Ethical Hacking - Getting Started

Cyber Security:

Cyber Security is really hard to learn. It's not just broad and deep, but also consists of many other fields in technology and computing. I get a lot of questions asking what course to take to learn cyber security, which is kind of tough to answer which is because the real answer is: there is no course, just a journey. And everybody you gonna ask is going to give you a different answer, since each of their journeys are different as well. Its almost like asking several World Chef's on how to cook a certain receipe, Everybody's going to give you a different recommendation depending on where they came from. which is why in this so called fair blog we're going to go over why cyber-security is so hard, and three different learning approaches you can use to overcome this challenge, and overall mindset you need to maintain to be successful on your own journey.

So the biggest reason cyber security is hard to learn is because it consists of many different fields, each with their own unique stack of skills. Such as,

• Networking = IPTables -> PCAP -> OSI Model -> TCP -> ...
• System Administration = Kerberos -> Backup -> Filesystems -> OS -> ...
• Digital Security = OPSEC -> Privacy -> Passwords -> Crypto -> ...
• Audit & Compliance = ISO 270001 -> CIS Controls -> Common Criteria -> NIST-800 -> ...
• Forensics = Disk -> Autopsy -> Memory -> Network -> ...
• Command Line = Coding -> Git -> Powershell -> Bash -> ...
• Reverse Engineering = Fuzzing -> Debugging -> Assembly -> IDA Pro -> ...
• Cyber Operations = Threat Intel -> APTs -> Cyber Kill Chain -> MITRE ATT&CK -> ...

Every component within each skill stack can be a concept, tool or even entirely new field. Take networking for an example, a few components that come to mind might be,

• IPTables,
• PCAP,
• OSI Model,
• TCP ,
• BGP,
• Switches and many more ...

Note:

1. IPTables - which lets you set packet filtering rules in linux,
2. PCAP - or packet capturers, which are static snapshots of data in motion,
3. TCP - or transmission control protocol, which segments data into conversations between devices,
4. BGP = or border gateway protocol, which governs the route between autonomous systems on the internet,
5. Switches - which connect physical devices together through cables and relay ethernet frames between them.

Now that's a lot of different things, but they're really just a few examples of many different concepts that fall under networking, and the list could go on and on. Each of these components that I've mentioned can themselves, be broken down into smaller bundles of knowledge, rinse and repeat. This idea of skill stacks can apply to all the different subfields in the cyber security world too, some of which you see here. What makes these things complicated is that all the stacks are also inter-related to one another, kind of like a skill network. So to learn something that's more high level, like penetration testing you might have to master a network of skill stack before having a solid enough baseline to really understand it well. Such as a combination of skill stacks as listed below,

1. Networking,
2. Command Line,
3. Digital Security, and
4. Cyber Operations.

This applies to other more cyber-specific areas of concentration, like privilege escalation (SYSADMIN -> COMMAND LINE -> REVERSE ENGINEERING), security monitoring, incident response, threat hunting etc..

If you wanted to learn all about cyber security, there's really too many different things to know, since it could very well take ten to twenty years mastering just a few of them, at which point, your mind might be oversaturated, and not so interested in the other fields. The reality is you gotta start off with just one or two areas to concentrate in before expanding to others. Whether you choose to become well rounded in a few different skill stacks, or to be elite in just one, there's a lot of different journeys you can take, personally I'd consider myself as a mix of highs, mediums, and lows, such as, depending on the area we're talking about.

• Networking <-> Medium
• System Administration <-> High
• Digital Security <-> High
• Audit & Compliance <-> Low
• Forensics <-> Medium
• Command Line <-> High
• Reverse Engineering <-> Low
• Cyber Operations <-> Medium

So before you ask the question "How do i learn cyber-security?", and don't know where to even begin, the first principle is to discover what topics are out there and how they are connected and then you can start to narrow down your scope to just on the ones you might be interested in starting off with. So with that being said, let's go over some techniques you can use for learning and training in cybersecurity.

Generally there are three main ways to learn complex topics:

1. Top-Down,
2. Bottom-Up, and
3. Project Based.

Top-Down Approach:

Top-Down is a really common approach, where you pick a subject to tackle, and then you go after resources specifically tailored towards learning that topic. An example of people using a top-down method might be pursuing a specific certification on "ethical hacking", for instance, it's easy to think it's as easy as loading up kali linux to sling some tools at targets, or by grabbing some courses and books on the subject, and then brain dumping everything just to pass the exam or test. Then you walk around thinking that you're a Jedai, but the reality is that your baseline fundamentals are really weak, and your true abilities aren't good enough to operate in most real-world scenarios. People at this stage of their journey are often known as skiddies, which stands for script kiddies reffering to all the young and aspiring kids that only know how to run tools written by other people, but not the principles behind why, or how they work.

In my opinion, the best way to be successful if you're looking to use a top-down learning method is through apprenticeship. Back before education was institutionalized through schools, the only real way to learn a skill or craft was to apprentice under a master, with someone who had a few decades of experience under their belt. The knowledge transfer process was rigorous and methodical, to make sure that an apprentice was actually teachable and useful in adding value. The main advantage to an apprenticeship is that master can point you to the skill stack that are relevant, while filtering out the ones that aren't.

