I want to be a hacker [need help with certs]

SurrealalucardSurrealalucard Member Posts: 18 ■□□□□□□□□□
I will start off by saying I have no working experience and very little with exploiting etc on my own system, so I am starting from the ground up.

So I want to be a ethical hacker, and I was looking into ceh from eccouncil but I have been reading that isn't the best route, also I don't just want a cert I want knowledge, and would love to go for the OSCP(?) Eventually.

So to the question. What would be a good alternative to ceh, not just for the cert but for getting a good baseline in pen testing/ethical hacking field.

If the ceh is a good choice I'll happily get that and plan on doing outside research as well as courseware.

Also as a FYI I am not totally lost when it comes to computers, I have kali set up on a VM as well as metasploitable and can navigate Linux decently. Just need help with a starting point. Thanks!

Comments

  • TacoRocketTacoRocket Member Posts: 497 ■■■■□□□□□□
    No certification is going to make you a hacker. The ones that I would even come close won't make you a hacker. They are good for learning the concepts of penetration testing and types of vulnerabilities.

    If you want to be a hacker you need to learn to program. Not Python either. Assembly, C++, and how machine architecture works.

    Kali Linux is a start and better than nothing. Starts to penetration testing that people like are OSCP and eLearnSecurity.
    These articles and posts are my own opinion and do not reflect the view of my employer.

    Website gave me error for signature, check out what I've done here: https://pwningroot.com/
  • SurrealalucardSurrealalucard Member Posts: 18 ■□□□□□□□□□
    Thanks for the quick reply, the reason I was looking for certs for hacking was so I could get a career as a pen tester.

    So to get that career would I be better off not getting certs and just learning on my own/the two certs you specified?

    Luckily I already know a bit of c++ syntax and am learning c from edx's cs50 program.
  • adrenaline19adrenaline19 Member Posts: 251
    Certs don't make you a hacker, the desire does.

    Playing video games and watching Mr.Robot isn't going to cut it.
  • TacoRocketTacoRocket Member Posts: 497 ■■■■□□□□□□
    Thanks for the quick reply, the reason I was looking for certs for hacking was so I could get a career as a pen tester.

    So to get that career would I be better off not getting certs and just learning on my own/the two certs you specified?

    Luckily I already know a bit of c++ syntax and am learning c from edx's cs50 program.

    I would look into the certifications for a baseline. Take the knowledge from them to formulate your own methodologies.

    When you're getting into programming look for concepts like data structures and algorithms. I would say most pick me up programming courses are just for basic syntax. Yes it gets the job right, but as you deal with larger data sets and different scenarios your program isn't as flexible.

    If you're new to computing I always recommend the basics. The CompTIA trifecta: A+, Network+, and Security+
    At my current employer where I do information security (including penetration testing), I only had one security certificate and that was Security+

    I find employers and people in that field are looking for technical knowledge. I was hired because of what I knew on Windows Servers and Linux Bash Scripting.

    When it comes to Linux forget the GUI. CLI is your best bang for buck.

    Final note, don't take my word alone. Let others chime in on the forums and make your own deductions. The best part is that you asked. Penetration Testing is an exciting field to be in. There are many ways to break it into the field.
    These articles and posts are my own opinion and do not reflect the view of my employer.

    Website gave me error for signature, check out what I've done here: https://pwningroot.com/
  • SurrealalucardSurrealalucard Member Posts: 18 ■□□□□□□□□□
    TacoRocket wrote: »
    I would look into the certifications for a baseline. Take the knowledge from them to formulate your own methodologies.

    When you're getting into programming look for concepts like data structures and algorithms. I would say most pick me up programming courses are just for basic syntax. Yes it gets the job right, but as you deal with larger data sets and different scenarios your program isn't as flexible.

    If you're new to computing I always recommend the basics. The CompTIA trifecta: A+, Network+, and Security+
    At my current employer where I do information security (including penetration testing), I only had one security certificate and that was Security+

    I find employers and people in that field are looking for technical knowledge. I was hired because of what I knew on Windows Servers and Linux Bash Scripting.

    When it comes to Linux forget the GUI. CLI is your best bang for buck.

    Final note, don't take my word alone. Let others chime in on the forums and make your own deductions. The best part is that you asked. Penetration Testing is an exciting field to be in. There are many ways to break it into the field.

