Muspro Dev
Muspro Dev's Blog

Muspro Dev's Blog

An Introduction to Hacking and Cyber Security (Intro Course)

An Introduction to Hacking and Cyber Security (Intro Course)

Muspro Dev
·Jul 26, 2021·

12 min read

Subscribe to my newsletter and never miss my upcoming articles

Listen to this article

So you think you can hack? Or maybe you don’t, and that’s why you’re here?

At the very least you can imagine yourself hacking to some degree. Or perhaps you are already in a computer science field, and want to learn how to scope out vulnerabilities in what you have helped to make?

Whatever your calling, here at ComputerScienceZone we’re here to tell you that there are many ways to gain an understanding of hacking by yourself and through resources available online.

Recent years have seen a massive growth in demand and interest in cyber security. Of which “penetration testing” (essentially a more formal phrase for hacking) is at the heart. This increased interest in information assurance, as well as fixation with finding vulnerabilities in our most important systems before the “bad guys” do, has led to a huge number of resources available for everyone from the novice to the expert.

In this guide we’ll look at some of the best ways to get started learning to hack. And trace through some self-learning and online resources that have even landed individuals who previously had no knowledge of cyber security with jobs in the field.


Disclaimer: the Legality of Hacking First and foremost, many individuals learn hacking to enhance their own products, have fun, learn new technologies, or work as penetration testers. And with some caveats, these are essentially the legal applications of hacking. Federal laws such as the Computer Misuse Act (1990) and the Data Protection Act (2018) are our primary legal guidance on hacking and effectively make it against the law to hack into a piece of hardware or information system without consent of the owner of the technology or data. This opens the door to hacking exercises from consenting entities, who often provide “bug bounties” or pay “red team offensive hackers” to try and hack into their systems so that they can then prevent future similar attacks. All of this means that while there are plenty of legal examples of hacking, that you should definitely do your own research and — particularly as a novice — only hack your own data and only in a way you can verify is legal.
Computer Science and Information Technology Foundations for Hackers

First off, let’s define hacking. Hacking includes the practices and processes involved with exposing vulnerabilities in information systems to gain access to them. Ethical hacking, as you should practice, is the process of doing this to help to shore up a system with future updates or security changes, rather than the practice of breaking into a system to take advantage of it.

There are a mind-boggling range of technologies that need to be secured for our systems not to be compromised. Even experienced programmers are unlikely to have a solid foundational understanding of many technologies that are most commonly exploited by new hacks.

While prior programming experience may be helpful with the implementation of scripts or browsing through source code to determine vulnerabilities, what you’ll really want is a conceptual understanding about several key layers of “the stack.”

In particular you’ll want foundational experience with:

Networking topics and concepts Wireless topics and concepts (a subset of networking) Basic scripting Linux Aside from social engineering, junctures within the network are where the widest range of cyber security exploits are pulled off. Key areas worth understanding include:

● ARP

● DHCP

● DNS

● IPv4

● IPv6

● OSI model

● MAC addressing

● NAT

● Public vs Private IPs

● Subnetting

● Routers and switches

● VLANs

Much of this material is covered in introductory IT courses within college. Additionally, common certifications including CompTIA A+ and Network+ cover this material in enough detail for you to understand the implications of various hacks you may follow along with starting out.

You don’t have to be a master of this material to get started. But as time goes on it will become vitally important to understand at the very least these concepts, and it’s likelier you’ll at least need working knowledge of these components.

There are many locations where you can gain free introductory material on these topics. Our recommendations include:

● Mike Myer’s Total Seminars Channel one of the most popular CompTIA prep video providers

● ClassCentral’s List of Networking Courses provides the chance to deeper dive into almost all of the topics above

● Digital Ocean provides almost a cheat sheet length guide to networking concepts

The second area you’ll need at least a foundational grasp of is that of wireless networking. While there are plenty of hack types you can perform that don’t utilize wireless, it’s typically one of the least secured network types. And understanding how wireless works can be a great introduction into attempting initial hacks on your own computer set up or home.

