2024 Roadmap to Master Hacker
I can still remember 20 years ago or more where people would say, you looked up the code on Google. You Google how to do that script, right? That's cheating. You're like, no, that's being productive. That's being efficient, right? I don't know if you agree, but if I was starting out, AI would be like a big focus of mine.
And the idea here is that you can go in and take a piece of malware and then open it up and analyze it and understand what it's doing. And maybe even change it and make it do something else, do something more. If you had all interested in privacy, you probably want to look at a encrypted privacy-focused email solution. When I read books such as this one, ethical hacking, or how to hack like a legend, or Linux-based for hackers, or extreme privacy, what it takes to disappear, fantastic book, if you're really into privacy.
There's an email solution that comes up at time and time again, and that's Proton Mail. Not only that, but a lot of people I interact with in the cybersecurity space use Proton Mail. The whole idea with Proton Mail is that you want to keep your conversations private. Do you really want companies and others reading all your email? So if you're interested in keeping your conversations private, look at Proton Mail. They're based in Switzerland where the privacy laws are a lot stronger. Then for instance, in the United States, they provide end-to-end encryption, I've trusted by many, many people out there, but for me, the big reason to look at Proton Mail is in books such as these, from respected authors such as OccupytheWeb, who actually uses Proton Mail.
And someone as famous in the privacy space, such as Michael Bazzell, talking about extreme privacy and discussing Proton Mail in his book, makes me believe that it's really, really good. We actually use Proton Mail and Proton VPN. I really want to thank them for sponsoring this video and supporting my channel and for making the world a more private place. Use my link below to sign up to Proton Mail and get a special David Bombal discount.
Hey, everyone, it's David Bombal, back with the amazing OccupytheWeb. OTW, Great, have you back in 2024? Welcome. Thank you, David. It's always an honor to be back on your channel, the best IT and cybersecurity channel on YouTube.
I appreciate you saying that. As I always say, you know, a big part of that is because of you. So thanks so much for sharing your experience with all of us.
Big question for you is, you know, I want to get into hacking. I want to become like you. Do you have a roadmap? But just before you answer that question, I forgot to mention anyone who hasn't seen our previous videos, I've linked a whole bunch of them below. If you don't know who OTW is, you should buy now.
But if you haven't seen his work or watched these videos or read about him, this is a very famous book. Number one, often on Amazon, Linux basics for hackers. OccupytheWeb and I have created a series of videos where we go through this book, which I'll link below as well. And we'll hopefully complete that in the first part of 2024.
I'm going to hold you to that, OccupytheWeb. He's also, he's also written this book, Getting Started Becoming a Master Hacker. And that's sort of what we want to do. So OccupytheWeb and really looking forward to your roadmap for this year. And another book which I really enjoy is network basics for hackers very close to my heart because of my background. OccupytheWeb, I've been talking enough now over to you.
Tell me if I want to get started in 2024, how do I become really, really proficient in cybersecurity or hacking? You know, give me a roadmap if you can. OK, first of all, buy all my books. I'll like that. That is a good answer. I'm joking, of course.
But you know, a lot of what you need to know to get started in cybersecurity, those books were designed just for that purpose, right? They, I wrote them from my experience of training the US military and intelligence community where I was working with some really, really smart people. And they were lacking in certain skills. And one of them that I noticed right away was Linux. Right. And so that's how, that's how the Linux basics for hackers book came about.
So people write me and say, where do I start? Well, the place you start is with Linux. And you all have seen David say it, and I say it both. And that you can't be a hacker without knowing Linux. Now, maybe you don't want to be a hacker. Maybe you just want to be a cyber security pro. And that's going to be equally true there.
If you know Linux, you're way ahead of the game of most people who have limited their experience to Windows and Mac, right? Because so many of the tools, both hacker tools and cyber security tools, are built in Linux. In addition, in almost every shop, right? In almost every shop, there's one Linux expert who's indispensable, who's indispensable. They can't operate without that person because nobody else knows Linux in that shop. And that person has guaranteed employment, right? They can't let that person go because that's the only person in the shop who knows how to run all the Linux based things.
So if you want to make sure that you always have a job, make sure that you know Linux and some scripting, right? So my book, Linux Basics for Hackers, has a the final chapter in there, is on Python scripting. It also has a chapter on Bash Scripting. And writing scripts is one of those basic skills that everybody should know in cyber security, because it's going to make life so much simpler. You can run scripts that'll do the job over and over, whether you're an administrator or you're a hacker. These scripts can oftentimes, they're just duplicating things that you can do manually, but doing them repetitively without human intervention and saves you a lot of time and money. If it's saving you a lot of time and money, it's saving your employer a lot of time and money.
