How to become a "Hacker"

Introduction

First of all, let me introduce myself briefly. My name is Yoon (aka: axroot), I've been studying cybersecurity for about five years and have been working professionally in the field for almost three. Throughout my career, I've worked on both the defensive and offensive sides of security, and today I'm dedicated to the offensive side, which is my true passion.

During this time, I've received many questions such as: "How can I become a hacker?" or "How do I work with what you work with?". I always tried to help and guide with the knowledge I had, but I felt I could do more. I've long wanted to write something to help not only those who approach me directly, but also other people interested in entering the cybersecurity field. However, for a long time I put this idea to one side, thinking that I still didn't have enough experience - the famous imposter syndrome. Today, I feel more confident in my knowledge and believe I can contribute by sharing some of what I've learned along this journey.

The aim of this article is to show the way for those wishing to enter the cybersecurity field, with a focus on offensive security. The field of cybersecurity is huge and has many sub-areas, but that's a topic for another day. Here, I want to share the advice I wish I had received at the beginning of my journey: how to study, what to study, where to find relevant content and how to prepare to enter the market with solid knowledge.

Being a hacker goes far beyond the stereotype of someone typing frantically on a black screen full of code. At its heart, it's about critical thinking, creativity and, above all, a boundless curiosity to understand how systems work - and how they can be broken. Offensive security isn't just about exploiting vulnerabilities, it's about anticipating real attacks, testing defenses and strengthening security.

Where to start?

This is undoubtedly the hardest part. The field of cybersecurity is extremely vast and, unlike a few years ago, today we have a huge amount of free content and courses available on the internet. On the one hand, this is great, but on the other, it can leave you lost in a sea of information. So where to start? The answer is simple: the basics!

Don't fall for the illusion that watching an hour-long video on YouTube will be enough to get you hacking away and applying for jobs. That's not how it works. Nor am I going to tell you that this is an easy area and that you'll be employed in a month's study - the reality is that cybersecurity is not an introductory area, it requires a solid foundation and a lot of prior knowledge.

A common mistake for those starting out is to think that taking a 40-hour course will be enough to acquire all the knowledge needed to enter the market. Don't fall for these promises from "gurus". If you really want to stand out and become an outstanding professional, you need to master the basics first.

But what exactly does "the basics" mean? It means having a good understanding of the fundamentals of computing, including networks, programming (yes, you need to know how to program if you want to be a good professional - I'll talk more about that later), operating systems and much more. Without this foundation, any more advanced knowledge will be inconsistent and difficult to apply.

Learning the Basics

Many people who want to get into cybersecurity are in a hurry to learn how to hack into systems, exploit flaws or carry out penetration tests. However, without a solid foundation, all this knowledge ends up being superficial and difficult to apply in practice. The truth is that offensive security isn't just about memorizing commands or following tutorials - you need to understand how technologies work before you learn how to exploit them.

Think of cybersecurity like the construction of a building. Before raising floors and installing complex systems, it is essential to have a well-structured foundation. In the same way, before you learn how to find and exploit vulnerabilities, you need to understand networks, operating systems, programming and the basic principles of information security. Ignoring this foundation will only hold you back in the long run, as you could end up relying on ready-made tools without really understanding what you're doing.

Another common mistake beginners make is looking for shortcuts - watching a hacking tutorial on YouTube and thinking they're ready to work in the field. The reality is that the best professionals are those who master the fundamentals and can think outside the box to find creative solutions. Learning the basics well gives you autonomy, allows you to understand and create your own tools and, above all, sets you apart from the majority.

1. Computer networks

The internet and practically all the systems we use today depend on networks to function. If you want to work in offensive security, understanding how communication between devices takes place is fundamental. Many attacks exploit flaws in network protocols, incorrect configuration of firewalls or exposure of insecure services.

Tip: The best way to learn networking is to get hands-on! Install Wireshark and analyze packets from your own network, set up a small test environment with virtual machines and simulate scenarios.

2. Operating Systems

A hacker needs to be familiar with the operating systems they intend to attack and protect. This means understanding how they work internally, what their vulnerabilities are and how to interact with them mainly via the command line.

Tip: Use Linux in your day-to-day life, whether in a virtual machine, installing WSL on Windows or dualbooting. Try running commands, exploring directories and understanding how the system responds.

3. Programming and Scripting

If you want to become a real hacker, and not just someone who runs ready-made tools without understanding what's going on, learning to program is essential. Programming allows you to automate tasks, develop your own exploits and better understand the workings of the vulnerabilities you are exploiting.

