How To Become Ethical Hacker in Pakistan
Becoming an Ethical Hacker in Pakistan is not what you think! Go to the top University in Pakistan and get a Bachelor’s Degree, and you are an Ethical Hacker. No, absolutely not!
Becoming an Ethical Hacker in Pakistan or any country is a long process, technical skills, thinking out of the box, and much more! I will be discussing all that, what you should learn from where, what skills you need, and how you will think out of the box. So sit back and read!
You can jump Directly To the Skills Needed section.
What is Hacking?
Hacking is not to Hack someone’s Instagram account; it’s only 0.01 percent of Actual hacking. Hacking is to Hack someone’s entire system, i.e., a Computer, Mobile device, Website, or Database, Bypassing Security Devices like Firewalls, IDS, IPS, etc. Gaining access to the System of any Organization, it can be one computer or Thousands of Computers.
Hackers target the company to gain access to their systems and to steal Millions of data, Today the biggest threat to Organizations is a Ransomware Attack and Phishing.
But not all Hackers are bad! Some of them work with Organizations to help them strengthen their Security.
Types of Hackers
There are generally three types of Hackers:
White Hat Hackers:
White Hat Hackers are Good Hackers, they work with Organizations to help them strengthen their Security, Their work is to penetrate (Hack) into their Systems But with their permission and in a Legal way. White Hat Hackers are often called Ethical Hacker.
Their goal is not to steal data or harm the organization, their motive is to make their defenses stronger, identify loopholes and fix them before Bad Hacker attacks them.
Black Hat Hackers:
Black Hat Hackers are quite the opposite of White Hat Hackers, Their motive is to Harm the Organization or individual by gaining access to their systems and stealing Millions of data, They earn through selling the data in the dark Web.
It is not compulsory that a Black Hat Hacker will target big Organizations they also target individuals like you and me!
Some Black Hat Hackers work in a group, some work individually (alone), and some work for the government.
Grey Hat Hackers:
Grey Hat Hackers are in between White and Black Hat Hackers, which means that they are sometimes good and sometimes bad.
For example, there is a person who works for the organization as an Ethical hacker (White Hat Hacker) to strengthen their systems but when he arrives home his motive is to target another person or organization to steal data (Black Hat Hacker) then it can be called as he is Grey Hat Hacker.
Who are You?
At the end of the day, it’s all up to you, your motive, and how you will use your skills, legal or illegal. It is a Qoute that,
“With Great Power Comes Great Responsibility.”
Level of Hackers
Level of Hackers are categorized according to their skills and the damage they can give to any individual or Organization.
1. Script Kiddies
Script Kiddies are beginner-level Hackers. They don’t have any technical skills they rely on the tools provided for Hacking. They don’t even know how things are working, nor any knowledge of programming languages. They perform simple attacks like DDoS, they aren’t capable of stealing any data.
2. Group of Script Kiddies
A group of Script Kiddies are not a threat to Organization but working together might cause some damage to them.
For Example, Two boys how hacked the CIA.
3. Professional Hacker
Professional Hacker are of two types based on their motive.
White Hat Hacker
White Hat Hacker or Ethical Hacker working for an Organization are considered Professional Hackers, They have Technical knowledge, Programming Skills and identify loopholes.
Black Hat Hacker
Black Hat Hackers also have the same level of expertise as White Hat Hackers but they use their skills in the wrong way. They earn from stealing the data from Organizations in the form of Ransomware attacks which are the main threat to Organizations today.
4. Advance Persistent Threat
Advance Persistent Threat (APT) is a group of Professional Hackers who work for the Government and their target is to steal secret information or destroy the infrastructure of their enemy. They work in a group which makes their attacks more persistent, sophisticated, and more damageable which is difficult to identify.
ADT attacks usually take more than 6 months to be successfully executed.
For example, Backdoor which was identified in XZ Utils is an example of ADT as a group of Hackers were working on it for at least one year.
Stuxnet malware was built to damage Iran’s Nuclear Facility that infected 200,000 computers, this malware was designed with the collaboration of the US and Israel.
Skills Needed
The following are some Skills required to become a Professional Ethical Hacker:
1. Computer Skills
Computer Knowledge is the most important skill in Ethical Hacking.
- Computer Hardware (RAM, ROM, CPU)
- Computer Software (How Different OS works like Windows, Linux, macOS)
- Architecture of different OS
- Active Directory
- and more
2. Computer Networking
This one, I personally recommend is the most important skill you must need in this field, If you don’t know Networking then You can’t be a Professional Ethical Hacker.
