DEV Community

Cover image for Ethical Hacking For Absolute Beginners: Expert Guide in 2023
Krypton | Madhusudan Babar for Madhusudan Live

Posted on • Originally published at madhusudan.live on

Ethical Hacking For Absolute Beginners: Expert Guide in 2023

Who doesn't want to be a hacker? We all are so fascinated by the term hacking, isn't it? so let's talk about ethical hacking. it's like being a digital detective in today's super-connected world.

Everything, from our mobile phones to smart TVs, is connected to the internet, making our lives easier but at the same time, riskier too!

But, as they say, "With great power comes great responsibility." Messing up in this digital playground can be a real headache. It might mean losing your hard-earned cash, getting into trouble you didn't ask for, or even facing some serious privacy invasions.

That's why being a cybersecurity pro is so important. It's like having a digital shield that defends us against the bad guys, keeps our info safe, and helps make the online world a better place. So let's start learning the cybersecurity, I will help you get started with the easiest possible way!

What is Ethical Hacking?

Ethical Hacking is an act of finding the loopholes, vulnerabilities, to attempt to gain unauthorized access to a system, application, or a device in an authorized manner. In simple words, it's about hacking the systems with permission of the owner.

This is done to test the security of systems and fix the vulnerabilities to prevent any possible attacks that may happen in the future.

Fields in Ethical Hacking

The realm of ethical hacking and cybersecurity is vast and includes specialized fields:

To begin your journey, grasp the basics of Linux (operating systems, file systems), command-line interface (CLI), a programming language (preferably Python or any other scripting language), ciphers, and cryptography.

This beginners guide breaks down each topic in cybersecurity / ethical hacking, providing resource links for self-learning and hands-on practice.

Digital forensics

Digital forensics involves recovering, analyzing, and examining digital device contents, such as mobile phones, hard disks, and memory cards. It plays a vital role in criminal investigations, providing essential evidence for court proceedings.

Digital forensics plays an important role in investing criminal cases and nowadays has become a crucial part of criminal investigation. The devices found at the crime scene are transferred to the digital forensics department for recovering the data, this information is vital for the court proceedings and is used as evidence. These pieces of evidence are crucial for investigations.

A career in digital forensics offers lucrative job opportunities, with salaries ranging from 5L to 20L minimum in India. To excel in this field, you need:

  • Attention to detail
  • in-depth knowledge of computer hardware/software
  • Knowledge of various technologies
  • Networking concepts
  • Cyber-security concepts
  • Ready to learn new tools/skills

for practice refer this article

Reverse Engineering

Reverse engineering is a process of understanding how a device or a system is constructed by means of software as well as hardware. It is a way of identifying the internals of a system and backtracking to recreate it, by analyzing its processes or flow. It’s also known as backward engineering or back engineering. Furthermore, it enables us to find out how a system or a particular device works so that we can create an updated or improved version of it, use our own system to fill the necessary gaps or create a modified system with the functionality to work for our intended task.

In the cyber-security world, reverse engineering is used to analyze malware or viruses and to find out how they work. It is often used to create the tools to patch the damage caused by the malware or neutralize the malware. It’s also used to find vulnerabilities in software/apps.

Proficiency in reverse engineering requires:

  • Proficiency with debugging tools
  • Understanding of Operating systems, CPU architecture and platforms
  • Familiarity of tools like hex editors, disassemblers, debuggers and compilers
  • Programming language as well as understanding of assembly language is a must
  • Understanding of executable file formats, their basics
  • concepts like obfuscation

Binary Exploitation

Screenshot of a disassembled binary
binary exploitation

Binary exploitation is an act of using the security loopholes/vulnerabilities in a software or system to manipulate the software to perform unauthorized actions or that are not normally allowed for the specific user/role. Binary exploitation is used to manipulate the software to perform actions it was not designed to do. These loopholes are used to take control of the system and acquire the shell/perform unauthorized activities.

Mastery of binary exploitation requires:

  • Familiarity with Linux operating systems and command-line interfaces
  • Understanding of Programs/Softwares, Operating systems
  • Understanding of CPU Registers, CPU architecture
  • Knowledge of a scripting language or C
  • Understanding of tools like hex dump, hex editors, file command, strings command

Website hacking

Website hacking is an act of manipulating or accessing the contents of a website in an unauthorized manner. Website hacking is used to access credentials, and sensitive information of a website and its users, or to stop/block its services of it. It also involves changing the contents of the website and acting on behalf of the users.

Website hacking is commonly done by XSS or cross-site scripting, SQL Injection, Brute Force attacks, Hacking admin panels, Dictionary attacks, Denial of service attacks and more.

For website hacking, the following skills are essential.