Tip: Start by writing small scripts to automate simple tasks. Try creating a port scanner in Python or a Bash script to monitor Linux processes.

4. Information Security Concepts

Finally, it is essential to understand the basic principles of information security and the main types of attacks that are used in the real world. This will help you to think offensively and defensively at the same time.

Tip: Follow sites like OWASP and CVE Details to keep up to date with new vulnerabilities and understand how they work.

These are the fundamental pillars for anyone who wants to get into offensive security. You don't need to master everything at once, but you should start studying each of these topics with dedication.

Where to study

Okay, now you're probably wondering: where can you find all this content? Fortunately, there are several excellent platforms that cover these topics, both theoretically and practically. Two that I like and recommend the most are TryHackMe and Hack The Box. Both offer free content, but most of the material, especially the most advanced, is paid for.

If your budget allows it, I can tell you from my experience that it's worth investing in these platforms. They are structured in such a way as to provide practical, well-guided learning, as well as offering realistic simulation environments where you can test your skills in challenges that actually simulate real-world scenarios.

However, I recommend that you choose just one of these platforms, depending on your budget. Subscribing to both isn't necessary and can actually be counterproductive, as you end up getting lost in so much content. The secret here is focus: choose one platform, subscribe and dedicate yourself to it.

Okay, but what if I don't have any money? No problem! All the content offered by these platforms can be found for free on the internet. The big difference is that on paid platforms, the content is already selected and organized for you. Without a platform, you'll have to do this research and curation work yourself.

If you want to learn about a particular topic, such as network security or Python programming, log into ChatGPT and ask it to create a learning strategy on the subject in topics. Then ask them to break down each topic and, where possible, ask for reference links to supporting material. This will give you a structured view of what you need to study and where to start.

In addition, another effective strategy is to access platforms such as TryHackMe and Hack The Box, see the types of challenges and topics they cover, and then use ChatGPT to break down these topics. With the help of AI, you'll not only get organized content, but you'll also have access to free links and resources that address each of these points.

This tip not only applies to those who want to study for free, but also to those who have already subscribed to the platforms. Even if you have access to paid content, don't feel limited to studying only the material published there. If you're on a topic and don't understand something, ask the artificial intelligence to explain it in a different way.

Artificial intelligence can be a powerful complementary tool, offering detailed explanations as well as organizing your study, helping you to put together a well-structured and accessible learning plan.

An important tip: if you have an academic email address, use it when registering on these platforms. Many of them offer discounts for students, which can represent significant savings.

Roadmap

A common situation is for people to register on one of these platforms and end up feeling lost, especially as they offer a vast amount of different content and courses. With so many options, it's natural to get confused about which course to start and how to organize your studies efficiently.

To help you through this process, I'm going to use the TryHackMe platform as an example, as it's the one I have the most experience with and the one I used myself when I was starting out. It's also the platform I recommend to my friends when they ask me where to study.

Currently, at the time of publishing this article, TryHackMe itself offers a roadmap that guides the user on where to start and how to progress through the courses. This was created precisely to prevent beginners from feeling lost and knowing exactly which path to follow to delve deeper into the area.

After registering, simply go to https://tryhackme.com/hacktivities?tab=roadmap, where you will find the complete roadmap. It presents a sequence of courses and activities, right from the start, to ensure that you build your knowledge base solidly. The roadmap also indicates the next steps as you complete each course.

I've taken several of these courses myself and, in my opinion, the structure of the roadmap is well organized, offering a clear direction to follow. It's a great way to make sure you're learning what you really need to, without getting lost in all the options. If you're just starting out, this roadmap will be an excellent tool to make your learning journey smoother and more efficient.

Conclusion

Well, I hope that with this article you have a clearer idea of where to start in this incredible area of cybersecurity. More importantly, I hope you have understood the importance of not skipping steps and learning the basics well. Cybersecurity is a vast and challenging field, and every step you take in building a solid foundation will help you become a more competent and prepared professional.

Remember, take your time. The learning journey is long, but extremely rewarding. Enjoy every moment and every challenge, because it's in the process that you really grow. The knowledge you accumulate along the way will be the foundation for your future achievements.

Welcome to this fascinating world, where curiosity and persistence are your best allies. The road may be difficult, but the rewards, both in terms of learning and achievements, will be immense. Good luck on your journey, and remember: never stop learning!