And remember that the employer wants as much productivity out of you as possible. The more productive you are, the more valuable you are. So these scripting skills are really important. So both my Linux Basics for Hackers, which one of the reviews on Amazon said that the book is worth it, just for the Python section, which is I think it's a final chapter.
We also have a Python section in Getting Started Becoming a Master Hacker. I have a Python, both a Python Basics for Hackers and an advanced Python class coming up this spring, I think in April. So if you're with us, you can go ahead and do that. And we'll show you a lot of the cyber security-based Python scripting.
That in some hacking, some cyber security. But get you familiar with the tools and the modules and the libraries. Primarily in Python because Python is the scripting language of choice for cyber security, because it has so many modules and libraries that make your life much simpler.
So yes, GoLanguage is great, Rust is great, Bash is a necessary skill, but you really need to know Python first. And once you know Python, the other languages will fall in very quickly behind you. But get Python because about 80 to 90% of what we do in cyber security is Python. But you're seeing more and more people go into the GoLanguage, Google's language, which I like a lot and we'll be doing some GoLanguage in the future. But right now, most of the stuff is written in Python, so master Python.
So let's go back and talk about what you need to do. The first thing you need to do is you need to know what a computer is. That might have joking, but you need to have some basic computer skills. You need to know how to turn the thing on, how to turn it off. There's a certification that CompTIA has is the A+ certification.
And that's a good certification to gather, make sure you have all of those basic skills down. So I would recommend that. I like to CompTIA certifications because they're vendor neutral. So what we're doing is we're teaching skills that can be used in any environment, no matter who the vendor is. CompTIA has an A+.
Check that out. And if you can master that, you've got the first step. You don't have to do the certs, right? You can just get the information and learn what's in that. But it's not, it helps to have certs just on your resume if you're starting, right? Exactly. So if you're trying to break into the industry, one of the things that you can do is gather some certs. You don't have to get the certs.
The certs cost money, right? So that's one of those things that you have you don't have the money. Just learn what's in there. Take the practice test and make sure you understand all the information. You don't have to have the certification. But if you're trying to break into the industry, this is one of the things that people are looking for. Is do they have certain certifications? A+ is kind of a base certification.
This is how I have some basic computer skills. Oftentimes it's in line with like a help desk position. So if that's what you're looking for, those are the kind of skills that you need. The next area you need to be able to master is networking skills. You need to understand how networks work. And surprisingly, I run into a lot of students who don't have these basic networking skills.
That's what led to Network Basics for Hackers. Network basics for Hackers is a book to give you. It's a first few chapters and it's just really fundamental networking stuff.
Nothing too complex. Just what you need to know as a very base. Things like, what's an IP address? What is DNS? What are, what's the OSI model? What are MAC addresses? What's ARP? These are the things that we try to cover in that book. And then in the later chapters, we go into some of the other protocols. The other things like DNS and like SMTP, email protocol.
And show you how they work and then also where their weaknesses are. We also do a little bit there in some of the more advanced stuff like SDR and what have ambient tools as well. So you need to know the basics of networking.
So make sure you have those skills down. We obviously have that book and I also have a set of videos on networking network basics for hackers. So you're talking about like Network+ from CompTIA as well or perhaps CCNA because that gives you basic networking knowledge? I think both of those are good basic networking certifications is the Network+ and the CCNA from Cisco.
