How to Be a White Hat Hacker
I’m going to give you a brief syllabus on how to become a white hat hacker. I’ll cover the skills you need, where to learn them, and best of all how to start your career.
The world is in need of white hat (aka “good”) hackers. You may be thinking, “Tech Talker, you’re crazy it seems like every day there is something getting hacked!” Well, that’s precisely why we need more hackers on the good side. For the past three years, I’ve been working as a white hat hacker for a security company. We and the tech industry as a whole are desperately looking for more hackers to join our ranks.
Personality
Generally it takes a curious person to become a hacker. This is because you’re looking for a way to manipulate programs and find holes or misconfigurations. It’s like working on a puzzle and trying to find any way you can to fit a square peg into a round hole. Because of this, it’s important that you love challenges, learning, and doing lots and lots of research.
The most important thing to keep in mind is that there are very few hackers that actually fit the Hollywood definition of super villains that wear all black, and live in a basement covered in aluminum foil. I’ve met a wide swath of hackers who are just getting started in their 30’s, 40’s, and 50’s to people that mastered command before they were a teenager. Probably the best part about being a hacker is that the field is so wide that it is impossible to be an expert in every subject, let alone a handful of them.
What Skills Are Required?
The skills that are required to be a hacker are probably the part that makes people most nervous, mostly because they think it will take a lifetime to learn them. Honestly, with just a couple weeks’ worth of work, you can learn a substantial amount of basic computer hacking. Often, a vulnerability that a hacker finds on a system is not some super exotic new bug that they took months to craft. Typically a weak part of a network or a computer are any devices that are old and haven’t been patched!
Learn a Programming Language
If you’re looking for a curriculum, I recommend starting off by learning a programming language decently well. If you think about it, it makes sense that if you’re going to break into a vault, you should probably do your best to understand how that vault works.
I’ve talked a lot about how to get started coding, but I highly recommend taking a look at codeacademy.com and edx.org. They are two awesome places to get started learning about computers and how to code. If you’re looking for a great starting language I would pick python. It’s simple to learn, runs on pretty much everything you could imagine, and is used on websites, industrial platforms, IoT (internet of things), and is even used for some scientific work. Learning Python alone will help a ton, and Code Academy has some great hands-on tutorials.
Learn a Linux Operating System
Next, after you feel comfortable with programming, you’ll want to learn the Linux operating system. Now that may sound kind of crazy to anyone who knows anything about Unix based operating systems, but learning basic commands in linux will help you out a ton seeing as almost every smartphone, web server, and even Apple computers have very similar internals. If you want to learn more about it, I recommend getting a Raspberry Pi. It’s cheap at under $40 and it runs a Linux operating system, which can really help you get started.
Now I’m approaching this from ground zero. That is, you know how to use your computer but don’t know the first thing about hacking. Learning a programming language, and how a linux operating system works will give you a lot of important background information.
Build a website
The last thing to do is to take those skills and build a small website. It can be a plain website with just some text on it. The more complex the website is though the more you can learn. What’s even cooler is that if you have a Raspberry Pi like I mentioned before, then you can build a website on the Raspberry Pi.
Here’s an easy way to do it.
Where Can You Go to Learn?
So you’re probably thinking “Geez Tech Talker that sounds like an awful lot of stuff to learn!” To some degree it is, after all there are many people that make their living just programming, building websites, or administering Linux operating systems. The idea is to familiarize yourself enough with them.
Once you think you’ve got the chops necessary, head on over to my podcast about virtual machines. It will give you all the information you need for the next step. Basically a virtual machine is a way to run a computer on your computer. As the name indicates, it’s just a virtual computer. That means you can mess it up, break it, hack it, and you can just delete it and start again without affecting your normal computer at all.
Next you’ll head on over to vulnhub.com. This website has a ton of free virtual machines that you can run on your computer. These virtual machines were designed with vulnerabilities in them and are designed to be hacked. You can think of them as practice locks to try and pick.
If you need some help finding ways to break into them, there’s another website OWASP, which has a list of the top ten types of vulnerabilities. This is a great place to read up on types of vulnerabilities. If you get really stuck most of the vulnhub.com challenges will have a walkthrough that can show you the steps and tools necessary to break into the computer.
Do You Have What It Takes?
The next step is to take a stab at the real world by checking about BugCrowd.com and HackerOne.com. Both of these websites host “bug bounty programs.” They partner with other companies and hackers, if a hacker finds a bug or vulnerability in one of their partner’s websites or programs then the hacker will often receive a bounty. The bounty can range anywhere from $50 to $100,000 based on the severity of the problem found.
These websites are free to join and are a great and completely legal way to hack giant tech companies, sharpen your skills, and get paid doing it. Wouldn’t it be awesome to say that as a part time job you’re hacking Facebook, Google and Microsoft?
Until next time, I’m the Tech Talker, keeping technology simple!
You May Also Like…
About the Author
Tech Talker demystifies technology and cutting edge devices so that even the most tech illiterate can understand what’s going on with their computer or gadget — and what to do when something goes wrong.