    I'm currently listening to the audio book for a+ and am finding it a little I formative but most of it I know because I have been on a computer sense I was 9 and I'm 26 now.
    As for the GUI in Linux I do find it rather annoying, and prefer the terminal to most of the GUI.
    I was looking at the offensive security training for kalito prep for oscp and was wondering if that would be a decent starting point.
  • Mike7Mike7 Member Posts: 1,107 ■■■■□□□□□□
    You did not mention where you are based or your background, so some of the info may not apply to you.


    All the certs provide knowledge.
    CEH is considered entry level and is a requirement for US DOD 8570. EC Council have higher level certs.
    GIAC certs such as GPEN, GWAPT are quite well known. However, the SANS courses can be expensive.
    eLearnSecurity has online courses that are targetted more at beginner to intermediate level penetration testers. The training material is good and exam is practical based. As they are fairly new, their certs are not as well recognized.
    OSCP is considered advanced level.
    If you are in UK, there is CREST

    Some pen testers have a good mix of the above certs while others may not have any certs but are highly respected in the community due to their contributions. You can also look at penetration testers job listings in your area to get a feel of what the companies are looking for.
  • SurrealalucardSurrealalucard Member Posts: 18 ■□□□□□□□□□
    Mike7 wrote: »
    You did not mention where you are based or your background, so some of the info may not apply to you.


    All the certs provide knowledge.
    CEH is considered entry level and is a requirement for US DOD 8750. EC Council have higher level certs.
    GIAC certs such as GPEN, GWAPT are quite well known. However, the SANS courses can be expensive.
    eLearnSecurity has online courses that are targetted more at beginner to intermediate level penetration testers. The training material is good and exam is practical based. As they are fairly new, their certs are not as well recognized.
    OSCP is considered advanced level.
    If you are in UK, there is CREST

    Some pen testers have a good mix of the above certs while others may not have any certs but are highly respected in the community due to their contributions. You can also look at penetration testers job listings in your area to get a feel of what the companies are looking for.

    Background: no experience in the field, just knowledge on computers and a little c/c++ knowledge.

    I'm currently deciding between pwk with offensive security, elearn, and ceh. Mostly leaning toward the first two because currently do not need DoD or anything.
  • snowchick7669snowchick7669 Member Posts: 69 ■■■□□□□□□□
    Being a pen tester is like being a surgeon in the medical world. You need those years of training as a doctor etc and then you specialise and it can take quite a while. I know these days this is somewhat changing and people are taking on 'junior penetration testers', but the job descriptions over here in the UK still ask for 3-5 years working in info sec. Have a read of the blog post below. I found it quite interesting and gives you a general idea of what you need to be aiming for knowledge wise. I know the big certificate in the UK is the Crest one, but I'm not sure how successful you'd be in getting a job if you had that and no experience. Have a look on the forum here because there are a lot of posts about what paths to take and recommended certificates.

    https://danielmiessler.com/blog/build-successful-infosec-career/
  • Mike7Mike7 Member Posts: 1,107 ■■■■□□□□□□
    Thanks for the link. It was informative.


    I am curious about CREST as some of the exams include MCQ, labs and even essay writing. To me, anything that has a practical exam component is probably more difficult than a pure MCQ exam. As I understand, CREST is also accepting OSCP as a credit for some of their certification.
  • dustervoicedustervoice Member Posts: 877 ■■■■□□□□□□
    Certifications tells you what "hackers" do. Like others have mentioned, its more about desire. A thief becomes better at his/her craft by feeding the desire by continuous stealing not by reading a book or certs. Certifications are for HR bots.
  • JoJoCal19JoJoCal19 Mod Posts: 2,835 Mod
    There IS a difference between a hacker and a pentester. TacoRocket is absolutely correct in that to meet the classical definition of a hacker, you need to know how to program, and preferably C/C++ and assembly language.

