How to think like a hacker

Welcome to my blog! ..and my very first post!

Although there are many more security blogs just like this one, I decided to write mine for one particular reason, amongst others. Keep a journal of what I learned, which will be related to IT security. And if my findings/learnings can help someone else, then its just great! And it can also be a portal for more experienced hackers, security analysts, pen testers that can share with me other views on my methods.

It takes a thief to catch a thief

The approach I'm taking to practice IT security is to try and become a hacker myself. I may have studied IT in college, but real hackers are self-taught, its an art that cannot be acquired through school programs or books, it requires practice, creative thinking and dedication. And to defend yourself in cyberspace, you need to think like a hacker to anticipate his moves. You must change your role from being the victim to being the attacker. Just standing on the defensive indicates insufficient strength and you can ensure the safety of your defence if you only hold positions that cannot be attacked, hence Sun Tzu's saying: that general is skillful in attack whose opponent does not know what to defend; and he is skillful in defense whose opponent does not know what to attack. Ability to defeat the enemy means taking the offensive.

The art of war teaches us to rely not on the likelihood of the enemy's not coming, but on our own readiness to receive him; not on the chance of his not attacking, but rather on the fact that we have made our position unassailable. Supreme excellence consists in breaking the enemy's resistance without fighting. The capitulation of the attacker (or hacker) before an attack is the best scenario!

So how do i become a hacker?

I think Eric Raymond really set out a good path to follow, here's my own interpretation of what he said:

• Learn how to program: This is a fundamental hacking skill. To be a hacker is not simply to know how to use a computer, but you must be able to "talk to it". The language you pick is not the important part, its the way you think and use it, in creative ways to solve challenges you set. And thats not thought in books or school (most hackers are self-thought too). Python is an extremely good language to start with. Its cleanly designed, one of the easiest to learn for a beginner while still being a very powerful and flexible language. Point is, just pick one to start and learn it well, then expand.

• Get a unix-based system - Linux: Learn how to install it, run it, customize it, not just use it. Anybody can use a computer nowadays. Some people will say its possible to learn hacking on windows, while being true, its not the most efficient way. Windows systems are binary-distributed, you cant read the code nor modify it, generally speaking. Also,unix is the system of the internet. Yes you can use windows to "go on the internet" but understanding it without understanding unix is making it unjustifiably harder. It might not make sense what im saying now, but you'll understand a little more when you start network programming. Everything is based on the BSD sockets model of network programming, winsocks too.

• Learn HTML: Its the language spoken on the web, know it! Perhaps thats where you should start and we should reverse my list! SQL/php would now fit in this category as well, although when you'll get pro-efficient at the first two points, this will be easier.

 There, you have it, how to begin your journey into thinking like a hacker. Next I will start posting articles based on these 3 points -- linux, programming and web applications along with methods and techniques related to IT security.

"If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle." --Sun Tzu