Concepts that need to be understood to be an effective hacker

Home / Security Introduction / Concepts that need to be understood to be an effective hacker

Being a hacker requires an understanding of several different areas of technology. Essentially being a good computer hacker means having such a good understanding of the computer system that you are able to manipulate it to do things that it otherwise shouldn’t be able to do. Fortunately with the development of software and the sharing of information, you don’t need to have an in-depth understanding of every aspect of the computer. However, there are basics that you need to understand to even be an effective script kiddie, let alone a true computer hacker. Here I cover the main things you need to know at a foundation level to be a good hacker:

Networking: You need to understand the concept of a computer network. If you’re doing anything related to a company, your targets are going to be on their private network most of the time. So you need to understand what a computer network is, you want to know about the common devices on a computer network such as firewalls, Network Address Translation (NAT), Proxy Servers, Demilitarized Zones (DMZ), Intrusion Detection Systems, Intrusion Prevention Systems, Local Area Networks and how data is transported between different devices.

Command Line: As a hacker you will be working in the command line very often and it’s important that you learn how to operate it. The command line is accessed via the terminal, the black/grey window depending on your operating system. You should be comfortable changing directories and running software through the command line as an aspiring hacker. One good way to learn this that I had success with is through overthewire challenges.

Computer Ports: Scanning computer ports is a routine part of gathering information when trying to hack into a machine. By scanning ports you can find out what services are running on that machine and their version, which can be a means of hacking into the machine. It’s important to understand what computer ports are, what the most vulnerable ports and services are and know how to scan computer ports using common tools like nmap.

Know how to read code: As a hacker you will be reading, writing or editing computer scripts. It’s important that you understand how to read computer code. The most common languages used in hacking will be Python, C/C++, Java and PHP. You don’t need to know all of the syntax of each of these languages but you should be familiar with universal programming concepts like functions, variables, loops, lists, dictionaries and data types. 

Get familiar with Kali Linux and it’s Security Tools: You want to understand how to use the most popular hacking tools on the market. While it’s good to be able to create your own scripts, much of the work of a professional penetration tester will be done with industry standard tools. You will want to be familiar with Kali Linux, in particular Metasploit, Burpsuite, Nmap, Wireshark and John the Ripper. 

Understand the different phases in a Penetration Test: If you’re planning to work as a professional hacker, it’s important that you understand the different phases within a penetration test. These phases help you to stay focused by having specific objectives and it ensures a more structured and repeatable approach.

The different types of payloads: A payload in computer hacking is the script that a hacker uses to interact with a hacked system. For example if you get a fake email that is trying to make you download a virus disguised as an excel file. That piece of software that they are trying to get you to download is the payload, this will allow them to execute commands on your machine. A common example of a payload is your standard computer virus, however there are several categories of payloads. This includes backdoors, rootkits, ransomware, trojans etc. Each of these different categories are also classified based on how they spread into viruses, trojans and worms, which are examples of malware.

What are the common types of attacks?

Cross Site Scripting (XSS) : This is a client-side code injection attack. The hacker injects code into a web page using forms that allow users to input data, such as the username and password forms that people use to login. If the forms don’t sanitize the data users enter, it’s possible to enter code into these forms that will be added to the webpage and execute whenever someone loads the infected webpage. The most common programming language used for XSS is Javascript. Not only is it good to know what this attack is and how to use it, being asked to explain it is a common interview question in information security.

SQL Injection: This is another type of injection attack that uses the database language SQL. By entering SQL statements through forms found on webpage, hackers try to bypass security controls and extract information directly from the database, this can be things like usernames and passwords, credit card information and any other type of PII held in the database.

Phishing Attacks: Phishing attack is a type of social engineering attack where a hacker pretends to be a trusted entity in order to get the victim to perform a certain action. This can be opening an email, instant message, downloading a file, giving up their login credentials etc. Rather than taking advantage of a technical flaw in the system, phishing attacks focus on exploiting the human element. Phishing attacks are involved in about 50% of data breaches worldwide.

Buffer Overflow: This is one of the most difficult types of attack to master, but it can cause some very serious exploits. If you have a programming background it’s something that will come much easier to you.  A buffer overflow occurs when the volume of data exceeds the storage capacity of the memory buffer and overwrites adjacent memory locations. By controlling the overwriting of memory locations an attacker can escape the usual safeguards of the application and execute code on the machine.

DOS/DDOS: This stands for denial of service/distributed denial of service, this is when someone tries to make a machine or network resource unavailable to its intended users by disrupting the service of the host. Usually this is done by sending so much traffic to that resource that it gets overwhelmed and can’t respond to legitimate requests. However, that is not the only way it can be performed. Popular targets may be a company’s website, web application or in the case of video games another person’s router. 

Final Thoughts

This is not an exhaustive list of everything a hacker needs to know, it’s just the basics. Having a good understanding of these topics will keep you from getting lost if you’re trying to follow tutorials and get started learning how to hack computers. However, as technology changes so will the things you need to know so it’s important that you’re comfortable with learning new things all the time. Some people prefer to achieve mastery in a career field, if you’re that personality type then trying to be a hacker may not be the best career choice. In my opinion it’s best suited for people that genuinely enjoy learning more about the discipline.