Disclaimer
First of all, I would like to emphasize that the operation of hacking activities on websites, servers, apps, etc. is only permitted with the appropriate authorization. Without this permission, there may be legal consequences. However, there are platforms that provide test systems free of charge and allow you to expand your skills legally and safely.
Introduction
You’ve landed on this blog post because you’re interested in learning the craft of ethical hacking. Congratulations on your decision! Before we begin, a few points need to be clarified: What is ethical hacking? What is penetration testing? Under what conditions are you allowed to hack websites, servers, smartphones or apps?
What is ethical hacking and penetration testing?
Ethical hacking and penetration testing are closely related, but there are key differences between the two concepts:
Ethical Hacking
Ethical hacking is a broad term that encompasses all activities aimed at assessing and improving the security of IT systems. An ethical hacker, often referred to as a “white hat”, uses their skills to identify and fix vulnerabilities in computer systems, networks or applications. They adhere strictly to legal and ethical guidelines and usually work on behalf of system owners to protect their data and infrastructure. Ethical hacking involves not only technical testing, but also the development of strategies to improve security and the training of employees.
Penetration Testing
Penetration testing, or pentesting, is a specialized area of ethical hacking. It involves a targeted, simulated attack on an IT system in order to identify specific vulnerabilities. Penetration tests are usually limited in time and focus on specific targets and systems. The process includes the planning and execution of tests, the documentation of the vulnerabilities discovered and the recommendation of measures to eliminate these vulnerabilities. Pentesters often work according to predefined methods and standards to ensure that the tests are reproducible and the results are comprehensible.
Under what conditions are you allowed to perform hacking activities?
Hacking is only permitted under certain conditions:
- With the express written permission of the owner of the system.
- Within special platforms and test environments intended for this purpose, such as Hack The Box or Bug Bounty programs.
- In compliance with all legal regulations and ethical guidelines.
What topics does hacking cover?
Hacking covers a wide range of areas, each requiring specialized knowledge and skills. Here are some examples:
Penetration testing: Simulated attacks on computer systems and networks to identify and fix security vulnerabilities.
Social engineering: Manipulation of people in order to disclose confidential information. This can be done through phishing, pretexting or other deceptive methods.
Red teaming: Red teaming is a comprehensive approach to security auditing in which a group of security experts attempts to compromise an organization from the perspective of a real attacker.
Reverse engineering: Analyzing and decompiling software to understand how it works and discover vulnerabilities.
Network Security: Protecting networks from unauthorized access, data loss and other threats by implementing firewalls, intrusion detection systems (IDS) and other security measures.
Web Application Security: Protecting web applications from threats such as SQL injection, cross-site scripting (XSS) and other vulnerabilities.
Prerequisites
It is an advantage if you have a technical background and are familiar with concepts such as HTTP, HTTPS, TLS, RESTful APIs, web servers, 2FA, reverse proxies and more. If you don’t have these prerequisites, you will need to learn these basics, which will require more effort. But don’t let that stop you. It’s not black magic and can be learned by anyone.
Step 0: Learn as much as possible about the technical concepts
If you already know the technical concepts, you can skip to step 1. Otherwise, I recommend that you learn the basics. There are very good videos/playlists on YouTube about ethical hacking, IT security and other technical topics that are free of charge:
Blog
- Open Redirect
- HTTPS
- Brute Force
- XSS mit XXStrike
- NMAP Scanner
- OSINT
- Hacker Tools
- Vhishing
- 2-Faktor-Authentifizierung
- SQL Injektion
- XSS
- Difference between Cyber Security, IT Security and Information Security
- Red Teaming
- CIA
- CVE
- Phishing
- Zero Day
- OWASP Top 10 Schwachstellen
- Pentesting
YouTube
Step 1: Learning by doing
Hacking is a craft that requires a lot of practice. Once you have learned the basic concepts, you should start practicing right away. If you are missing concepts or other knowledge during this time, you can simply learn them “just in time” by doing a search on Google or YouTube. I would like to recommend HackTheBox (HTB) and the videos from IppSec. These videos are very detailed and IppSec explains the procedure and the way of thinking in great detail:
Start with this and take the necessary time to educate yourself. Your thirst for knowledge and your enthusiasm are essential to be successful in this field. Important: There will be days when you won’t find a single weak point and will despair, but the motto here is: “If you keep at it, you’ll find it eventually”. With this in mind: Happy hacking!
More blog posts on this topic will follow soon. Stay tuned and stay motivated!
