How much do we really know?

Jonny B, shares his journey into hacking, where we learn about the challenges he faced, the resources that helped, some of the benefits of certifications, and the importance of Coding.

How much do we really know?

When I first started in Infosec there wasn’t any clear structure or direction in learning about cyber security, most nights it would be a journey into YouTube and down the rabbit’s hole I went, exploring various topics of cyber security, reading random blogs and white papers (big up null byte). But I didn’t have a clue what I was reading but I was so fascinated in reading about hacking and all the terms of being a hacker, so there I am reading away filling my brain with the knowledge I didn’t understand just yet and I kept going, I was hooked!

2 steps back 1 step forward

I needed to take a few steps back and start looking at the basics, looking into pen testing, ethical hacking (red team), and cyber security analyst (blue team), I was more steered towards pen testing and ethical hacking, so there I was again, I set my sail to search the web on pen testing and ethical hacking! After days on end of researching about pen testing. I knew this is where I wanted to start out in my cyber security journey, from reading up about pen testing, the core basics was focused on networking, which was great as my job at the time was networking so I could transfer my skills into pen testing so that was half the battle complete (so I thought).

I remember buying a Udemy course on ethical hacking, as I didn’t have a clue on how to start this journey and where to start. As I was going through this course taking down as many notes as I could, researching on all the topics of pen testing getting a real understanding of the core concepts of how to perform a pen test months and months went by. I was getting a real thirst in learning more and more, so I decided to take a course I found online which could fit around my busy lifestyle which was CompTIA Security+ and C|EH.

I know that a lot of people warned me against this and was wasting my money but I still pursued with the courses and I don’t regret taking the courses as it gave me a solid understanding of security, vulnerabilities and exploits. This was great as I then had a starting point to lay down some sort of foundation to where I can move forward; and forward I went on.

Certified Hacker

So there I am armed up as a Certified Ethical Hacker thinking I can now hack the world with my mechanical keyboard, 3 monitors and a RGB flashing mouse (part-time gamer), As I was going through vulnerable boxes and CTFs, there’s me loading up scripts thinking wow I’m now a hacker but in reality- a script kiddy, loading up Metasploit modules and hacking the crap out of anything. I actually thought I was a hacker but didn't know what I was loading or how these scripts were working I was so memorised that I could DeAuth my WiFi or create fake rogue WiFi access points that it gassed me up, but it didn't take too long to realise;

Wow one wrong move and I could end up in some serious trouble!

I will leave my story of the 'Dark Net' for another blog.

Its all in the detail

As the person I am I take things into detail and realised that what have I actually learned? How to load up tools and scripts and run them but I kept hearing this voice saying;

How does Metasploit work, how are they making up the payloads!

There I go again...down the rabbit hole I go looking for answers, the more I found the more I discovered I didn’t know anything but the basics, then my whole world fell apart...I had to learn code!

I knew the basics of HTML (from back in the day when we were kids messing with websites) and basic scripting, bash and bits of python apart from that I didn’t really know very much.  Along I go on my merry and painful way to start learning to code starting from C and assembly and wow my life had turned around, I started to understand computers for the first time and if anyone has learned C and assembly how slow and painful is the learning process!

I will be touching bits of C and assembly when I will be going over some basic reverse engineering and exploits. I also learned JavaScript further down the line to understand web sites and applications, JavaScript is a funny language where there is not a consistent structure and various different frameworks, it took me a while to understand what was going on there, but I will be covering JavaScript and the need to know basics for web application testing, one day I was scrolling on Twitter and was reading this interesting tweet that;

Should all people in Infosec should learn to code?

There was a big debate and just reading general comments, it all boiled down to what exactly what role were you doing in Infosec; for me and testers out there it is practical to code to better yourself and excel in the world of Pen testing/hacking, to write your own exploits and having a good understanding of what is going on behind the scenes.

Giving back to you

I will be writing a series of tips and tricks on how to start your journey into Infosec as every day I always get someone asking me how do I get into cyber security. With there being such a huge interest in security, watch this space as I will be giving tips with resources ranging from the basics to pen testing and bug bounties. I will be comparing various code languages, whats modern, and the latest and greatest out there, to technical exploits and some CTF's.

Cyber security is a long life journey and patience is required as with anything we don’t stop learning but don’t give up and keep your self motivated. I hope you enjoyed my blog and if you liked it, look out for my next blog as we will be exploring Cyber Security starting from the basics in general terms that we can all understand.

I would like to give thanks to Stu aka CyberSecStu for giving me this opportunity in giving back to the community and trying to reach out to newcomers to grow this great community we have! 'Stu I am in YOU' (not literally).

This articles image is Cyberpunk by Manuel Cetina