Those are good ones to get started with to prove that you have the basic understanding and knowledge of networking. You don't have, you don't have to get a cert but you know you can study that material and make sure you master those skills. It always comes up, it came up last year so I'm going to ask you the question because I see all the feedback coming in Network+ or CCNA or both or which one which is the best is the one which one do I need if I want to become a hacker? It's always like that, right? Well if you want to become a hacker, I don't think it really makes a whole lot of difference if you want to be a hacker. If you want to be a network engineer, I think CCNA is a little more valuable in that realm so if that's the way your career path is going, CCNA is the way to start. If you want to just prove that you have the Networking Skills Network+, so that would be my recommendation. You need to have these basic skills in cybersecurity, in hacking and which one
you choose to do for hacking doesn't really matter but if you're really looking to become a network engineer, I'd go to Cisco route versus the Network+ route. I'll say this because people might not be aware of it. A lot of people struggle with CCNA because they find it really tough because it's quite a hardcore example if you just like brand new to it. So Cisco have created a new site called CCST which is like a technician exam. It gives you like more basic stuff. There's free training on Cisco's website and there's an
exam that's online, it's cheaper. So you've got CCST for cybersecurity as well as networking. I obviously have a love for Cisco because of my background because I've done Cisco for many years but yeah, my personal choice is always CCNA perhaps but I'm glad to get your opinion and I, it's like you said, you just get the basic knowledge right? Yeah, you need to have that basic understanding. If you're not going to become a network engineer, Network+ is great. Or the Cisco's, if you really want to go to the Network Engineer route, then follow the Cisco route. It's probably the best way. People recognize them as being more valuable
in the Network Engineer world. Cisco is the 800 pound gorilla in the networking world. So you might want to follow that path if that's where you're going. If you're going cyber security, you're going hacking. I don't think it really makes a lot of difference. The next time I'm on my list
is going to be what I started off saying. That's Linux skills, right? You need to have those Linux skills and that's Linux basics for hackers. That's my book. We have, you and I have done four of the chapters that I book. It will be doing more in the future. There's like 10, I have 10 tutorials and hackersarise. So not all of the book is on hackersarise, but most of it is as well as our videos. So make sure that the book is not going to make you a Linux expert. It's going to give you the fundamentals that you can function inside of a Linux environment, as well as give you the basics of Bash Scripting and Python scripting. Both of those are important
skills. So the whole idea was to give you the fundamental skills that you can use to move forward with your career and cyber security. You don't have to buy the book. You can just read our tutorials or watch our tutorials here on David's channel. I mean, what I love about the book right, you said that you said it. And I mean, this is the feedback people get. It's not overwhelming. I've got a bunch of Linux books here that are like that big and very, you know, like really in depth. So like Linux Plus is another third from Comte that perhaps you will could look at. But it's also wider than
than hacking, right? Yeah, it's the Linux+ is more tuned towards administration, like the Red Hat, Red Hat certifications are as well. And we also just introduced a Linux Basics for Hackers certification on whitehathacker.com, which is our certification website. So we have it basically is limited to the material that you'll find in the book. So it's a certification
that'll show that you have mastered the skills in the book. So that's also an option as well. Next on my list is Wireshark. Wireshark is something that everybody needs no matter what you're doing in IT. If you don't have it, you really don't know what's going on on your network. So Wireshark is just one of those tools that gives visualizes what's going on on your network. So you
can see and analyze what's going on your network. So it's going to give you, it's going to take every packet and then give you all the details of every packet. So if you're doing say incident response, you can see what was taking place on your network. If you're a network engineer and you're having some problems with them, you can use Wireshark to basically analyze the network and figure out what's going on, what's going wrong. If you're a hacker, you know, we can,
you can find different ways to create packets that for instance are not RFC compliant that might have a beneficial effect in your ability to get pass firewalls or IDSes is what have you. So it's really one of those essential tools that I think everybody needs to have and you've done a number of tutorials on your channel David. I think Chris has been on here doing a number. He's a Wireshark expert. I also want to do a shout out to TCPDump, which is a similar tool, but it's command line tool and I have tutorials and getting started to become a master hacker on both of those tools. Wireshark and TCPDump, TCPDump can be really useful if you're trying to analyze, say for instance, a remote machine that doesn't have a GUI, you know, that Wireshark will work only in a GUI environment. So if you're SSHing into a remote system and you want to analyze the traffic, TCPDump
is probably what you're going to use and it's built into almost all of the Linux distribution. So you've got a machine in India or in Belarus and you're trying to analyze what's going on in it. You can easily SSH into it and then pull up TCPDump and view the traffic that way. It's not as easy to use as Wireshark, but it allows you to do essentially the same thing once you learn how to use it that you can do with Wireshark, but from my command line. I need to give a shout out to Chris
Grier. Chris has, as you mentioned, done a bunch of videos on my channel, but he's got his own YouTube channel and I mean if you're, if you're want to learn Wireshark, just go and subscribe to Chris's channel. He's got like a getting started with Wireshark series, which will take you through a whole bunch of stuff. He's also got a course in Yidhi Me that he's done with me. So if you want to like a structured course, you can get that, but otherwise just go sub to his channel, lots and lots and lots of Wireshark. Chris is the kind of guy who lives and breathes Wireshark. So go and
learn Wireshark from him. He's my advice. Sorry, I'll keep by the way. Go on. Yeah, that's great. I mean, he knows his Wireshark. Not crazy. But I just was like, it's a caveat. Like I said, I'm not requiring or saying people need to become a Wireshark expert, but you need to understand, yeah, you need to understand the basics of how to use it. Chris is an expert. Chris knows he's one of the leading experts in Wireshark. If you don't know everything that Chris does, that doesn't