    We assume you want to move into pentesting. I would recommend getting one of the books for the CEH and starting there. It will give you a nice overview of the basic steps, and an intro to some of the tools. Feel free to skip the actual cert if you want to, but having the cert will hit some HR filters and at least give you an "in". From there, I would pursue GPEN or eCPPT, and then move into the OSCP, and OSCE realm. And of course along the way setting up your own lab and practicing is mandatory. For me personally I'd go CEH>GPEN/eCPPT>OSCP>OSCE. Also make sure you get well versed with C/C++, ASM, and Python.
    Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CSAA, AWS CCP, OCI Foundations Associate, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
    Currently Working On: Python, OSCP Prep
    Next Up:​ OSCP
    Studying:​ Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework
  • NetworkNewbNetworkNewb Member Posts: 3,298 ■■■■■■■■■□
    Definitely some good advice above... but don't forget to rent the movies "Hackers" and "Swordfish". Great references!
  • adrenaline19adrenaline19 Member Posts: 251
    I've seen the Matrix like 20 times, and I own the special edition box set of Mr. Robot. I'm a hacker all the way!

    I really hate the word "hacker" now days.
  • E Double UE Double U Member Posts: 2,233 ■■■■■■■■■■
    Playing video games and watching Mr.Robot isn't going to cut it.

    Now you tell me!!!
    Alphabet soup from (ISC)2, ISACA, GIAC, EC-Council, Microsoft, ITIL, Cisco, Scrum, CompTIA, AWS
  • Mike7Mike7 Member Posts: 1,107 ■■■■□□□□□□
    Definitely some good advice above... but don't forget to rent the movies "Hackers" and "Swordfish". Great references!
    I want to be a wizard. I will watch all the Harry Potter movies at least 20 times. icon_lol.gif
  • fuz1onfuz1on Member Posts: 961 ■■■■□□□□□□
    Being a hacker is a mindset and something you're probably born with...
    timku.com(puter) | ProHacker.Co(nsultant) | ITaaS.Co(nstultant) | ThePenTester.net | @fuz1on
    Transmosis | http://transmosis.com | LinkedIn | https://linkedin.com/in/t1mku
    If evil be spoken of you and it be true, correct yourself, if it be a lie, laugh at it. - Epictetus
    The only real failure in life is not to be true to the best one knows. - Buddha
    If you are not willing to learn, no one can help you. If you are determined to learn, no one can stop you. - Unknown
  • danny069danny069 Member Posts: 1,025 ■■■■□□□□□□

    Hackers are everywhere, beware.
    I am a Jack of all trades, Master of None
  • SurrealalucardSurrealalucard Member Posts: 18 ■□□□□□□□□□
    Update:
    So I read through comptia a+ and net+ books and watched YouTube videos and after feeling comfortable with protocols and basics of networking went for the eJPT. Currently working through the pentest modules and have to say that they do a good job for introducing you to the world of pentesting.
    Granted it seems like most of the material is probably fixed on most systems today, the basics of learning scripting/programming and how networks transfer data are really easy to comprehend, and they offer a lot of extra reading outside of just learning what they have.
    The labs are interesting and they don't hold your hand too much, although they do have the manual that will tell you how to do everything step by step. I highly recommend not looking at the solution until you have completed the lab yourself, even if it takes you a long time to figure it out. The knowledge you gain from reading through things not so relevant now is just as important in my opinion.
    I'll keep updating as I continue to work through and up until I finish.



    So I took one of the practice exams for A+ on this site, and got a 50% on 10 questions....I think im going to read some A+ sec+ and net+ books and get a good baseline. It wasn't that I didn't know the material, just don't know all the acronyms and names for windows programs specifically to pass the test. My networking is a bit rusty so might as well study Net+ while im in the studying mood.
    fuz1on wrote: »
    Being a hacker is a mindset and something you're probably born with...
    I don't believe its something you have to be born with, although I think you are correct. It is a mindset.
    Being a pen tester is like being a surgeon in the medical world. You need those years of training as a doctor etc and then you specialise and it can take quite a while. I know these days this is somewhat changing and people are taking on 'junior penetration testers', but the job descriptions over here in the UK still ask for 3-5 years working in info sec. Have a read of the blog post below. I found it quite interesting and gives you a general idea of what you need to be aiming for knowledge wise. I know the big certificate in the UK is the Crest one, but I'm not sure how successful you'd be in getting a job if you had that and no experience. Have a look on the forum here because there are a lot of posts about what paths to take and recommended certificates.

    https://danielmiessler.com/blog/build-successful-infosec-career/

    Thank you very much for the link.
    Cyberscum wrote: »

    and you as well.
Sign In or Register to comment.