More and more often I come across queries on the topic: Where to start in hacking? How do you become a hacker? How to hack a game / crypto exchange?
Now I will try to answer this question for you.
So where to start in "hacking"
- Get rid of the word "hacking" from your vocabulary. There is information security in general and penetration testing (pentest) in particular.
- Stop watching a movie about hackers. They have the same relation to reality as the Fast and the Furious films to driving a car or Ghostrider videos to riding a motorcycle)
- Understand one simple thing that 99% of people do not understand and will not understand throughout their lives:
There are no magic pills in this world. To receive something, you have to give something.
And the more you want to receive, the more you will need to give.
There is a rule of 10 thousand hours: If you want to be successful in any business, you need to spend 10 thousand hours on it.
Here it works 100 percent.
Therefore, think 30 times whether it is worth it (we will analyze the pros and cons further).
If you spend 10 years in the gym, you may not become Mr. Olympia, but at least you will be in great shape and glue all the collective farmers in your village together and you will not have to break their FB to look at their boobs. Likewise with ANY area of human life.
Advantages and disadvantages
Since we already know that information security is the same area of activity for the kind of information technology, the pluses and minuses here are similar to any professions in IT.
Minuses:
- Undermined health. You sit at the computer at work for 8 hours, after that you sit at the computer at home, tk. you constantly need to learn. It is necessary to play sports additionally.
- Professional deformation. I will especially note the lack of communication. At work, everyone is silent, at home you are also alone if you don't have a family. It hits the psyche hard.
- The salary. Here it is relevant specifically for pentesting. For such a high entry threshold and level of competence, salary is lower than similar positions. Look at hh how much a QA specialist earns, for example a pentester. And what skills do both need to have.
- In fact, you are a highly qualified locksmith.
Pros:
- They look at you and treat you like a person. Relevant for employers from the Russian Federation
- RFP. Yes, the norms are paid, but there are days when you regret that you are not a loader.
- The digital revolution has not yet been completed and in the next 10 years, unless of course you yourself are a dumbass, you will be provided with a job.
With work in the dark, too, everything is far from unambiguous, I will not comment.
Write about hacking already! The Pentagon won't hack itself!
Here, too, everything is very simple.
In order to hack something, you need to know how it works. Learn to develop what you want to break, and for all this, the topic of security is increased and you yourself will understand where there are vulnerabilities.
First, decide what you want to specialize in.
For example web, then we look at how web applications are developed (html, css, JS, PHP)
Android mobile phones (Java + Android SDK)
Stupidly you drive into Google - "How are sites / applications / programs created?"
Until you learn to understand the software and its structure, forget about security.
You still don’t understand what the vulnerabilities are based on and how they are exploited.