So today, I wanted to discuss 5 fundamental skills that every hacker should master. I use the term hacker loosely because these apply to both offensive and defensive experts alike. I’m going to count down in reverse order, ready?
5. Port Scanning
This is the bread-and-butter of compromising a computer. After you have completed your information gathering phase and determined which computers are ‘in-scope’ for your purposes then you need to figure out where the weak points of the computer are. Hint: it’s the open ports. Ports can tell us so much about the computer we may not have gathered during the previous phase like, which operating system is running? which services are running? and sometimes tell us the overall use of that specific computer (Mail server, DNS server, employee desktop, etc.). Being able to scan ports effectively, quickly, and quietly is the BEST way to attack a computer. On the defensive side, making sure only the services you need running are running, making sure the services are up-to-date including patches if previous vulnerabilities were discovered, and being able to detect network scanning is paramount for the defense. NMAP is the big name in port scanning, but you should become familiar with other port scanning tools such as unicornscan, masscan, p0f, Angry IP Scanner, and hping3 as a couple of examples.
4. Networking Models
In general, networking models are an academic exercise, but they do serve one purpose while learning; a complete understanding of the interchange of information between computers. The Department of Defense (DoD) model is the most useful in my opinion. It has four layers (Network Access Layer, Internet Layer, Host-to-Host Layer, and Application Layer). The first layer (Network Access) takes into account the physical exchange of information across wires or via a wireless medium along with the transition from physical to virtual information. The next layer (Internet) is what connects computers together across the internet. The IP protocol is most commonly used nowadays and in order to use the IP protocol, IP addresses are assigned to each computer and routers are used to send information from one network to a new network based on IP addresses. The third layer (Host-to-Host) is about which language is used by each computer to communicate. There are two main options (TCP and UDP) and they can be likened to a civil conversation and a stock market trading floor. TCP is session-oriented and has reliable transmission so information is communicated effectively and completely at the expense of speed. UDP is almost the exact opposite, it yells things across the internet hoping the correct computer hears it and responds appropriately. Lastly, we have the application layer. This is where HTTP traffic, FTP traffic, SMB traffic, and all other types of application send data over TCP or UDP over IP (mostly) over wired or wireless mediums from one computer to another. Even if you don’t understand the deep technical details of how each layer works, you should be familiar with how these work in general because in order to exploit (offensive) and prevent exploits (defensive) you need to understand how the information is communicated.
3. Programming from Assembly to Python
Programming is SO incredibly important! I cannot stress this enough. How are operating systems made? by programming. How are programs/software made? by programming. How are exploits made and used? by programming. Nowadays there are so many different ways to learn how to program from free online classes to free Android/iOS apps to youtube videos. In fact, here you go! I recommend learning the basics in a high-level language such as PHP, Java, or C#. Once you have mastered one of those languages move to Python because you will be using this language A LOT. Once you’ve mastered Python drop down to C and assembly. You can spend the rest of your life mastering C and assembly plus, I think they are the least intuitive for people learning to become hackers. If you’re already familiar with programming in general focus on Python, C, and assembly. The understanding of these languages are what separates a good hacker from a great hacker.
If you’re a purist or traditionalist, you can certainly go backwards. Start at assembly and understand what an Op Code is and what it does, you’ll learn about registers and memory addresses and you can certainly expect your head to hurt afterwards, but everything you learn afterwards is just an abstraction on top of assembly. After assembly, you will learn to appreciate what C can do for you and if it can’t do something you need, you can always force assembly upon it! Python will allow you to script things out instead of writing a program and compiling it every time. Use python to augment and script your C and assembly work.
Full disclosure: I did not recommend every program language that you could use and yes, these are the languages that I am personally biased towards. You could learn Ruby, you could learn Perl, you could learn C++ or ,Net or any other. Each have their benefits and you should be familiar with all of them, but you will end up enjoying a select few languages based on personal preferences.
2. Information Gathering
Even though this is the first step in the hacking methodology, it makes number 2 on our list and you’ll see why. This step is so critically important because the more information you can gather the more likely you are to accomplish your goals. You need to find domains, IP addresses, email addresses, physical locations, what services they provide, what services the don’t provide, can you exploit them technically, socially, or physically? After gathering all this information, the actual hacking becomes laying down one train track after another to connect yourself straight into your target. Lots of people skip this step (including myself sometimes) and later when the individual finally exploits their target, it’s as a result of additional information gathering. You can never have too much information especially in this day and age where computers can store and process most of it for you. DO NOT SKIP THIS STEP.
The single best skill a hacker can have is curiosity. The insatiable desire to learn about the way something works. This is how hackers find zero-day exploits: they know your product better than you do. They learn about your product, study your product, use your product and then exploit your product. This curiosity does not stop at just exploitation. It also extends to offensive, if you’re on defense and defense, if you’re on offense. The only way to beat the adversary is to understand the adversary better than they understand themselves. If you’re on defense you understand how an attacker tries to exploit systems and you harden them. If you’re on offense, you understand how defense hardens systems and work around those patches, configurations, and hardening strategies. I would further posit that a true hacker is curious about all things and not simply what he or she knows best. Some of the best findings over the years have come from the intersection of previously unrelated notions, ideas, and fields of study. This skill must be mastered above all else. Be curious and if you’re not curious about something, be curious about why you’re not curious.
These are the 5 fundamentals every hacker should master, offensive or defensive. Take these to heart and use them to better yourself.
-Hack Responsibly, Hack Professionally.