenge for black hat hackers in our era, hence I hopped back onto the bandwagon of cybersecurity during the End-Of-Year holidays.

@ 16

Currently at 16, I aim to pursue a degree in Cybersecurity, to achieve my aim of safeguarding the collective data of innocent people, and ultimately building a more secure and safe digital haven for everyone. I have tried using HacktheBox and PicoCTF to refresh my knowledge about cybersecurity, and free courses online from Coursera, for example, do really help a lot in this aspect. I have also recently participated in a CTF competition and workshop held by YCEP(Youth Cyber Exploration Program) held in conjunction with Ngee Ann Polytechnic, and am looking forward to attend my next CTF held by CISCO this coming weekend. Although the prospect of winning is nice, it's not my ultimate goal, as I solely wish to gain knowledge and become more well versed in the field.

Conclusion

My journey throughout cybersecurity thus far has been quite eventful, with there being many ups, but also many downs. What I have learnt from my journey is the importance of self-reflection, and how it is important to recognise our own mistakes and correct them. In fact, this is one of the reasons why I am writing this post; to reconcile with my past and reflect on what has built me up as a person so far. Perseverance, Empathy, and Teamwork are core values that are not only important in cybersecurity, but also in all aspects of life. Ultimately, my goal is to become a Penetration Tester in the future, as I enjoy being in the red team of cybersecurity. I may not be the best in what I do, but I am always aiming for greater heights, and not just settling for the status quo, because challenging ourselves is the only way to achieve growth.

A Journey of a thousand miles, begins with a single step" -Lao Tzu

Understanding Cybersecurity: A Beginner’s Guide

Wor Yu Kai — Mon, 17 Jun 2024 13:07:30 +0000

Imagine you live in a bustling city where every house is a computer, and every street represents the internet. Just as in any city, securing your house is crucial to ensure your safety and privacy. In the digital world, cybersecurity plays this critical role. Let’s explore the basics of cybersecurity through this analogy, which I learnt as an easier way to explain difficult concepts in layman terms.

Public IP Addresses: Your Home Address
Every house in a city has a unique address, known as a public IP address, that identifies its location. This public IP address is like the unique string of numbers that distinguishes your home on the global network, much like a postal worker needs your address to deliver a letter.

Private IP Addresses: The people in your home
Within your house, each person (or device) might have their own room, represented by a private IP address. These private IPs allow the devices inside your network to communicate with each other and the broader internet securely.

Ports: Your Doors
A house typically has doors with locks to control who can enter or exit. In the digital world, firewalls serve as these locks. Doors in your house, like the front door, garage door, or back door, are akin to ports on a computer network. Ports facilitate communication between your computer and the outside world. Each port is a different entry point through which data can enter or leave your system.

Firewalls: Your Locks
Just as you wouldn’t leave all your doors unlocked, you shouldn't leave all ports open. Firewalls manage these ports, allowing communication through necessary ones while keeping others closed to prevent unauthorized access. A firewall acts as a barrier between your computer (or network) and potential threats from the internet, much like a lock on your front door keeps out intruders. It monitors incoming and outgoing traffic, deciding what should be allowed in or out based on a set of security rules.

Antivirus Software: Your Security System
Many homes have security systems with alarms to detect and deter intruders. Similarly, antivirus software protects your computer by detecting, quarantining, and removing malicious software (malware). Malware can include viruses, spyware, ransomware, and more. Regular updates to your antivirus software ensure it can recognize and combat the latest threats.

Encryption: Your Secret Code
Imagine you want to send a valuable package, but you don’t want anyone to tamper with it during transit. You might use a secure lock that only the recipient can open. In the digital world, encryption serves this purpose. It converts your data into a code that only authorized parties can decipher, ensuring that even if the data is intercepted, it cannot be read without the decryption key.

VPNs: Your Private Tunnel
When you need to travel through the city unnoticed, you might use a private tunnel that hides your movements. A Virtual Private Network (VPN) works similarly by creating a secure, encrypted connection between your device and the internet. This makes it difficult for anyone to track your online activities or steal your data, especially when using public Wi-Fi networks.

Two-Factor Authentication: Your Double-Lock System
Sometimes, a single lock isn’t enough to secure your home. You might use a second lock for added security. Two-factor authentication (2FA) adds an extra layer of protection to your online accounts. Even if someone cracks your password, they would still need the second piece of information, like a code sent to your phone, to gain access.

Regular Updates: Your Maintenance Routine
Keeping your home in good repair prevents vulnerabilities like broken windows or doors. Similarly, regularly updating your software and systems is crucial in cybersecurity. Updates often include patches for security flaws that could be exploited by hackers. By keeping your systems updated, you ensure that your digital defenses remain strong.

Conclusion
Just as maintaining the security of your home requires vigilance and good practices, so does protecting your digital life. Understanding the basics of IP addresses, firewalls, ports, passwords, antivirus software, encryption, VPNs, two-factor authentication, and regular updates will help you create a robust cybersecurity strategy. Remember, in the digital city, staying secure is an ongoing effort that keeps your data and personal information safe from cyber threats.