Hacking and “being a hacker” have fascinated me for over seven years now, and since then, I have started a career in Red Teaming. This job is particularly interesting, because you have to know many things about (offensive) cybersecurity. Basically, you get to hack entire companies. You do this to test their defenses and uncover vulnerabilities.
During my work in this field, I’ve acquired many skills and learned quite a few hacks which I want to share in this blog post.
As a fair warning: If you are already working in cybersecurity for a long time, you might not get a whole lot of new knowledge from this post, but you might want to check out some of my other blog posts. Additionally, this could be the blog post you share with your friends and family to get them interested in the amazing job you are doing.
I will also sort the skills from useful for almost everyone to interesting for techies. And since learning how to hack computers is a whole other topic, we will skip it for this blog post. If you want to learn how to do it, just google it, or start with tryhackme.com.
Disclaimer: Some of the things I talk about in this article could be abused to harm others or facilitate illegal activities. Please do not use them for those things. The content of this blog post is purely educational and I take no responsibility for damage you do.
So let’s dive right in and begin with the first skill:
OSINT
Open Source Intelligence (OSINT) is all about answering questions with public information (mainly the internet, because that is where all the information is). And because everybody has to use the internet, we all should know how to do it better.
So in general, here is what you should learn about OSINT:
- You should understand how to find relevant information.
- You should be able to formulate good research questions.
- You should know how to turn data and information into actionable advice (intelligence).
- You should understand which sources matter.
- You should know how reliable a source is.
And here is how this knowledge will help you:
- Whenever you have to research something, you will be much faster.
- Whenever you read information from any source (social media, newspaper, something your uncle shares on WhatsApp), you will be able to assess its reliability.
- If you know how easy it is to find personal information on the internet, you will be able to make better decisions for your and your families privacy.
- Because OSINT almost always involves dealing with a large amount of data, you will know how to filter and organize big datasets.
- If you ever do a full OSINT investigation, it will involve writing a report, this will allow you to practice clear writing. You can also pick this skill up by reading about the OSINT investigations of others.
So here are some OSINT hacks to get you started:
Google Dorking: This is the one thing everybody reading this article should add to their toolbox. How do most people use Google? Well they type in some words that somehow represent what they want to know, but Google allows you to do so much more. You can use so called Search Operators. Here is what they can do:
- site:example.com tells Google to only display results from the specified domain
- inurl:something show only results that having something in the URL
- “some words” tells Google to only display results that have some words in that exact order
- -something tells Google to only display results that do not contain something
- You can combine Search Operators like this: USA news “July” -site:foxnews.com, this would show you news for the USA, containing the word July and not on Fox News.
- You can learn more about Google Dorking here: https://medium.com/infosec/exploring-google-hacking-techniques-using-google-dork-6df5d79796cf
Leaks and Breaches: When I first dug into this topic, it blew my mind. Sadly todays reality is that companies lose their users’ data a lot. It may happen because they did put a database on the internet, without any protection, or they got hacked and somebody sold the data. Which means it often ends up in the infamous “Dark Web”. So basically your data (address, password, email, phone number, etc.) is now in the hands of criminals. Luckily there are a lot of friendly hackers out there, who just want to help you. They have created websites, allowing you to monitor what data is out in the wild. If you are curious about it (and I am sure you are), you can check out the sites below:
- https://haveibeenpwned.com: This one is by far the most reputable and longest-running. You can enter an email address or phone number and It will tell you if it knows of any incidents which have exposed your data. It will also give you an explanation about how the incident happened and what data is exposed.
- https://breachdirectory.org/: While HaveIBeenPwned was able to give you information about what incident affected your data, this one is a bit spicier. It will show you some characters of the clear text password, if one was in the leaked data. Now that might be a cool party trick: “Tell me your email and I tell you how your password starts”.
- https://search.illicit.services/: Please be responsible with this one, because it just shows you all the data that has been in a leak or breach. No paywall, no partial redaction, nothing.
If one of these sites has data about you (Which should be the case, if you haven’t been living under a rock after the internet happened.), you probably want to know what to do now. The main way how this kind of data is abused, is trying to get into other accounts associated with the same email address. So, if you reuse the same password for any other account, now is the time to change it. Maybe you want to consider a Password Manager. Check out https://bitwarden.com/, and it would also be a good idea to do the same check for your friends and family, especially those who probably have poor cyber hygiene. Or just share this article with them ;).