mean that you're, you can't use Wireshark and you can't do cyber security, right? You need to understand the basics of what Wireshark can do and how I can create filters that are specific to what I'm trying to analyze. And that's probably the key skill set in Wireshark. Is how do I filter out all of those packets that are going by? There's thousands of packets going by every second, right? I don't want to see all of them. I want to see just some of them that that might explain what's taking place on my network. And so creating those filters is the key part of Wireshark. Everything else is kind of boilerplate, but creating effective filters is what you want to be able to do. So study that filter stuff. There is a filter building a capability that's built into Wireshark. You can go ahead and build your filters without, if you don't know anything about building filters, you can go ahead and they have a little pop-up window that will open up and choose you. All of the
fields that you can filter for and then you can go ahead and extract that information that's key to your understanding of what's taking place on your network. I mean you raised a good point there. So I just want to jump in there if you don't mind. You made this point that as a hacker or cyber security professional, you don't need to go really deep into each of these topics, so you don't have to become like a CCIE like I am in networking. As long as you've got base knowledge, what's the saying? You're a mile wide, inch deep kind of thing, right? Right. That's what people always say about the CISSP exam, which the CISSP is kind of like the top level exam, certification and cyber security. And one of the criticisms that people would give of it is that it's a mile wide and inch deep. So you don't go into great depth into every
place, but it's meant more for administrators and cyber security. So really valuable certification to have, you know, it's the salaries that is going to generate for you. Significant. You can make a good living with that certification. I think the two certifications, well, there's a number of certifications. In cyber security, the CCSP, which is the cloud
security professional and the CISSP are two of the most valuable certifications that you can get in that field. We have classes on both of those at hackersarise, but moving on, okay, you so you don't need to don't need to be an expert anyone just feels, but you need to have an understanding of them. The next one I want to emphasize is virtualization. I mean, 20 years ago, you know, virtualization was people like, what the hell are you talking about? What are you talking about? Now everything is virtualized, right? Our whole world is virtualized. So for studying vulnerabilities in systems, studying malware, you're going to want to virtualize it. If you're running a production environment, you have multiple servers, you want to virtualize them, right? There's doesn't make any sense to have to buy separate physical hardware for multiple servers when you can put them all on one server and then virtualize them. So this is a skill set that's
really valuable both in a production environment of a network engineer, a administrator, as well as cyber security. You need to understand how these systems work. Now, of course, these systems have all the little quirks and David and I were just talking a little while ago about one of the quirks that the virtualization systems have is that when you're working in SDRs, software-defined radios, that sometimes those USB-based devices don't communicate as well as they should through the USB port. And so these are things that you learn from playing with them and getting to know them, but you need to be familiar with them. If you go into a cyber security environment as a job and you don't know virtualization, you're going to have trouble because people are virtualizing everything. And as a hacker cyber security pro, there's a lot of things that I can do with virtualization that are going to keep me safe, right? Because I can attempt to hack in my own virtualized environment without getting into any kind of legal problems. If I'm analyzing malware, I want to take that malware and I want to put it into a virtualized closed sandbox, I mean, it's a closed-in system where it can't infect anything else, right? So I can run the piece of malware in a virtualized closed system so that it can't leave my system and I can analyze it within that environment. So there's so many
uses of virtualization that you should be familiar with that Oracle has Virtual Box. Virtual box is a great piece of software. It has some limitations, but it's a great piece of software. It's free. VMware has VMware workstation. They charge 150, 200 dollars. They have a student version discount. You can also get a player which is free, but it's kind of crippled, but at least it's free. And player that's free? Yep. But I think Virtual Box would probably be better than player. I always
used to recommend VMware, but it seems like you know, Virtual Box, you got to see which one works based for you. I think I've had discussions about this as well, right? Sometimes Virtual Box is better, sometimes VMware is better. Exactly. See what works. And then we found the Virtual Box actually worked better with SDRs, communicating with SDRs than VMware. So that was kind of surprising, but because usually I found that VMware works better in communication and networking, but in this case, that USB port on VMware has certain limitations in speed that really hampered our ability to do some of our SDR work. But Oracle Virtual Box, free, get it, it's learn it, you come familiar with it, you don't have to be an expert, just know how it works, right? And you can use it for all kinds of interesting and cool stuff in your studies of cyber security. What about Docker and
that stuff? We're not talking about that, right? Well, we're not talking about Docker, but Docker is one of those things that's coming on quickly. And I use Docker a lot. And so Docker allows you to basically put all the dependencies into a virtualized system on-site, inside your operating system. And there's a lot of advantages of doing that. So when I'm talking about virtualization, though, I'm really talking about these hypervisors of Oracle and VMware. But Docker is something that you should become more and more aware. I do a number of tutorials on hackersarise using Docker. One of our interns just wrote a tutorial about Docker. It's on hackersarise right now. And he did
a good job with that. And we'll have some more Docker tutorials coming up. So keep that in mind that that's something that more and more people are using in the cyber security environment is just basically creating. And you could see, well, on my system right now, I've got several applications that are virtualized with Docker next. I'm not sharing your screen, right? But that doesn't matter.