- TCP/OSI model
- How computer communicates
- How Routers, and switches work
- Security Devices (Firewall, IDS. IPS)
- Networking Protocols/Ports
- Wifi/Bluetooth
- client and server architecture
- and more
3. Linux
Linux OS which Hackers use:
- How Linux works
- Linux command line
- scripting (bash)
- Linux Tools (nmap, metaspoilt, Wireshark,aircrack-ng, etc)
- and more
4. Cryptography
You should have strong knowledge of Cryptography techniques like
- Encryption and Decryption
- Symmetric and Asymmetric algorithm
- Hashing/salting
- and more
5. Programming
Programming! To become a professional Ethical Hacker you should know different programming languages, I have given that for what purpose which language is best, you can pick at least one for each category.
- C, C++, C# (For OS Hacking like Windows, Linux, or macOS)
- Javascript, HTML (For web Hacking) I recommend Both.
- SQL, PHP (For Database Hacking)
- Java, kotlin (For Andriod Hacking)
- Assembly (For reverse Engineering, optional)
6. Being Up-to-Date
Ethical Hacking is one of the fields that require to be up-to-date with current technologies and techniques, Below are some newsletters you should Subscribe to get the latest news and updates:
7. Thinking Out of The Box
You have to practice and solve challenges like CTFs (Capture the Flag) to be able to think out of the box and to have hands-on experience, having some basic knowledge about networking, OS, and Linux you can participate in CTFs like
- Pico CTF (If you are a Beginner)
- TryHackMe (If you are a Beginner)
- Hack The Box (Not for Beginners join if you have some knowledge)
Types of Penetration Testing
There are different types of Penetration Testing, each requiring a different level of skill set, I will try to mention with them along!
1. Web Application Pentesting:
Web Application Pentesting means to penetrate into Websites and find vulnerabilities by using different Attack vectors like:
- XSS (Cross Site Scripting)
- SQL Injection
- CSRF (Cross Site Request Forgery)
- XXE (XML External Entity)
Skills required
- Computer Networking
- Programming Languages (HTML, Javascript, SQL, PHP)
- Core Web Application Security Knowledge (OWASP Top 10, Session Managment, SSL/TLS, etc)
- Tools and Frameworks Proficiency (Nmap, Metasploit, Burpsuite)
- Fuzzing
- And more
2. Network Pentesting:
Network Pentesting means penetrating into Networks, bypassing security Devices, and finding vulnerabilities.
Skills required
- Computer Networking
- Operating Systems and Active Directory
- Vulnerability Scanning and Enumeration
- Exploitation Techniques (Metasploit, cracking passwords, Privilege Escalation)
- Post-Exploitation and Lateral Movement
- Wireless Network Penetration Testing
- Firewall and IDS/IPS Evasion
- And more
3. Android Pentesting:
Penetrating Android or Android Application requires an understanding of their architecture, Below are some Skills required for it:
Skills required
- Android Architecture and Operating System Knowledge
- Android Development and Programming (Java, Kotlin, Android SDK and NDK)
- Common Vulnerabilities and Testing Techniques (OWASP Mobile Top 10)
- Cryptography and Secure Storage
- Bypassing Security Mechanisms
- And more
4. Others:
As the Cybersecurity Field is evolving so rapidly, Pentesting like in the cloud and AI also exists!
Certifications
Below are some Certification recommendations you can do:
- CompTIA IT Fundamentals
- CompTIA Network Plus
- CompTIA Security Plus
- CompTIA Pentest Plus
- CEH
- OSCP Plus
Can I become an Ethical Hacker in 6 months?
Seems like a Joke! unfortunately, some institutes in Pakistan say “Take our course you will be an Ethical Hacker in 6 months or you will be working as a pentester in a company!” really?
Ethical Hacking is a Long Process As I mentioned above, companies do not hire script kiddies they hire professionals.
It is a question from You, the above-mentioned Skills required do you think it can be gained in 6 months? without practicing and doing projects?
“If you dont know how a System work then how can you bypass(hack) it?”
Why Not to Depend On University in Pakistan
Personal Advice:
I want to give you an example of why Degree is not enough
Let’s consider that you are seeking a job (I know this is not the only choice or goal to get a job but let’s consider) there are requirements to apply for it, In the first line it says a Degree is required in the field of Cybersecurity or any computer science field degree and the next 4 to 6 lines are the other skills required, Okay!
The university only fulfills the first line of Requirement, Degree! So the role of the University is only that, the next 4 to 6 lines of requirement are made by YOU!
Yeah, I know Universities also teach about Other things but they are outdated the field of cybersecurity and Ethical Hacking is changing very rapidly, and We have to be up-to-date and upskill ourselves.