If you’ve developed a desire to learn more about hacking or to try a little hacking yourself, there are a lot of resources at your disposal to get started. Keep in mind, our premise here is how to hack without breaking any laws, which is important to remember. That being said, there’s nothing illegal about talking about it, is there? On the contrary, talking about hacking ensures that the larger community of IT and security professionals are sharing ideas and techniques for prevention, detection, and mitigation. This makes everyone’s overall security posture a better one.
Books, podcasts, blogs, vlogs, and even full-blown conferences are all dedicated to sharing this knowledge and can be resources for you to get started. Let’s look at a few, as examples.
Right off the bat, I’m going to recommend a couple of books written by Kevin Mitnick, who is arguably the world’s most infamous hacker. “Ghost in the Wires: My Adventures as the World’s Most Wanted Hacker," should be mandatory reading, in my opinion, for anyone interested in learning a lot more about the early days of hacking. Kevin has a number of other books as well and now works on the “right side” of the fence as a security consultant.
Go to Amazon and search for the word “hacking” and be prepared to sift through just over 13,000 results. Here, we can see once again how many different meanings there are for this concept. A lot of these results aren’t related to what we’re looking for at all, but a review of the more popular titles and customer ratings will easily identify the relevant titles versus the chaff.
Books such as “The Hacker Playbook 2,” “How to Hack like a God,” and “The Hacking Bible,” will give you a solid understanding of tools, commands, and techniques you can try yourself to build a foundation of knowledge on how to hack and how you can be hacked.
Blogs and Vlogs
Hak5 is probably the top example of a hacker how-to site and video series that comes to mind. Hak5 started back in 2005 with a siofle video series on simple hacks and tricks for technology enthusiasts to try at home. Over the years, it has evolved into a full-fledged penetration testing and information security training series, including a store where one can purchase some fun hacker tools.
Hackaday is another popular site that focuses on hacking as an alternative method to accomplishing a task, and less about computers or security.
Brian Krebs operates his news site, Krebs on Security, which is an excellent resource for keeping up on zero-day exploits and current news from the hacking/malware world. Krebs was a victim of a hacker and has dedicated himself to learning as much as he can about the exploits and hacks used. Now he educates people on security and how to mitigate threats.
There are many others and the list could go on, but search around and find some sites that look interesting, watch some videos, and try some of the techniques presented. Be cautious when searching for terms like “hacking” and “exploit,” however!
Believe it or not, there are conferences you can attend that are dedicated to informing and educating the hacking community. The two prominent ones are Black Hat and DEF CON. Now, the name Black Hat for a convention might make you second guess whether you want to attend or not. In fact, Black Hat is more of the IT pro event filled with training and security briefings intended to prevent malicious attacks. DEF CON, on the other hand, is more of a carnival for hackers of all types.
Both were founded by Jeff Moss, known as “Dark Tangent” but seem to be aimed at different audiences. Granted, you’ll likely find people that attend both, and both events will have their share of white hats, black hats, and gray hats. DEF CON even hosts a contest called “Spot the Fed” referencing the attendance of several members of Federal law enforcement and cyber-security teams.
Now if you’re a first-time attendee to either of these events, it’s good to develop some safe practices with any electronic devices you might wish to bring along, for very obvious reasons. The entire place is filled with hackers, who might decide to have some fun with you. Turn off your wifi, turn off your Bluetooth, turn off Air Drop, or maybe even leave all of your electronics at home.
Past recorded sessions from both conferences are available on YouTube, and I’d invite you to check them out if you aren’t able to attend in person.
It may seem like a lot, but regardless of the sources you choose, there is no shortage of information or media out there for you budding InfoSec professionals out there. Find a place to start, and jump in, whether it’s reading up on the history of hacking, or deciphering current zero-day exploits that you might be facing at your place of employment.
You may find a particular track that you want to focus on and can then begin to narrow your research to that one area. Specialization can be of some benefit, but a well-rounded security posture is always best.