When it comes to adding brainpower, we have a funny situation at Citadelo. Many people would like to work for us, but very few actually make it through the selection process. In this blog, not only will you read how to make it through the process, we’ll teach you how to become a hacker. After reading to the end, not only will you know how to hack your girlfriend’s Facebook account, the day after that it’ll be the NSA.
Okay, okay, okay… It’s not going to be quite like that. First off, I should probably point out that this article is not intended to teach you how to hack. It’s meant to describe the path to becoming an ethical hacker, and keep in mind, both words are important here.
Not surprisingly, becoming an unethical hacker is easier in many cases. Even a person who isn’t a good programmer or doesn’t understand networks can hack these days. They buy exploits on the black market, rent botnets, and go for it. Which is exactly the way we’re NOT going to help out here. We strongly urge you not to buy into this. It’s not cool. It’s not ethical. It’s not legal. Simply, don’t do it.
I usually say that the ideal hacker profile is of a person who got a toy when they were eight. First, they played with it for a couple of hours. Then took it apart because they were curious to see what was inside and how it worked. At best, they took it apart and put it back together. Even better yet, it still worked in the end :)
A hacker is a person who has a passion for technology and wants to explore it in great depth. However, working as an ethical hacker requires an understanding of multiple technologies and a further understanding of how to master their strengths and weaknesses. It’s also important to be able to easily understand new technologies. It’s often the case that an ethical hacker has to crack technology that they haven’t encountered yet.
People who ask me about this topic often wonder if KALI Linux is a good place to start. KALI is a toolkit. Good tools in fact. So yes, having a good set of tools is very useful. However, it’s far more important to know how to use those tools.
So how does one use said tools? The key is to thoroughly learn about the technology and play around with it. There are many systems and apps that are specifically designed just for playing around and learning how to hack them. The owners and operators of these systems not only agree with this, they explicitly welcome it.
There are even courses for novice hackers that often teach you exactly how to use these tools. Some of the most common courses focus on how to run a virtual machine with KALI, how to do a portscan with Nmap, or a vulnerability scan with Nessus, etc. These are useful things, but the essence of our work and our added value starts where the possibilities of these tools end. Customers don’t call us to run automated tools for them.
That’s why it’s more important to focus on the practice itself. To get yourself started, search for the keywords “war game” or CTF.
You can use this list as a launchpad: https://github.com/AnarchoTechNYC/meta/wiki/InfoSec#hacking-challenges
A very good collection of tools, books, and other links can be found here: https://github.com/enaqx/awesome-pentest
Maybe you’ve gone through the recommended resources and it made you like becoming a hacker even more. Even better, it may have even helped you improve your skills. Maybe you’re looking for a newer, bigger challenge. If that’s the case, then it’s time to take the next step with Citadelo!
CTF To start off, we’d want to test how much progress you’ve made. Don’t worry though, it will be fun! For this purpose, we have created our own CTF. Naturally, your task would be to hack a web and mobile application. If you’re completely successful, or just about there, you just might get a job offer.
Before you get ahead of yourself, you might want to take a look at some more info about our company or about our benefits program. Everything can be found here.
The Padawan Program The next stage is the Citadelo Padawan. This is a 3-month program where we focus your time on studying and improving your hacking skills. You will work with a mentor who assigns you tasks and walks you through the process. You can always ask your mentor for advice, consultations, or to discuss things further.
There are two forms of the Padawan levels: if you want to undergo it before you join our team or when you are already one of us. The decision depends on what each app prefers, on his level proficiency level, and many more aspects.
The 8-week padawan program is done in your free time. You will meet your mentor once a week, have a consultation on the tasks that you have been doing and then they will also assign you new tasks for the following week. However, you can always contact your mentor whenever you need. When you’re do this type of Padawan, you probably aren’t part of the Citadelo team just yet. This program is usually chosen by people who work in different fields and want to switch into ethical hacking, or for students who want to improve their skills.
This Padawan approach takes place during the applicant’s trial period. When they are onboarded, the applicant will spend about two months studying, therefore they do it during their working hours and there isn’t a need to do it in their own free time. This form of the program allows for more focus on studying and the applicant gets a mentor as well. We are also able to adjust the program according to the participant’s skills.
Are you up for the challenge? This might be your chance to turn a hobby into a real job and lifestyle! To sign up for the CTF, contact Dita (dita.horaková@citadelo.com).