I was wrong about hacking.

My Journey to Penetration Testing: Week 1

I started my journey wrong. Focusing mostly on an arbitrary end goal but not on what it really meant to become a Penetration Tester. So.. what did I discover this week?

Being an Ethical Hacker / Penetration Tester / Red Teamer

What's the goal? To have an unauthorized access into someone else's Information Systems (but with authorization!). So the goal is to use knowledge, skills and tools to become "root" in someone else's computer, which means you can do everything as if you were the owner of the PC.

It revolves around actually knowing what you're trying to attack. If a particular Windows protocol is weak (remember the RDP vulnerability), you can engineer an attack to gain unauthorized access.

Break it or build it first? An upside down approach

When you start with breaking, you are more or less a child. You use tools to pwn the world like a h@ckz0R but in reality you have no idea what is actually happening. Is it a problem? Yes, I think it is.

Being a script kiddie is good when you're just starting but if you really want to know your stuff, you have to know the ins and outs as well as a sysadmin or a developer. Knowing how the people who build work is the best way to figuring out how to break it.

Is hacking separate from IT?

No. Hacking is IT. It's what was not intended with IT. It's finding how I could make the machine do something it was not supposed to. Which is the exact path to mastery.

You want ot know how to break anything? First learn how it works. If you know it in depth, you won't have to think too much when trying to break it, you just need to shift your mindset to "what could go wrong if this or that does this or that". If you don't know your stuff, you can only execute things others thought about.

*Updated gameplan

Thanks to LiveOverflow (really recommend his channel, a goldmine), my mindset has changed. I want to last in this field and I was thinking about this whole journey wrong.

Learning the fundamentals and enjoying myself, these are my goals now. For this purpose I'll look at the curriculum from the A+ certification from CompTia. It gives a great foundation about Operating Systems, Networking, Security, Hardware, etc.

At the same time, at my rhythm I will go through the CS50 Course from Harvard. I already watched the first lesson and I will share my Scratch program next week (hopefully). This course is super entertaining and engaging and I know the problem sets are very difficult (Programming in C as a beginner...) but you'll learn so much I want to try to experience and hustle through it.

I'll be out of my comfort zone from Day 1 but that's what amazing about it. Stretch goals are when you actually grow. Master the known is less valuable than struggling in the unknown. Let's get started (for real this time).