-
Hacking is not about compromising a target
Hacking is all about how much you understand the target. The more you understand, the more you know how to find the weakness and exploit the logic. For example:
The code didn’t validate the input? You can inject malicious stuff. But what if the input is validated? Can you find the weakness in the logic and exploit it? It’s a logic game -
The tools help you understand the target
The tools help you gather information about the target: running services, applications. Tools help you seeing what’s going on and you can start making the plan to find the weakness.
Counter point: This helps me / him / her exploit thousands of servers.
Yes, it helps. But how about a totally new target? How about finding new vulnerability? Tools might help you on that. But there are things tools can’t do. So start making questions like “what is it”, “how does it work”, “is there any weakness” and “what can I gain from this” -
Stop asking “learn skills”. It’s all about combining your skills.
Let me take an example (source: United States Navy SEAL selection and training - Wikipedia)
- Normal army units learn CQB (close-quarter combat) too
- Recon units learn land navigation skills too (and airborne)
- Combat medics learn medical skills too
=> SEAL units must be mastering all of them (and more) to be elite units. The skills are required for specific missions.
Cybersecurity is similar. You must know developing, system, networking, …
Counterpoint: I already knew this and that. So what?
If you know something deep enough, for example: coding. Start thinking about the logic, finding the weakness and dangerous things can happen. Then start asking questions like: is there any vulnerable logic? Is there anything to exploit it? What’s the impact? How to fix this problem.
That’s all. Cybersecurity is not a thing to learn. It’s the combination of mixed knowledge. If you REALLY want to learn cybersecurity, start learning basic knowledge, and start questioning everything.