By the way, I have a whole article talking about the topic of “Leaks and Breaches for OSINT”, check it out here: https://medium.com/the-first-digit/leaks-and-breaches-for-osint-a7e3eb6bb56f.
As you might have guessed, OSINT is a much larger topic and I can not fully discuss it in this blog, but you might want to check out the resources at the bottom to learn more about it.
Automation
I admit, this is not a pure hacker skill, but hacking is what got me into automation, so I want to mention it in this blog post. First, we should have a brief discussion about when you should and shouldn’t make use of automation. As a rule of thumb, you could try to automate tasks that could be done by an unskilled intern (sorry, getting coffee is hard to automate). Amazingly, it is very easy to automate things in todays world, so most people can make use of these tools. In this article we want to talk about three ways to automate things:
- Looking for a tool: Todays tech community is just amazing and for many tasks you encounter on a daily basis there might be a tool out there and you just have to find it. So I encourage you to look for existing tools. (If only you would know how to optimize searching the internet wink)
- Using automation solutions: With all the advances of technology automation capabilities are accessible to anyone on the internet. There are plenty of applications like IFTT(If This Than That) out there. All you need is a few clicks to automate basic workflows. This can include actions like getting news updates and syncing to-dos, among other tasks. Sadly, these types of applications are very restraint and unfit for automating bigger tasks. If you want to automate more complex workflows I suggest you look at solutions like n8n. They allow you to build complex workflows with decisions and integration into many applications, but the only way to get it for free is to self-host it.
- Programming: I know: “But I have to learn to code.”, well yes and you will love it (hopefully). Knowing how to code will enrich your way of thinking and your understanding of technology. You can build a lot of cool stuff and it is not as hard as you might think. I recommend you start with a flexible scripting language like Python. You don’t need to know how to build the next Facebook, but just enough to automate some basic things. And if you have the basics down, you can probably get all the answers you need to build something from the internet or ChatGPT.
There have been books written about automation, but that is not the point of this blog, so I will stop here. If you are interested in learning more about automation, there will be resources at the bottom.
Social Engineering
Unlike OSINT, this topic is not something I practice on a daily basis. But I have some experience and think it is useful to almost everyone to understand at least the basics. At its core Social Engineering is the art and science of how to convince people. Attackers might use it to talk their way into a building, get somebody to share their password over the phone or make somebody click a link in a phishing email. I think there are two reasons you should know about this topic:
- Communicating your goals and negotiation are things everyone has to do on a daily basis and some tactics used in Social Engineering can be applied in daily life.
- With the increasing security of computer systems, humans are often the weakest point in an organization’s security. So knowing common Social Engineering attacks helps you to protect your organization.
Here are some Social Engineering commonly used:
- Building Rapport: This one is all about establishing a connection. Ways to make people feel like they have a connection with you are:
- Mirroring their body language: This means doing things like having the same sitting or standing posture or imitating their gestures and expressions.
- Finding common interest: Did you see the game last night? Is that your son on the picture? I have a nephew, who is the same age.
- Doing them a favor before asking for one: Hey I am new to this job, brought muffins for everyone, do you want one? Oh my hands are so full could you hold that door for me.
- Acting like you have authority: Hi, I am here for the planned fire safety inspection.
- Offering to help somebody: It looks like you have a virus installed, please download this tool to help me check, if your device is safe.
- Creating pressure: Click on the following link, to reactivate your blocked account.
Some of these tactics can be applied to situations where you have to negotiate something. In general, I would stick to the ones that involve being nice. Because all of the others can backfire very easily. Being nice can backfire too, if you are overdoing it. (Starting a salary negotiation by bringing in a four layer cake? I don’t think so.) If you are interested in learning more about this topic, I will provide resources at the bottom of this blog post.
Lock Picking
This is the thing from the movies, where somebody sticks two metal things into a lock and it magically opens. Actually, I wouldn’t just recommend learning how to do this, but in general getting an understanding about how to open locked doors. Instead of explaining the entire mechanisms of doors and locks, I will share some skills you should be learning.