It's also handy that they can be there for questions that are really hard to find answers for all on your own. The net effect of being an apperentice is the huge amount of time saved in the learning process, which in my experience, can reduce years into months.

The drawback to Top-Down learning through an apprenticeship is finding one in the first place. Unfortunately, the truth is that without having a solid baseline first, many of the journeyman-level and master-level practitioners are either way too busy or not interested in coaching you. It's a huge time investment on their part to teach students, since it takes them away from research or actual work, with a high risk of failure, especially if the student don't have much grit or the drive to succeed in the first place.

If a senior practitioner doesn't see much potential in you, its easier to just walk on by. This is why on the job training and experience for cybersecurity is so helpful because you're surrounded by co-workers you can learn from, most of whom are likely to be better than you in one or more areas. Try to identify the most technical people in your social network even if that means the IT helpdesk guy, and spend time learning as much as you can from them. Once you've developed a decent relationship, find out which experts they personally look up to. Then reach out to those guys., If you're not able to get mentorship through professional circles, you might consider building a solid baseline knowledge through the bottom-up approach.

Bottom-Up Approach:

Bottom-Up approach is where you start learning from by picking up a subject to tackle, then decomposing it into the most basic principles, definitions, and tools that are related to it. Then you start by learning the components parts first before diving into the target subject, for a boxer it might be a countless amount of conditioning and training in very simple exercises that build muscle memory and situational agility, which indirectly improves your fighting abilities overtime. Even though it takes a lot longer to do, you build a very solid foundation that becomes helpful when you do make the switch to more skill oriented exercises.

In the case of cybersecurity where you're a mental athlete, bottom-up learning thranslates into reading, lots of reading. Start with all the books you can find that are related to computer and network security and just marathon away. what's good about books is that you tend to get higher quality content than the average internet post and learn a thing or two about each author, most of them who are active practitioners themselves. They might also happen to be maintaining a blog or Tweet links to resources for you to follow. When you are reading , remember to jot down all the different vocabulary and concepts you're learning in something like a mindmap or space repetition software line Anki. Anki is a free open source tool that lets you build flash cards to learn just about any concept. Unlike normal flash cards, the heart of Anki is a scheduling algorithm that decides when to show you concepts based on how well you know it. Research shows that active recall, where you're asked a question and forced to remember the answer to, is much more effective than passive study for building strong memories.

Distributing the process over increasing periods of time consistently, further cements your knowledge because it forces your brain to retrieve it with deeper and deeper levels of recall. Using a bottom-up approach for cyber security sets you up for learning new fields much easier, since in cyber security, many of the concepts show up again, time after time, since everything is inter connected.

One downside to bottom-up learning is that it can get monotonous since doing any activity for its own sake without a clear goal can get boring over-time. Which leads us to third approach for learning, and actually one of my favorite methods, which is through projects.

Project-Based Learning Approach:

Project based learning is a bit of a hybrid approach between the previous two, and gives you some more flexibility using both. To begin, you need to define a technical outcome to work towards that forces you to gather and learn resources.

For Example: Consider a project of being able to use a computer without ever touching a GUI. This process will led you to become quite proficient at the command-line and learn many more concepts than the original project entailed. They say you should set a smart goals, which are Specific, Measureable, Achievable, Relevant, and Time-bound.(SMART)

So something like "I want to hack" would'nt qualify as smart. A better alternative would be, "I want to learn how to crack WEP encryption on my home wireless network by the end of the month". Even if it takes you much longer than a month, the process will expose you to all sorts of different skill stacks, from Aircrack, Layer 2 Networking, the 802.11 protocol, and much more.

Project Ideas:

Project Ideas tend to fall in one of the four categories:

1. Making Things,
2. Breaking Things,
3. Fixing Things, and
4. Knowing Things.

For an instance you could decide to build a computer, then intentially install publically available malware on it, and then try to use a host or network forensics methods to detect and eradicate the infection. Documenting your entire process and workflow can help solidify the entire learning experience.

Whatever your project is it's an opportunity to incoperate top-down and bottom-up learning we mentioned earlier. The final principle that'll help you to get better at cyber security is to change your mindset and time horizon for picking it up. The reality is that cyber security takes a really long time to master, much like becoming a doctor or lawyer. what's easy about established professions like there's institutionalized path that have matured over the centuries. If someone asked, "Is there a doctor course anywhere", the answer is pretty clear. In india it takes more than four to five years of medical college (for MBBS) followed by two to seven years of specialization are required to become a doctor in specific field.

In our generation of two-second attention spans and instant gratification, it's easy to just want a simple crash course or a quick tutorial to teach you everything. But just seeking out surface level eucation keeps you at the Unconsciously Incompetent level of learning, where you're really confident but not actually skilled (Conscious Incompetence). As you grow and progress, you the realize you're actually pretty bad which could be a decision point as whether or not to continue on the path. If you do push through though, you start to feel more comfortable and accepting of the concepts you know and don't know (Conscious Competence). At the most mature stage of Unconscious Competence, you're pretty skilled without even thinking about it. In the field of cyber security where there is no institutionalized path to become a professional, you really got to self educate using a combination of the different learning approaches available to achieve mastery.

So that's it for this tutorial on Cyber Security, Share this with your friend's if you think this lesson is valuable. See you again later, Byee.