Topics that you should understand about wireless networking at a conceptual level include:

● Web Encryption Algorithms (WEP, WPA, WPA2)

● Types of Wireless Networks

● Wireless Connection Point Scanner Tools

Many of the resources in the first section on networking in general should also cover wireless networking. Just note that wireless connection points and protocols are particularly important to understand for a large subsection of hacks so additional focus on the foundations of these areas is important.

Next, you should make sure you feel comfortable with basic scripting. Having an intermediate understanding of the syntax, limitations, and environments in which you may run a powershell script, some Linux commands, or a javascript script will in all likelihood suffice. Most languages can be used for scripting. For in-browser exploits, javascript is the de facto “king.” JS is also one of the most versatile and widely known languages, making it a great language, along with shell commands, to start to learn.

If you need a basic overview of Javascript syntax, control flow, and so forth there are a wide range of tutorials, gamified apps, online courses, and sand box environments. Some of our favorite resources for learning javascript include:

○ Code Academy’s Javascript Pathway

○ Udemy many online courses

○ Coursera’s University-Based Free Online Courses

○ Cybrary’s Complete Guide to Javascript

Finally, you should learn at least some Linux. Linux is a family of open source operating systems and can be configured to perform many “power user” type tasks. It’s also completely customizable, which is a great benefit over Windows and iOS.

One of the easiest ways to get started learning Linux is to simply install it. You can dual boot your computer to keep Linux running alongside whatever your other operating system is. If you’re ready to jump in full force, you can install Linux in the place of whatever operating system you have. There are Linux-centered (and often free) alternatives to most major programs you’re used to using in Windows and iOS available in Linux as well.

Note that there are many different styles of Linux, many of which have cyber security applications. The most popular cyber security varient of Linux is presently Kali Linux. Kali Linux comes pre-bundled with penetration testing packages. It also allows for installation and running via a flash drive. Kali is based on Debian Linux, which can also be used for hacking purposes.

There are many, many guides and classes for every level of Linux user online, some of our favorite’s include:

○ EdX’s Free Online Course On Getting Started With Linux

○ Coursera’s Listing of Linux Security Courses

Another way to gain these foundational topics in a more structured way is to seek out a university-based program. Here at ComputerScienceZone, we’ve covered the state of computer science (and related) academic for a number of years. If interested, be sure to check out our rankings of academic programs related to cyber security and hacking below:

computersciencezone.org/the-best-online-ass..

computersciencezone.org/the-20-best-online-..

computersciencezone.org/rankings/the-best-o..

computersciencezone.org/rankings/online-mas..

computersciencezone.org/best-online-compute..

computersciencezone.org/lucrative-informati..


Deciding What You Want to Hack

This step in the process may be arbitrary for some individuals who want to learn to hack in a variety of styles. But for some beginner hackers it may be quite useful. In fact, if you already know some CS and IT foundations, know your way around the command line and around basic cyber security concepts, deciding what you’re going to start hacking is likely a great next step.

If you still need some work on foundations, you can work your way through all the topics we suggested above, or skip through material that doesn’t pertain to your first hack.

In case you’re wondering about some of the options for your first hack, we’ll list a few categories of hacks that you may be able to pull off.

◇ Practice Application Security and Hacking By Setting Up and Hacking a An App You’ve Made

◇ Practice Network Security by Hacking Your Own Home Network

◇ Practice Wireless Security By ARP Spoofing (Consenting) Friends Into Routing Their Wireless Connection Through Your Machine

◇ Practice Basic Diagnostic Methods On Your Home Network Or Computer

◇ Hack a Connected Device In Your Home

◇ Try Password Cracking Attacks On Yourself

◇ Set Up Packet Sniffers On Your Own Network

Among Many Others While you will want to learn foundational materials at some point, some learners prefer to jump right in. The tools you gain in a Kali Linux installation can help you to perform many of the above hacks by following along with tutorials. While this can be a great way to see some “immediate” results, try to look up concepts that are hazy to you throughout the process so you can actually understand what tutorials are telling you to do.


Cyber Security Foundations

While working through topics mentioned will serve you throughout your time as a hacker (or in related pursuits), understanding the key metrics, measures, and concepts employed by cyber teams will help you to better position your budding hacking knowledge. By understanding common methods used to secure networks as well as common pain points in cyber security, you can utilize this information to craft your own hacks.