I'm not sharing my screen, though. We did a, I was thinking about a previous video. You could see that. Yeah, that's why I had Docker on some applications. That's the system. So I'll just wrap it up. Sorry. So virtualization more like in virtual machines and containers, you know, someone can learn about it later like Docker being a container. That's great. Yeah, I'm talking about virtualization here. But yeah, I think that Docker is one of those things
that you need. Those containers, you need to start becoming familiar with. I wouldn't say it right now is essential. But I would say that it's something keep your eye on. That's why we've added it to hackersarise. So you'll see it on the front page of hackers rises a brief tutorial written there by one of our interns to the way who uses it and all of us use it. Then security concepts
and technologies next time I list. And this is important that you understand certain concepts that are used throughout the cyber security environment. Things like PKI, public key infrastructure, things like hashing, things like cryptography, things like what is an IDS? How does it work? And these are things that are included in the CompTIA Security+ certification. And I think
that's a really valuable place to get the skills and maybe get the certification in a lot in US at least that a lot of government jobs that have anything to do with security. And that's pretty much everything, almost everything. It's a requirement to even sit down at a computer. In most environments, they will not allow you to sit down at a computer without having the security plus certification. So sometimes they'll let you sit at a computer, but they'll give you six months to pass the certification. But this is good for anybody who's entering the field. Once again, the certification is going to show that, hey, I understand these concepts. And you might think that these are simple things, but there's a lot of stuff in there that you might not become familiar with. Might not be familiar with that it's useful to grab a book. We have a
Security+ video series that you can purchase. And a lot of people have used it to pass that exam. That's another one. I think it's going to put you in the framework of understanding, knowing the terminology and concepts that are used throughout cybersecurity. Some of those may not be real familiar to you. If you're coming from a different environment, even if you're
coming from an IT environment that are real important in cybersecurity. Next, I'd like to suggest the people understand wireless technology. So when I talk about wireless technology, my first concern is we understand Wi-Fi or what's referred to as 802.11. That's the Wi-Fi that we use every day and accessing the internet. And it's important that you understand
how they work. You don't need to be an expert, but understand the basics and how they're secured. And of course, once you understand how they're secured, you better understand what makes them vulnerable and how you can hack them. If we think about the birds are out, there's an awful lot of wireless technology radios, right? Everything's a radio, we don't think about this until the FlipperZero came along. I thought about it, but other people didn't think about it. The FlipperZero came along. I started teaching SDR for hackers a few years ago. And I was really glad to see FlipperZero came along because all of a sudden, because people
up to that point were going, what is this? What is this stuff you're doing? Now people understand how important the security of these radio wireless technologies are. This includes Bluetooth. This includes your cell phone. It includes satellite communications. You know, your remote control. These are all wireless technologies. The key fob in entering your car, right? So that key fob is sitting in your pocket. It's communicating to your car that you're
nearby and allows you to open the doors. That we know can be easily hacked. And that's one of the things that we also have in our SDR for hackers class, as well as our car hacking class. So those are kind of foundational skills that I would like to see people do if you came to me looking for a job and you didn't have those skills I would go, okay, you probably need to go back and study some more, right? So to be even like an entry level position in cyber security. Now to get to like an intermediate level, okay, I would like to see if people have scripting skills. We talked a little bit at beginning, Bash scripting, Python scripting. Those are the two most important. Okay,
Bash. And by Bash is the Bash shell in Linux, okay, the Borne Again Shell be a sh. It's used in almost every Linux distribution. And it basically allows you to run commands in a, in a simplest form, it allows you to run commands automatically. Okay, you can set up jobs to do things automatically. That's the biggest use for Bash Scripting. Now Python scripting is used for a lot of cyber security applications. Many of the tools that you'll see us use on this channel, those are Python tools. Most of them are. Now some of them are Pearl, some of are Ruby, and some of them are Go, but they still
are a small minority of most of the tools. So if you want to write your own tools, become familiar with Python. Okay, I have a Python basics for hackers videos as well as inside of Linux basics for hackers as a chapter on Python and Getting Started Becoming a Master Hacker. And then I have a new class coming up in, I think it's April on Python basics and advanced Python in at that time.
