To start this blog with, I have no special introduction and things like that. All that is left is some regret that I wish I realized these things earlier and took some solid actions. And yes knowing some thing is never enough, you/we have to get things done. For now everything you need to know about me is that I am Madhura Nadh (aka mccleod1290), a cyber-security student from India. With that being said, let’s get started.
There is no pathway to learn cyber-security (or) hacking
Don’t hate me for saying this, when you look online and read countless blogs and hear success stories of other cyber security professionals across the world, you realize that different people recommend different things. Some say do do try hack me, some started directly with hack the box, some practically studied everything and doing great things without any certifications (Null byte, Vivek Ramachandran,and many more infosec professionals). Although their paths and recommendations might sound similar, but in reality with time we realise their paths were entirely different.
So what is the solution? Build your own road map, (things and plan does not have to be specific and rigid), don’t be afraid to discover free and legal topics across internet, and if you have a topic to be learned then getting lost in rabbit hole helps you to be better person. Although this approach might sound weird for some one who is aiming for a particular certification, but I have faith that learning things which are not in the syllabus of certifications will surely help us one day. Exploring this feild, read blogs, articles and surfing countless videos related to this topic, asking professionals on telegram groups will help to figure out a path, but that should the one which you have made by your-self. Blindly following people who say what you should is no different than DICTATORSHIP!.
Courses are not the solution to learn XYZ
Courses are fantasic to learn a particular thing in less time, but learning is not just mental process and mugging up lessons from online videos. Humans learn things by experience and experience comes from doing things. Learning takes both mental and physcical work, in this case it requires things to do practically. Now people across internet say “Oh you want to do practical stuff? do try hack me and hack the box”. But they are missing the bigger picture, you can learn any thing practically (at-least defensive side of cyber security) by doing things your-self. Although I did not reach that level to do things by one-self, but I am doing my best to learn basic things on my own :).
Again, don’t get me wrong, I personally use try hack me to learn things, but I wish I had used it as suppliment or reference material to my learning. Try hack me really good, and someday near future I am planning to start hack the box. Let’s hope everything goes as we have planned. Another funny thing which I am unable to understand is that people make courses on things like “How to become good in Linux” when in reality you can learn every command by using “apropos”, “which”, “whereis” and “whatis”. This video from cyberspatial helps to understand how use these commands to learn things on own( You can also refer to this extensive list of free resources on “Linux” to learn more about linux in depth.
Using “RIGHT” keywords to get what you want and become a good troubleshooter in general
Using google to get answers what you is and art in itself. Sometimes you need not have to use advanced google fu commands like site: filetype: etc. Using right key word on google will give us right answers. One good example of this is:
1.Searching of “fish recepies” instead of “how to cook best fish for dinner” makes things lot easier. Don’t worry google only displays best results by SEO (search engine optimization).
2.So how can we apply the same in cyber-security? This is very simple. Let’s say your linux machine got into some problems, and you need to do manually fdisk check or solve dns issues. If you are using debian based distribution then instead of typing “how to solve xyz on debian” type in “how to solve xyz on ubunt”. Now why ubuntu? becuase it has large community support and 99.9 common issues are on ubuntu forums. If you are using non kali penetration testing distributions, search for the same error on kali. This will greatly save time and effort.
And for DNS issues, people who say editing /etc/resolv.conf will solve issues. No /etc/resolv.conf is just a temprorary file and to solve DNS issue permenently you need to edit it’s BASE or HEAD file. For this, instead of googling, how to fix DNS issues, typing something like “How to fix no internet connection on linux” or “how to solve DNS issue on linux” you can type in “how to set fixed/permanent DNS on linux”. Choosing the right keywords on google is the key to solve almost any well known common errors on linux. This equally applies to windows as well.