- Understand how a lock works: To open a lock without a key, you need an understanding of its inner workings. Once you know that, you can get a set of lock picks and a practice lock. (I suggest a transparent one from Amazon and not your neighbors door)
- Understanding how doors work: Sounds easy and stupid, but doors can be vulnerable to attacks, which do not involve locks at all. Many times these attacks are even easier than lock picking and are more frequently used in security assessments.
- Understanding electrical access systems: Keys and locks are no longer the only things that open and close doors. Nowadays many doors are controlled by computers, sensors and magnets, so knowing how they function and how to break them is very interesting.
Like almost everything in security, learning this set of skills will allow you to understand attack and defense. Obviously defense will be important when you have to make decisions about your own home security. I hope it is clear that you shouldn’t use the attacks you will learn to harm others, but they may be handy in case your door slams shut and you or anyone else forgot the key.
Exploring the World of Electronic Communication
This one might be the most expensive skill to learn, because it requires specialized hardware. Nevertheless, it is one of the most fascinating things to learn about. Todays world is highly interconnected and everything “talks” in a sense. And this talking is often done via electronic communication like infrared, WiFi, NFC and much more. The fascinating thing is that most of this communication is airborne, which means anybody with the right equipment can just look at the signals being transmitted. But you won’t always see the data, because of encryption.
When it comes to learning about this stuff, you are truly in luck, because hackers are generally truly amazing people and have created some amazing tools to do so. I just want to recommend my favorite one here.
The Flipper Zero: Getting my hands on this device really felt like Christmas. It can do soooo much. You can intercept radio signals in a wide spectrum (for playing with car keys and stuff), it has an universal infrared remote (means you can control almost any TV) and it can clone key cards (hotel, gyms and stuff). Just search YouTube for videos of people using it for all sorts of stuff.
Like all the other topics, this one has so much more to it and I really encourage you to study it a bit deeper. Resources for doing so will be in the list below.
The Hacker Mindset
The underlying question that is on all hackers’ mind everyday is: “How can I use that thing in some way other than the intended use to make it do cool stuff?”. I hope after ready this, you will go out into the world and ask yourself this question too. In doing so you will discover many wonderful things and learn a lot about a lot of things.
If you have enjoyed this blog, share it with a friend, follow me on Twitter @secbyaccident and give it a like.
Resources
OSINT Resources
- https://inteltechniques.com/: I recommend the books and podcast for those of you, who are interested in learning more about OSINT and its relation to privacy.
- https://www.osintcurio.us/: Sadly the blog is no longer active, but it still has some great content.
- https://osintteam.blog/osint-how-to-find-information-on-anyone-5029a3c7fd56: Interesting Information about OSINT on people.
- https://medium.com/secjuice/osint-as-a-mindset-7d42ad72113d: Really valuable thoughts on how to approach OSINT.
Automation resources
- https://help.ifttt.com/hc/en-us/articles/115010158167-How-does-IFTTT-work-: To learn more about IFTTT.
- https://docs.n8n.io/: Documentation about n8n.
- https://www.python.org/about/gettingstarted/: To get started with Python.
Social Engineering Resources
- https://www.social-engineer.org/: This website might very well be the origin of Social Engineering and has a lot of great content.
- I am struggling to find more great resources. If you have some I should add, just DM me on Twitter @secbyaccident. What you can always to is just search for Christopher Hadnagy, he just provides so much good Social Engineering content.
Lock Picking Resources
- https://www.youtube.com/watch?v=T_sy3dLwHkc&pp=ygUTbG9jayBwaWNraW5nIGJhc2ljcw%3D%3D: This will show you the inner workings of a lock. The other stuff on his channel is also really cool.
- https://deviating.net/: The homepage of Deviant Ollam. Just watch all of his stuff, it is so full of knowledge.
Electronic Communication Resources
- https://flipperzero.one/: Official website of the Flipper Zero.
- https://www.youtube.com/watch?v=BeeSN14JUYU&list=PLu0BPYzTjiHru1KmPThmbY-8rRm3EWvUQ: If you want to spend some money and learn about radio frequencies, look at the HackRF one.