This is one of those intermediate level skills that I'd like to see anybody who's applying to a job with me or other firms to have. Scripting, I think, is one of those kind of, you know, it's really an important skill to have. If you don't have it, you're going to be stuck using other people's scripts. And that's not, that's not always, you know, useful. Oftentimes what I find myself doing is I'll have somebody else's script, but I'll have to edit it. Right? So I'm not creating necessarily something brand new, but I'm taking something that somebody's already written, I have a framework and then I can edit it and add capabilities to it. So, you know, if you don't know your Python, you don't
need to be an expert, but if you don't know your Python, you can't do that. Right? So get to know Python. Think about the future about using some of the other scripting languages. Go is being used more and more and Rust is being used more and more in our industry. Pearl used to be used a lot, less and less so. And Ruby is used a fair amount and Metasploit, for instance, is all written in
Ruby and all the exploits in Metasploit are written in Ruby. So that's scripting, but if I could just summarize, know your Bash, know your Python. The others, you can put those off into the future and learn those. But if you come to me for a job and you don't know Python, that's going to be hard to hire you. Okay. Next is database skills. Databases, you know, from a hacker perspective, a database is
the golden fleece of the hackers. You know, what a hacker wants is a database, right? So because that's where all the good stuff is at. That's the PII. That's the credit card numbers. That's so if you're a hacker and you're trying to get into databases, you got to know how they work, right? And so that's one of those things that you need to become familiar with. Know some basic SQL, which is the language of databases become familiar with the major players. That's SQL server for Microsoft, Oracle from Oracle, MySQL, POSTGreS, DB2. These are the major players. They all are relational databases. That means that they break up the data into tables. Now we are getting more
more applications that are using things like MongoDB, which are no SQL databases. And so that's something that we're seeing more and more big applications, where to talk about huge amounts of data, are going to these no SQL databases. So that I wouldn't say that's like a required skill, but something put on your agenda for the future to be able to understand how some of these other databases work. But for now, focus on SQL server from Microsoft. The probably the most common database behind websites is MySQL. So if you're going to start someplace, you can use my SQL. I have a little bit of MySQL in both Linux basics for hackers and in getting started to become a master hacker. My SQL is built into Kali or to try to alleviate some confusion,
is that on Kali, in the older versions, they use MySQL and the newer versions are using MariaDB. They're basically the same thing. So there's small differences behind them. But if you were to type in MySQL on your Kali, it's going to pull up MariaDB. If you write in type in MariaDB, it's going to pull up MariaDB. There's what happened is that the developers of MySQL sold it to Oracle from 20 years ago. And then what happened is that they had a no compete agreement for five years.
And then after five years, they went and created a clone of MySQL called MariaDB. So don't get upset and don't get confused by the fact that when you look at say Kali, that it's using MariaDB, the same commands are going to work, the same structure is going to work. But they're basically clones of each other. So that's you learn a little bit of databases. Then you need to understand how web apps
work. We need to understand how web app, a little bit of HTML, some of the programming languages are going to be useful here, especially if you're trying to hack some of these things like JavaScript is a good thing to understand. Don't be an expert. You don't be able to build your own website. Just understand a little bit about how they work because once you understand how they work, then you're going to be better at being able to compromise them or hack them. Compromize is another word for a hacking. It sounds a little better. In terms of intermediate skills, one of the things that I always emphasize for our people is forensics, digital forensics. If you don't understand digital forensics, then you're not going
to be able to keep yourself safe. The whole idea here is that you need to know what the forensic investigator knows so that you can stay safe. If you want to stay anonymous on the internet, you need to know what can people see? What can they learn about me to be able to hide your identity or to hide your activity? We have just started a whole new program at Hackersarise on just digital forensics. We have 15 courses in this program of just digital forensics. We have coming up just in this month, we have our first Bitcoin forensics class. We'll be studying how you can trace Bitcoin. A lot of people have assumed up to this point that their transactions
the dark web using Bitcoin, another cryptocurrencies are anonymous and basically we're disputing that and saying no, we can trace your transactions and maybe even identify you. Identifying is a little harder than tracing. Tracing is easy to do. Identifying there's ways of identifying individuals as well by analyzing the blockchain. We'll be doing that. Actually, it's coming up next week, but it'll be already over when this video appears. Then a couple other areas that I think are important
is cryptography. Cryptography is the ability to hide what we're communicating. G, U, R. Cryptography is the way that data traverses the internet and people can't read what we're doing. It's a way that we store passwords. These are all the ways that, there's so many ways that we
use cryptography to secure our communications. If you're a network engineer, security engineer, you need to understand the basics of those. A lot of that is going to come from the Security+ Certification. We have a class on just what's called cryptography basics for hackers. When we go into a lot of the cryptography, we're not going to make you into a cryptographer. That's
not our goal, but we're trying to make you familiar with the techniques, the terminology of cryptography so that you can be conversing on it and be able to secure it or break it. Then, I think this is the last one. This is a higher level skill. That's reverse engineering. This is maybe an advanced skill. The idea here is that you can go in and take a piece of malware and then open it up and analyze it and understand what it's doing and maybe even change it and make it do something else or do something more. Among hackers, this is a common technique. If you're in malware analysis, one of the things that you'll note is that malware gets used over and over and over again, right? Even by people like the NSA and Sandworm in Russia. These are top hacking groups. They aren't necessarily going to reinvent the wheel. They're going to take a piece of malware off the shell and they're going to make some edits to it. You can do that if you have the reverse engineering
skills. We have a reverse engineering course coming up in February. It takes quite a while to become really adept at reverse engineering. Our first class is coming up in February. We'll show you the basics of reverse engineering and analyze some real malware and show you how it works. Then I'd like to throw in a couple of other what are called non-tangible skills or intangible skills. This is something that I find often times separates the people who are successful from those
who are not. You can have all of those skills but if you don't have these intangible skills, you're probably not going to be successful. The first one I want to put in that category is persistence. You got to keep at it. If you fail once, you go at it again. If you fail twice, you go at it again. If you fail three times, you go at it again. You don't give up. You keep at it no matter what that is. In our field as hackers, I think it's really important but it's also
applies to just about any field that you're in. Persistence, one of the key attributes of people who are successful versus those who are not is persistence. The people who don't give up are the people who end up being successful. If you're a hacker, oftentimes unlike the YouTube, not going to knock YouTube. The TikTok videos, I'd like the TikTok videos, it's not going to work
every time. It's not going to work in 30 seconds. It might take you 30 days. It might take you 30 months. The key is to not give up. That's one that's really important that I think is overlooked. Then the next one on that intangible skills is problem solving. Here as a hacker, you're trying to figure out how to get an application or an operating system to do things that it wasn't designed to do. The first thing you need to do is understand how that
application works and then how to break it. That takes what I call problem solving skills, something we might call analytical skills. Basically, it's solving problems. These are skills that can be developed in a lot of different fields. I found that, for instance, positive people who do puzzles oftentimes are very good at problem solving. Because doing a puzzle is a problem solving. It's just basically breaking down a problem to its pieces and then methodically
going through potential solutions. One of the things that's frustrated to me is seeing people who can't make an attempt and then figure out that that didn't work. What's the next step? That's it. What's the next step? Oftentimes, people with good problems will end up repeating the same steps over and over again without eliminating possibilities. That's key.
If you try something, that didn't work. You say, okay, this means that this doesn't work that way. Eliminate that approach. Now, try this approach. That didn't work. That means that this application doesn't work that way and start discarding all those possibilities until you narrow it down to just a few possibilities that you can focus on that might work. That's what I call problem solving or analytical skills. Then the last one is think creatively. If you're the kind of person
who can only do things by meant by cookbook, there's a number of books on the market that call themselves cookbooks. They take you step by step by step. That's great in some applications, but as a hacker, you don't have necessarily a cookbook. You have to think creatively of ways that you can possibly get this particular task done. It may not be in any book, any place. Nobody can write all the possibilities. Write a book about all the possibilities. You have to be able to think creatively. Some people call it thinking outside the box. This way overuse term, but that's really what I'm talking about. Some of the most successful hackers, and for that matter, some of the most
successful people are people who can think creatively. It's not, I think it's different than intelligence. I think intelligence is more linked to problem solving. Here, this is like thinking of ways that nobody has really thought of before. This may be a controversial thing to say, but Albert Einstein is considered to be this great genius in the 20th century. What he really had was an imagination he imagined the way the world worked. He imagined it without doing any experiments. Normally, a scientist does experiments. They have hypothesis and they do experiments and they go,
this is the way it works. He didn't have that. He just imagined it. He imagined the way the world worked. Then he wrote it down and then tried to prove it mathematically. It wasn't until decades later that somebody proved him right. He didn't follow the scientific method. He imagined the way
the world worked and was very convinced that that's the way the world worked. Then people later on proved and now he's considered a great genius. I don't want to, in any way, shape or form, denigrate Albert Einstein, but think of what he was doing. Nobody else was thinking that way 100 years ago. This is only 100 years ago. When you take a long view of history, 100 years is nothing. It's a one-life time. Nobody was thinking this way. He said, this is the way the world works. It wasn't necessarily a result of his intelligence. It was an result of his creative thinking.