Whenever I hear the term “toubleshooting” people refer to “Comptia A+” certification as a HOLY BOOK for troubleshooting and fundamentals. If you check for the syllabus of this certification online then you will be surprised to see that only some practical theories related to HOW to solve xyz problems are only given. And the audiance for this course is for people who are aiming for HELP DESK job roles in IT, that means it is safe to assume that this course was inteneded to give only BASIC approach on troubleshooting which are RELATED to problems in IT companies. When we begin to use a router or something an operating system we are bound to face some issues and the first step to solve these things is to find what and where is the error. For example is there is no internet connectivity in your machine, try is this a problem of DNS, or your web browser/applications are not working? or is this an fault or mis-configuration of network settings from your side? Finding where the error is really solves lot of time and energy. And I really wish I realized earlier that YOU CAN BE A GOOD TROUBLESHOOTER WITHOUT A+. After all a single task be be attained in millions of ways and there is no one way of doing things.
Another common issue faced while using linux or any other operating system is that some apps can’t be installed. Well for this linux offers you mutliple ways to install same application. It is safe and wise to try all these methods. Unable to git clone and execute the app? Use appimage or .deb file. Unable to install .deb file? check if dependies are properly installed or not using dpkg (https://unix.stackexchange.com/questions/159094/how-to-install-a-deb-file-by-dpkg-i-or-by-apt). If everything fails, try downlading an application using propeitry stores like SNAP. Be cautious, and only download trusted and well known apps from SNAP package manager.If you are not sure about an application which you will be downloading from snap and you better do for other options and only use SNAP as your last resort. Why? because ubuntu have removed snap from this operating system, because there was a cryptominer combined to an app from snap. Read more about snap on wikipedia .(https://en.wikipedia.org/wiki/Snappy_(package_manager))
Document every single thing which you learn and come across in your journey
This is quite underated. Despite giving my best to document my learning journey on daily basis, I really wish I maintained something like a “Linux Journal” where I can write every single issue and solution for that particular problem. This can be applied to any new thing which we are currently learning. Without proper notes and documenting learning process, progress slows down after all you can only improve what you can MEASURE. If we can’t measure our learning journey we fail to IMPROVE it.
Finding a right place and right people to ask ask RIGHT questions.
Getting trolled in infosec community is a common thing, but finding the right community and right set of people can boost your learning journey. For me the right community was ETHICAL HAX community on telegram and the right person was NINJA CIA (his real name is discolsed and we only know him by his telegram name). He was the first person who ever taught me tho think beyond courses and encouraged me to find my own path. Although I regret asking simple questions which we can find answers by LEARNING, to this day I am really grateful for not mocking me whenever I messaged him. His short answers and advices trigger us to find answers by your-self which is the one of the best ways to learn new things. I will be grateful to you sir. And yes asking wrong questions can end you getting trolled. Refer this article to learn how to ask right questions (https://dontasktoask.com/).
Last but not the least…
Having a back up plan for everything
As a cyber-security person or cyber-security enthusiast, people recommend it is always better to have backup of everything which is important as we never know what we might lose due to a system crash or a HACK. On our day to day life, we fail to follow this same principle. If I had only implimented this thing in to my learning, then I would have improved my productivity a LOT, (this single method would have doubled or tripled my productivity). We always think that making SMART(Specific, Measurable, Achievable, Realistic and Time bound) goals can help us to attain what ever we want. But we fail to think, what if I was not able to complete this task in X time period? Realistically speaking learning can’t be achieved by setting time bound targets as it is an endless process in IT. It is always better to have few hours saved, which can be used if we were not able to complete a topic in time.
For example, if your friend suddenlny comes home or you get invited to play “Call of Duty” or if you are forced to go outdoors due to some work, then there will be many cases where you can’t say “NO”. So to tackle this issue, you can wake up early in the morning to get things done, or stay up awake late night (not recommended for a morning person) to complete your learning process. Having a flexible backup plan for learning is something which can’t be neglected. You don’t have to work/learn all day and burn out your-self. It is best if one can study and learn in their own pace. After-all you and I are learning new things for our own sake.
With this we come to the conclusion of this article. Now is the the million dollar question for you guys out there, what thing you wished you realized earlied? It would be great if you can mention it on comment section so that we all can learn something valuable from you. I am thankful for all of you who have read this article till the end. Feedbacks are always welcome, and you can DM me on twitter or on telegram (@mccleod1290).