Becoming a cybersecurity ethical hackerFrom Zero to Hero

2

Geek

20 year of experience doing hacking

Authored tools / articles / books / etc

Speaker at conferences around the world

Volunteer at OWASP

Still getting the same thrill when compromising a host

CEO at SECFORCE

ME

3

IT Security Consultancy – penetration testing

Highly specialised in offensive security

Teams located in London (UK), Greece and Malta

SECFORCE

Red Team Testing Penetration Testing

Agenda0

5

Offensive security career1

Agenda – from Zero to Hero

234

Technical skills

Mindset

Resources

5 Questions and answers

Offensive Security1

Who would like to be a hacker?

8

9

10

11

Reality is quite different

13Offensive Security Career

We work in a highly professional environmentWe focus on customer satisfactionWe follow due diligenceWe work hard to do a great jobEtc.

14Offensive Security Career

So, what do we do?

16Penetration Testing

17Penetration Testing

My next move…

19

20How to become a hacker - requirements

1 – Technical Skills2 – Mindset

Technical Skills2

22Technical Skills

23Why technical skills are necessary?

You will only be able to attack technology that you understandThe better you can use something, the better you will misuse itThe stronger your technical foundation, the easier it will be to build new knowledge

24Technical pillars

Operating Systems Networking Applications Programming

Windows*nixActive DirectoryOS Security

TCP/IPISO layersNetwork layer attacks

Web/mobile technologiesApplication security

Scripting languages

25Technical security

Infrastructure and application securitySpecific attacks to technologyAttacking techniques (bruteforcing, password cracking, memory manipulation, privilege escalation, etc.)Active Directory trust and policiesVulnerability research (fuzzing, etc.)Exploit writing

Memory layoutMemory corruption bypassetc

Mindset3

27Hacker’s mindset

28Hacker’s mindset

Hacking is about using technology in unintended waysA hacker would not follow normal user rulesNatural ability to misuse software

29Hacker Mindset

30

31

Link all nine dots4 lines or lessWithout lifting the (imaginary) pen or pencilWithout tracing the same line more than once

Think outside the box

32Think outside the box

33Motivation and passion

Sky is the limit – you will never learn it allThe best hackers I know are profoundly passionate about hackingBeing a great hacker requires A LOT of work. Only possible if you truly love itEven though it may be a 9 to 5 job, it is not. It is almost a lifestyle

34Quick learner/researcher

35Quick learner/researcher

Learn how to learnYou will need to solve new puzzles every dayIt is important to identify dead ends and rabbit holesYou may need to become an expert on something overnight

36Determination

37Determination

Talent will only take you so farPersevering on a problem will take you from there onwardsOf the hackers I know, the harder they tried, the luckier they became

38In summary

Technical skillsOSNetworkApplicationCoding

MindsetOut of the box thinkingQuick learnerDetermination

Resources4

40Resources

BooksVideosWebsitesFormal education

41Books

42Books - advanced

43Videos

44Videos

45Videos

46Videos

47Websites

48Websites

49Websites

50Websites

51Websites

52Websites

53Websites

54Formal Education

55Formal Education

56Formal Education

57Formal Education

58

Questions?5

rodrigo.marcos@secforce.com

Thank you!