While cyber security is both a wide and deep field, there are many locations where you can get started for free with learning cyber security foundations.

Some of our favorite locations for comprehensive foundational knowledge of cyber security include the following resources:

◇ The Open University

◇ Cybrary

◇ Coursera


The Hacker’s Toolkit

We’ve talked some above about the installation of Kali Linux and the tool sets that are included. But that’s truly just the start of a full-fledged hacker’s set up. Additionally, one of the best ways to start honing a skill set is to start exploring the tools you have to perform analysis and hacks.

There are a very wide range of cyber security tools, and there’s almost always a second or third tool that can do the exact same thing as any of the tools on our list. But with the aim of providing a solid toolkit for hacking beginners, we’ve chosen a few of the most popular tools for hackers below:

♡ Kali Linux is a “flavor” of Linux that is fully customizable and comes pre-bundled with many of the most used cyber security tools.

♡ Wireshark provides live network traffic data including the ability to reconstruct TCP streams from on your network.

♡ John the Ripper is a brute force password cracking software available on all major operating systems.

♡ Cain and Abel is a Windows only (a rarity) password recovery suite.

♡ TcpDump is one of the original packet sniffer set ups. It’s not as new as competitors but it isn’t resource intensive and is quite secure.

♡ Metasploit is one of the larger exploitation frameworks that helps you check for over 1,500 exploits on your network.

♡ Argus stands for Audit Record Generation and Utilization System. It’s great at handling large amounts of network traffic data to compile reports and audit what’s going on.

♡ Tor — brought to fame by the “dark web” — is simply a tool and protocol meant to route web traffic through proxy servers to ensure greater privacy.

♡ Burp Suite is a live network scanner that can be used to emulate and figure out how individuals may attack the network in real time.

♡ Aircrack is a collection of WEP and WPA wireless protocol cracking tools. This is your go to initial tool for trying to crack into a mobile or wireless device. The list goes on…


Performing Your Initial Exploits

While the entirety of foundational and tools you could use for your initial hacks may be overwhelming, sometimes it can help just to “get started.” There are a range of guides made for beginning hackers online that you can follow along with. They’ll let you know what tools you’ll need to download, and all the steps to performing initial hacks. Of course you’re likely to have higher comprehension of what you’re actually doing with some of the foundational knowledge we list above. But there are many ways to learn through your first hacks.

Some of our favorite broad-based resources for following along with your initial exploits include:

Penetration testing in linux

The New Boston

Mac address spoofing

Arp poisoning/MIN attack

Email hijacking

Cross site scripting

Sql injection

While some of these attacks may seem too advanced for a beginner, many can be followed by attacking your own machine or network with minimal defenses. While studying foundational cyber security concepts and learning about your new found hacking tools, one of the best ways to truly expose what you need to learn is to just start hacking!


Certifications For Hacking

Finally, if you’re looking to learn hacking in a way that has verifiable industry and job-related credibility, you may want to seek out cyber security certifications. Certifications related to cyber security typically begin with more general information technology and networking certifications (we we’ve mentioned earlier in our guide).

Once you’ve mastered some of the foundational materials, there are a wide range of cyber security certifications that focus on the following:

Penetration Testing

Ethical Hacking

Management of Information Security

Security Foundations

Info Security Professional

Certified Information Auditor

Among Others While you’ll want to tailor this progression to your own personal goals, a common progression ranging from relative IT beginner status through certified ethical hacker may look something like the following:

CompTIA A+

CompTIA Network+

CompTiA Security+

SANS GIAC Security Essentials

Offensive Security Certified Professional

Certified Ethical Hacker

Additionally, many degree programs also structure their academic programs around obtaining certifications. If you’re interested in some of the top online options that incorporate academic rigor with flexibility, be sure to check out ComputerScienceZone’s related rankings on the following topics:

The Best Online Associates Degrees in Network Administration

The Best Online Bachelor’s in Information Technology

The Best Online Bachelor’s in Network Administration

The Best Online Master’s in Information Assurance and Security

The Best Computer Science Departments in the World

The Most Lucrative Information Technology Certifications

//SUBSCRIBE TO YOUTUBE CHANNEL

 
Share this