He's imagination. With that, I think that sums up what I think is my roadmap to becoming a master hack. I love it. I've got some questions. I think for 2024, what do you think I should focus on if I'm near? What's hot or which wave share I ride? AI is all the rage at the moment. Is there any specific area? Sorry to go on. No. AI is something that everybody needs to be. I probably should have included in here, but AI is going to change the way all of us work. If you're on a help desk, you can use AI to be able to analyze the problems that come into you. Even at that level, AI can help
you. AI can write really nice answers to your help desk questions and save you a lot of time. That's going to be good to your employer because you're going to be spending it. You could be able to answer more questions by using AI. AI is capable now of writing some good scripts. If you've
used it for scripting, you'll find that it does a pretty good job of writing scripts, but oftentimes the scripts will have small errors in them. That's why you have to know a little bit of your Python. You can use AI to write the script and write most of the code, but oftentimes there'll be small errors in it that you have to be able to fix yourself. I would say that play around with ChatGPT and some of the others. You become familiar with what they can do and what they can do, but it can make you a lot more productive. That's the key to your employer. Your employer wants you to be as productive as possible. Use whatever tools are available to you. I can still remember 20 years ago or more where people would say, you looked up the code and Google, you Google how to do that script. That's cheating. You're like, no, that's being productive. That's being efficient.
That's being efficient. But there were people who were saying that now we'd all take that for granted. That's the same thing. You're using the tools that are available to you to be more efficient and get the job done more effectively and quicker than you would without.
I think AI is just going to change everything. As growing at such a rapid rate, there's always a new product being released. Google has just released a new one. Gemini, I think. At the time, this recording, it's like, I think if I was young, I don't know if you agree, but if I was starting out, AI would be like a big focus of mine. I think it has to be. I think it has to be. I think we all,
like, no matter what your age is, you need to be familiar with AI because if you're old, it's going to be familiar with it to be able to keep up with the younger people who are, you know, or be using it and are going to be much more productive, be young, it's a way to break in and show that you can use these tools. And that's what they are. They're just tools for us to be able to do our job effectively and efficiently. I think it's like you said about Python. There's a huge split, if you like, between someone who knows a language, a programming language like Python and someone who doesn't. Someone who knows that programming language or knows how to code, it's just pushing a different league. It gives you so many advantages. It does. Yeah, the basic scripting skills of Python are really for me as an employer, you know, it's a requirement that you be able to do some basic scripting in Python because there's so many things that we do that require Python skills. I think AI is becoming, it's going to be like that if it's not already becoming like that. If you
don't know how to use leverage AI, you're really putting yourself at a disadvantage. I agree. I keep on the web as always. I really want to thank you. This is great. I really appreciate you sharing. I really appreciate that you don't just give us fluff, but you give us a proper
roadmap. With all your years of experience, you're helping the next generation or people who are trying to break into this field, give them a proper roadmap. I think it's what's really nice about what you've done this time, which I really appreciate is you're not just talking about red teaming or hacking. You're also looking at network engineers, you're looking at people on the blue team or trying to protect. There's so many opportunities in cyber. It's not just like
trying to be a pen test or be a hacker. There's a whole bunch of opportunities on the blue teaming or protecting side. These skills are just valid on both sides. Exactly. Yeah. Blue teams, we train both blue team and red team. There's so many more jobs on the blue team. If you're
entering this field and you don't feel comfortable as a hacker, penetration tester, you don't never master it. There's a lot of jobs on blue teams. Sometimes the blue teamers are getting paid more than the red teamers out. The blue teamers are protecting the company's crown jewels. A good company is going to put their energy and money into protecting the crown jewels. That's you as a blue teamer are doing. That's brilliant. Talking about the web, I really look forward to
our next video. If everyone who's watching, please put comments below. The kind of things that you want me to ask, I'll keep other web and the kind of videos you want us to create. We've got a lot of ideas, but it's always great to hear from the community. Please put your comments below. OTW, thanks so much. Thanks David. I always enjoy our little chats.
2024-01-03 00:56