Open in app

Sign in

Write

Sign in

A day in the life of an Ethical Hacker

All you need is code < 3
5 min readApr 24, 2020

--

Breaking away the stereotypes that Netflix prescribed us

Photo by Clint Patterson on Unsplash

When I was 15 years old I visited the local university out of boredom during the holiday summer period.

Walking around the corridors, I stumbled upon the bulletin board where all the university extracurricular activities were displayed, including also a couple of summer freshman parties.

It was a small and very modest bulletin the one that caught my attention: “Introduction to Intrusion Techniques. It just sounded obscure and different and for a teenage girl, quite appealing.

When I arrived to the first lecture, I was already expecting to be sitting in a group with a bunch of guys wearing black hoodies and t-shirts with geeky quotes written on them. But none of that was true. I was sitting with 15 others very social, kind and smart people wearing ordinary jeans and casual t-shirts. Little did I know that this summer course was about to change my life completely.

I have been involved in the cybersecurity world for already 12 years and learning about it in more than 5 countries. And I am here to break some of the misconceptions that have been floating around about “ethical hackers”. This is my experience:

1. Hackers work in dark rooms using a black screen with green coloured font and symbols that nobody understands

Yes maybe Kali Linux (the Linux distribution that is most commonly used for pentesting activities) is mostly used with a black coloured terminal but things are definitely not as in the movies.

Pen-testing (hacking by demand) are highly controlled activities. The end customer defines what it is allowed and what it is not allowed during the testing. You have certain limitations of what you can and you cannot do. Also, as in any project you need to define from the beginning what are you planning to do. Most of the time, you follow the so-called “Cyber Kill Chain” methodology (or parts of it). And in the end, you need to deliver a report. Yes, a Word Report (Netflix doesn’t mention the Word reports, right?).

Black screens do play a role, but mostly anybody that uses any Linux Distribution will also have to face the dark screen. And it is not so obscure or secret what is written there. Most of the time, the tools are quite user-friendly. You have manuals for every Linux Tool and the syntax it’s quite straightforward. No hocus-pocus or Harry Potter mystery there.

2. Hackers go to companies pretending they are employees and connect to the network to hack everything. Like in the movies!

I could already buy a new iPad 2020 if I would charge one penny every time I hear this! haha

As an Ethical Hacker most likely you will be facing with four types of challenges:

  1. Pentesting
  2. Phishing Campaigns
  3. Forensics
  4. Red Teaming

From all of those, Red Teaming (entering a company building pretending to be an employee) its the least common one. This is the least common for a reason: Because it is the one that presents the highest risk for a company. If something goes wrong during the Red Teaming this could heavily affect the company operations ($$$ if you know what I mean). Therefore, similar to Pentesting, Red Teaming activities are highly regulated. You need to announce (at least to one person) from the beginning what are you pretending to do. Most of the times you have two options: Black Box and White Box. For a Black Box you have no knowledge or whatsoever about the company or its resources while for a White Box you already start with some basic information (IP, access to a network segment, emails, etc.). Most of the times companies go for a White Box approach as Black Box activities can take too long (and again that means $$$$). So no, definitely not as in the movies.

3. For being a hacker you need to be an expert in all the IT domains.

Yes and No. Makes sense? haha

I think it is definitely important to know a bit about everything before you start. The problems that you will face will be all so different from one another. One day you will be working with an SQL database and the next day with a Web server.

Even today having knowledge in IT it is not enough. After the introduction of the Internet of Things, where a bridge between the digital and real-world was created, a new branch of cybersecurity emerged: Operational Technology Cyber Security.

But the secret here is the practice. Learning on the go. Acquiring as much experience as possible its the key to ethical hacking. Once you go through a fairly good number of cases, you will see that most of the cyber security breaches are repeated all over again. Experience and practice create the master. And the same for ethical hacking. I recommend practicing your skills in a platform such as Hack The Box where you can find many good challenges that can help you improve your hacking abilities.

4. Why there are some hacking engimas where you have a kitten picture and that is the secret password to the unkown?

Those are CTF (Capture the Flag) exercises. They are very different of what you will face in real life when doing pen-testing. Most of the time CTF exercises can help you practice your hacking skills and you can even win nice prices! These are very un-real, riddle base problems where the objective is to get the user and root “flags” (a series of random numbers).

If there will be a way to classify the hacking problems you could face it would be:

  1. Real-Life (Pen-testing like)
  2. CVE (Exploiting an already known vulnerability)
  3. Custom exploitation (Creating your own exploits! This is very fun!)
  4. CTF (Capture the Flag)
  5. Enumeration (extracting information)

I will talk about them in more detail in the following article. Let me know if you are interested in a particular one :)

5. And of course the most common one: Hackers are socially awkward people. Most of the time guys that always wear black hoodies.

Well… I am not a guy haha. It’s true that the ratio male-female in the cyber-security world can be a bit unequal. But every day more and more girls are joining the cybersecurity train.

Of course, there are certain personality traits that you may need to have for you to be sitting a large part of your day in front of a computer trying to crack something. But some of my colleagues are quite nice and talkative people. Like in every profession you will find a lot of personality flavours, the same goes for people in cybersecurity. There are a lot of flavours. Believe me… a lot.

Also, I haven’t seen any of my colleagues using Black Hoodies. Sometimes they even wear more colours than you can spot in the rainbow. In my personal experience, I have a tradition to go every year to Milan Fashion Week. I really enjoy assisting to Dior and Dolce Gabbana shows. Of course, once in a while, a black hoodie is not bad. But I more the girl in her high heels and colourful dresses.

Hope this article explained a bit the misconceptions that are floating aroung ethical hackers!

Leave a comment and tell me your opinion!

Happy Hack

Mony

Cybersecurity
Hacking
Technology
Coding
Tech

--

--

All you need is code < 3
All you need is code < 3

Written by All you need is code < 3

4 Followers
7 Following

A version of life according to an ethical hacker

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams