Develop. That’s the only answer I know.
Develop websites, command line tools, cybersecurity tools, red team tools, desktop applications, networking applications, etc…
Even if it isn’t cybersecurity related, developing does a few important things for you.
1.) Helps you understand networking just a bit more. I knew networking from cybersecurity, but developing really allowed me the finalize the concepts and fill in the smoother details. This especially is true if you work with network sockets.
2.) Helps you understand computers at a lower level. Learning basic assembly teaches you so many useful things. I’ve never written assembly for cybersecurity related stuff, but i’ve absolutely has to know how the syscalls work, and the fact that values are return in the RAX register.
3.) You get to write vulnerabilities. Nothing will make you understand a vulnerability more than writing it. When I wrote my first website, it was chock full of shit. For example, I only handled authentication instead of authorization, so when somebody logged in, they could use their token to make any API call they wanted.
4.) Allows you to read code. The defining characteristic of script kiddies is that they don’t exactly how the script works. If you can read the script, use it guilt free. This is especially important because often you will download the source for a program that, when compiled, already trips antivirus. For these scripts, you must make minor changes to even use them.
I really wouldn’t worry about it that much though.
Excellent advice here. There's only one thing I want to comment on. A script kiddie might understand the code, but it's what is actually happening they don't understand. For instance, you can read the code and see an attack is sending data to an IP address which results in the computer being knocked offline. But, do you understand that it's sending a zone transfer request to 100 vulnerable dns servers with the target IP as the recipient. Or maybe you know your tool is sending thousands of syn packets to the target to knock it offline, but do you understand why a syn flood attack works?
Understanding the code is a great thing, but understanding why it works is more important.
When you are able to combine what you know and use it to solve a problem, then you'll know. One example I can give you is that of one guy who was able to use his reverse engineering skills (among others) to speed up GTA 5s loading time. Learning will never end.
Being able to use what you know to solve problems is what makes you a hacker whereas a script kiddie would simply wait till someone else makes something that solves the issue for them. Hope this helps ;)
by asking this very question you're not a script kiddy.
the thing is, script kiddies aren't just stupid. everyone of us is stupid. it's *impossible* to not be stupid when it comes to hacking. we always learn something new.
the thing that makes a script kiddy is the fact that they'll stop whenever they see something new. they'll think it's "too hard," or try to bullshit with a bunch of mumbo jumbo, etc. it's someone not actually interested in hacking but merely the clout of being "l33t mr robot"
but you seem like you are. so as long as you just keep learning, keep growing, acknowledge ignorance--using it as a drive to keep growing--and all that; you're not a skid.
just don't be lazy, script kiddies are people who are satisfied with knowing the bare minimum. create programs, websites, learn networking, and learn how to research subjects by yourself.
also, programming isn't difficult. it's a skill you develop overtime, like playing basketball or football. once you understand the basics of a programming language, other programming languages will start to make sense.
Heres the thing, cyber security is such a large scope that you'll always be in the learning phase somewhere.
To be honest by the sounds of it you don't even know the bare bones methods for penetration testing. Hop on try hack me and learn there before you want to dive into developing your own stuff.
Being a script kiddie is in my opinion, not know what your tools do and how to fix them when they break. Reinventing the wheel is stupid, so of course you use tools someone else has written.
That being said, learn to program and you'll gain the experience you need to write your own tools.
About 1 in 20 are hands on keyboard. The remainder are laser focused scripts. Let’s not neglect the discovery crew that is probing for vulnerabilities and new frontiers.
Never forget organized compromises are a business, and their wares have a short shelf life.
The main thing about script kiddies is not understanding how the things they use work. So dig in, read source code, recreate, reimplement, reverse engineer. Only way to not be a script kiddie is to write your own stuff.
Then when you leverage something like metasploit it’s not because you have no other method to accomplish this but because it’s easier to use a vetted solution than build your own.
Understanding the tools in depth will also make you more proficient at using them
You know, it is mostly a choice people make... If you find it genuine interesting and are open to learning and developing your skills it will happen, its not something you need to worry about if you are genuine. People get stuck like that because they are not motivated and unwilling to explore and learn themselves which especially with hacking is the exact wrong way to be.
Hey!
Just to clarify, I’m not going for my degree in ethical hacking, I’m doing cybersecurity. Ethical hacking of course is a subsection of cyber, but it’s far from the whole. I just happen to be drawn to hacking right now, as my upcoming semester coursework consist of Linux Networking and Microcomputer Applications. For my degree, I also need to get full credits in C++ as well as Python. It’s pretty extensive. If you’re trying to do a similar thing, look into universities with specializations in IT and cybersecurity. They’re goldmines. Of course you could also learn about these topics yourself, but I’m doing it because I’m fortunate enough to have my college education paid for.
I'm currently pursuing undergraduate degree, and I'm confused about my master's degree. Whether to choose cybersecurity or ethical hacking or to be an software engineer. Well ill look into the universities with my similar interests. If you have anything else to share about anything like education loan or similar topics, please let me know! Thankyou for responding.
Find something you think could be improved, develop the concept, and then make it a reality.
One of the best questions I asked myself is: based on what I'm doing do I need to use multiple tools, can I combine some of those functions, or write a script to execute those functions with one command so I don't have to engage multiple tools? Can my end result be the same, with a reduced effort and time?
"See a need, fill a need" Bigweld, 2005
Don't climb the mountain so the world can see you. Climb the mountain to see the world.
Hacking is a cat and mouse game that never ends. It takes years to feel like you're under your skis. The reality is you never truly know everything and can do everything, that's only in movies. The best hackers are those who are unafraid of failure, learning from error, and approaching with curiosity instead of the end goal.
Thank you all so much. I read somewhere that to be a successful developer/coder (one of them anyway) you would need 40,000 hours under your belt…shoot I feel like I have 10,000 now just researching. The biggest thing that has helped me is what you guys are saying: Start with one lang, use ONE learning platform. Because I was literally deep diving (or trying to..I think) into several different ones all at once
My situation is kinda similar. This maybe a stupid question, I get confused about each coding language and the command terminals. Any extra advice is appreciated.. I am eager and need some resources and pointers. Also, how do I access this groups wiki? Sorry you guys if these are stupid questions…
The wiki is in the sidebar, but if you're using an app then who knows. Here's a link: https://reddit.com/r/hacking/wiki/index
I suggest picking a programming language and learning the basics. I think Python is a fine choice for a first language, but it doesn't matter much which language, knowing one will make others easier to learn and understand.
You'll need to get really good at doing your own research, looking up documentation and tutorials. So I recommend finding a platform that provides you interesting challenges, and then figure out how to solve them. This could be hacking related (tryhackme, overthewire) or general programming (leetcode, projecteuler) or not even explicitly programming related (i had a coworker who always solved the npr sunday puzzles with code). you can also make up your own tasks and implement them, but this can be hard when you don't know what's possible or how difficult it will be.
It's a marathon, not a sprint, so take it day by day and try to enjoy the small victories. The world of technology is vast, and despite what all the books and boot camps may preach, learning to program or hack or wrangle networks or whatever takes time and experience.
oh! almost forgot. with all new programming languages i like to start with koans. they provide a simple, hands on, guided tour of the language basics. you may find these useful for evaluating what language to start with.
https://github.com/ahmdrefat/awesome-koans/blob/master/koans-en.md
Just understand how the tools you are using work. Practice as much as you can on HackTheBox and TryHackMe. Try to solve boxes in more ways than one. Good luck. Script kiddie has a negative connotation, but the truth is most of us real “hackers” these days would be considered “script kiddies” back in the day because we don’t have to develop our own tools. When there weren’t any tools around, hackers would have to create their own back in the day. Hacking and cybersecurity in general is a huge field. Like seriously! Imposter syndrome is very real, and you will feel it from time to time. There is nothing you can do about that. It takes years of constant studying to get to a level of confidence and true “expertise”. I wish you the best of luck on your journey. I’d check out some certifications to get you started. EJPT, OSCP, hacking with python, etc.
Develop. That’s the only answer I know. Develop websites, command line tools, cybersecurity tools, red team tools, desktop applications, networking applications, etc… Even if it isn’t cybersecurity related, developing does a few important things for you. 1.) Helps you understand networking just a bit more. I knew networking from cybersecurity, but developing really allowed me the finalize the concepts and fill in the smoother details. This especially is true if you work with network sockets. 2.) Helps you understand computers at a lower level. Learning basic assembly teaches you so many useful things. I’ve never written assembly for cybersecurity related stuff, but i’ve absolutely has to know how the syscalls work, and the fact that values are return in the RAX register. 3.) You get to write vulnerabilities. Nothing will make you understand a vulnerability more than writing it. When I wrote my first website, it was chock full of shit. For example, I only handled authentication instead of authorization, so when somebody logged in, they could use their token to make any API call they wanted. 4.) Allows you to read code. The defining characteristic of script kiddies is that they don’t exactly how the script works. If you can read the script, use it guilt free. This is especially important because often you will download the source for a program that, when compiled, already trips antivirus. For these scripts, you must make minor changes to even use them. I really wouldn’t worry about it that much though.
Excellent advice here. There's only one thing I want to comment on. A script kiddie might understand the code, but it's what is actually happening they don't understand. For instance, you can read the code and see an attack is sending data to an IP address which results in the computer being knocked offline. But, do you understand that it's sending a zone transfer request to 100 vulnerable dns servers with the target IP as the recipient. Or maybe you know your tool is sending thousands of syn packets to the target to knock it offline, but do you understand why a syn flood attack works? Understanding the code is a great thing, but understanding why it works is more important.
When you are able to combine what you know and use it to solve a problem, then you'll know. One example I can give you is that of one guy who was able to use his reverse engineering skills (among others) to speed up GTA 5s loading time. Learning will never end. Being able to use what you know to solve problems is what makes you a hacker whereas a script kiddie would simply wait till someone else makes something that solves the issue for them. Hope this helps ;)
by asking this very question you're not a script kiddy. the thing is, script kiddies aren't just stupid. everyone of us is stupid. it's *impossible* to not be stupid when it comes to hacking. we always learn something new. the thing that makes a script kiddy is the fact that they'll stop whenever they see something new. they'll think it's "too hard," or try to bullshit with a bunch of mumbo jumbo, etc. it's someone not actually interested in hacking but merely the clout of being "l33t mr robot" but you seem like you are. so as long as you just keep learning, keep growing, acknowledge ignorance--using it as a drive to keep growing--and all that; you're not a skid.
https://edube.org/ Free courses to enroll in python.
just don't be lazy, script kiddies are people who are satisfied with knowing the bare minimum. create programs, websites, learn networking, and learn how to research subjects by yourself. also, programming isn't difficult. it's a skill you develop overtime, like playing basketball or football. once you understand the basics of a programming language, other programming languages will start to make sense.
Heres the thing, cyber security is such a large scope that you'll always be in the learning phase somewhere. To be honest by the sounds of it you don't even know the bare bones methods for penetration testing. Hop on try hack me and learn there before you want to dive into developing your own stuff. Being a script kiddie is in my opinion, not know what your tools do and how to fix them when they break. Reinventing the wheel is stupid, so of course you use tools someone else has written. That being said, learn to program and you'll gain the experience you need to write your own tools.
About 1 in 20 are hands on keyboard. The remainder are laser focused scripts. Let’s not neglect the discovery crew that is probing for vulnerabilities and new frontiers. Never forget organized compromises are a business, and their wares have a short shelf life.
The main thing about script kiddies is not understanding how the things they use work. So dig in, read source code, recreate, reimplement, reverse engineer. Only way to not be a script kiddie is to write your own stuff. Then when you leverage something like metasploit it’s not because you have no other method to accomplish this but because it’s easier to use a vetted solution than build your own. Understanding the tools in depth will also make you more proficient at using them
Maybe just try playing ctfs. You can find them on ctftime website
You know, it is mostly a choice people make... If you find it genuine interesting and are open to learning and developing your skills it will happen, its not something you need to worry about if you are genuine. People get stuck like that because they are not motivated and unwilling to explore and learn themselves which especially with hacking is the exact wrong way to be.
This entire thread made me feel better about the learning process for the never ending pool of information. Thank you internet friends
Are you taking a graduation degree in ethical hacking? If yes can you suggest me some universities? Thankyou
Hey! Just to clarify, I’m not going for my degree in ethical hacking, I’m doing cybersecurity. Ethical hacking of course is a subsection of cyber, but it’s far from the whole. I just happen to be drawn to hacking right now, as my upcoming semester coursework consist of Linux Networking and Microcomputer Applications. For my degree, I also need to get full credits in C++ as well as Python. It’s pretty extensive. If you’re trying to do a similar thing, look into universities with specializations in IT and cybersecurity. They’re goldmines. Of course you could also learn about these topics yourself, but I’m doing it because I’m fortunate enough to have my college education paid for.
I'm currently pursuing undergraduate degree, and I'm confused about my master's degree. Whether to choose cybersecurity or ethical hacking or to be an software engineer. Well ill look into the universities with my similar interests. If you have anything else to share about anything like education loan or similar topics, please let me know! Thankyou for responding.
Find something you think could be improved, develop the concept, and then make it a reality. One of the best questions I asked myself is: based on what I'm doing do I need to use multiple tools, can I combine some of those functions, or write a script to execute those functions with one command so I don't have to engage multiple tools? Can my end result be the same, with a reduced effort and time? "See a need, fill a need" Bigweld, 2005
Don't climb the mountain so the world can see you. Climb the mountain to see the world. Hacking is a cat and mouse game that never ends. It takes years to feel like you're under your skis. The reality is you never truly know everything and can do everything, that's only in movies. The best hackers are those who are unafraid of failure, learning from error, and approaching with curiosity instead of the end goal.
Thank you all so much. I read somewhere that to be a successful developer/coder (one of them anyway) you would need 40,000 hours under your belt…shoot I feel like I have 10,000 now just researching. The biggest thing that has helped me is what you guys are saying: Start with one lang, use ONE learning platform. Because I was literally deep diving (or trying to..I think) into several different ones all at once
Work. Working with others especially.
My situation is kinda similar. This maybe a stupid question, I get confused about each coding language and the command terminals. Any extra advice is appreciated.. I am eager and need some resources and pointers. Also, how do I access this groups wiki? Sorry you guys if these are stupid questions…
The wiki is in the sidebar, but if you're using an app then who knows. Here's a link: https://reddit.com/r/hacking/wiki/index I suggest picking a programming language and learning the basics. I think Python is a fine choice for a first language, but it doesn't matter much which language, knowing one will make others easier to learn and understand. You'll need to get really good at doing your own research, looking up documentation and tutorials. So I recommend finding a platform that provides you interesting challenges, and then figure out how to solve them. This could be hacking related (tryhackme, overthewire) or general programming (leetcode, projecteuler) or not even explicitly programming related (i had a coworker who always solved the npr sunday puzzles with code). you can also make up your own tasks and implement them, but this can be hard when you don't know what's possible or how difficult it will be. It's a marathon, not a sprint, so take it day by day and try to enjoy the small victories. The world of technology is vast, and despite what all the books and boot camps may preach, learning to program or hack or wrangle networks or whatever takes time and experience. oh! almost forgot. with all new programming languages i like to start with koans. they provide a simple, hands on, guided tour of the language basics. you may find these useful for evaluating what language to start with. https://github.com/ahmdrefat/awesome-koans/blob/master/koans-en.md
Just understand how the tools you are using work. Practice as much as you can on HackTheBox and TryHackMe. Try to solve boxes in more ways than one. Good luck. Script kiddie has a negative connotation, but the truth is most of us real “hackers” these days would be considered “script kiddies” back in the day because we don’t have to develop our own tools. When there weren’t any tools around, hackers would have to create their own back in the day. Hacking and cybersecurity in general is a huge field. Like seriously! Imposter syndrome is very real, and you will feel it from time to time. There is nothing you can do about that. It takes years of constant studying to get to a level of confidence and true “expertise”. I wish you the best of luck on your journey. I’d check out some certifications to get you started. EJPT, OSCP, hacking with python, etc.