  • Understanding of web technologies
  • Knowledge of various databases and their types
  • Proficiency in Linux CLI
  • Social Engineering skills
  • Scripting language knowledge
  • Networking concepts
  • HTTP verbs (GET, POST, PUT, DELETE)
  • Web servers
  • TCP/UPD protocols, ports

Penetration testing

Penetration testing are the activities performed to find out the security vulnerabilities in software/systems and exploit them, penetration testing is performed by ethical hackers and these are authorized cyberattacks on the system to find out the weak points in the system to prevent the loss that may happen by the actual attacks, it is also called as pentest in short.

Penetration testing is useful for assessing the security of an organization, penetration testers use the same tools, techniques and processes as that of an attacker, thus to find out the weaknesses in the system, and performing pen tests helps reduce the risk of data breach from exploiting these vulnerabilities and validate system security.

To excel in this field, you need:

  • Networking skills
  • Proficiency in Linux and CLI
  • Knowledge of wireless networks
  • Understanding of system administration
  • Familiarity with network services, protocols, and types
  • Knowledge of Active Directory
  • Strong Attention to detail

Cryptography

Cryptography is the branch of cyber-security that deals with hiding or converting information so that no unauthorized person can read it. It is a way of securing sensitive information using a set of mathematical rules, and formulae to convert the information in a format that only the intended receiver can retrieve the original contents of the information.

Cryptography is used while storing and transmitting information in a secure communication system, so that no third party, unauthorized user can read the original information, only the receiver with the particular secret key can process the information and retrieve it back.

You need to have following skills to master the cryptography

  • Strong mathematical skills
  • Knolwedge of any programming language, python preferred
  • Number Theory and Number Systems (binary, octal, decimal, hexadecimal)
  • Understanding of Encryption standards
  • Ready to learn tools and write own decryption algorithms

Steganography

a meme on image steganography
image steganography

Steganography is a set of techniques used to hide the secret data inside the general non-secret files. the information is hidden in images, audio, video files, these files works normally so one cannot detect that there's something inside these files normally.

Steganograhy is generally performed on image files, zip files, pdf files, audio/video files.

Additional resources

Well, I have something more for you, excited? grab these hand picked tools and prepare yourself to fight the evil in this digital world.

Digital forensics Tools

For digital forensics, you need to investigate the given media files/images and retrieve the important information from that, there are various tools to get started with digital forensics, many of them are free and if you are using kali linux they will come preinstalled.

  • Hexedit
  • Hexdump
  • Wireshark
  • NMAP
  • TCPdump
  • Aircrack-ng
  • Netcat
  • Maltego
  • Digital forensics framework
  • Forensic toolkit

Reverse Engineering Tools

There are many tools for reverse engineering, some provides GUI and rest are based on CLI

  • Ghidra
  • IDA Pro
  • radare
  • objdump
  • objconv

Binary Exploitation Tools

For binary exploitation, the above listed tools are also useful

  • objdump
  • Immunity Debugger

Steganography Tools

  • zsteg
  • steghide
  • OutGuess

Esoteric languages (esolang)

Esoteric languages are programming languages used to confuse, entertain the reader, these languages are meant to test the boundaries of programming language design, but these languages are often used in cybersecurity wargames, CTFs, so having familarity with esoteric languages is always good, it can even used to communicate secretly.

You can find this article for complete list, but here are the few ones:

  • moo language
  • brainfuck
  • Ook

Terms used in this article

CTF
Capture The Flag, CTFs are the cybersecurity competitions that are used to challenge the participants on various concepts in cybersecurity
CLI
CLI is an abbreivation for Command Line Interface, a CLI tool uses the terminal on your system to interact, perform actions, unlike standard apps with user interface
GUI
GUI is an abbreviation for Graphical User Interface, software apps come with various interfaces, some are CLI based while some provides beautiful experiences to interact with, that is called GUI
CIA
CIA or CIA Triad is abbreviation for Confidentiality, Integrity and Availability

Platforms to practice

XSS

Others

Conclusion

In this ever-evolving technology landscape, the importance of cybersecurity cannot be neglected. the cybersecurity is a vast field and one needs to have patience and practise to master it.

Participating in CTFs, Practising on the sites I listed above can be a good start for your career in ethical hacking, I personally have played a lot of CTFs and it's a great way to grasp these concepts in ethical hacking.

As we explored different fields in Ethical Hacking, I hope you liked this articles and may help you understand at least some extent about what ethical hacking is and how can you get started as a beginner.

The tools and resources I provided may come to your rescue in your journey in this ever evolving field. wishing you all the best - krypton!

Mappls MapMyIndia vs. Google Maps: Which One's Better?

EDI Electronic Data Interchange Basics, Examples, Benefits PDF

Keywords:
cybersecurity, ctfhacking, linux

Top comments (0)