The Road to Professional Red-Team Hacker

TL;DR: All of the physical tools, repositories, websites, and operating systems you could possibly need to become a red-teamer.

Becoming a red-team hacker is very different from a blue-team hacker. If you have a bit of knowledge or experience in either of these areas, it will be very helpful going into this post. Otherwise, check out this article to learn the basics.

Some terms to know:

Penetration Test: Pen-test for short, this is what it’s called when a hacker attempts to get into a service or website by testing to see if they can penetrate it. It’s a common term, so know that it essentially means hacking a certain company or site. Usually used with Bug Bounty hunting or Black Hat hacking.

Source Code Analysis: Commonly used by malware analysts, source code analysis is the process of looking at a program’s source code and manipulating it. Malware analysts might take it apart, run certain parts, and decode certain lines. This will help them understand the severity and capabilities of the malware.

Black-Hat Hacker: These are the bad guys. They’re the ones who hack to personally profit and exploit the company. They might sell company data on the dark web, or get to the internal system and shut down crucial systems remotely. They cause billions of dollars in damages every year, and they’re in a digital skill-based race against the white-hat hackers.

White-Hat Hacker: These are the good guys. They’ll submit the bugs and vulnerabilities to companies in detailed reports, in an effort to make their services and websites safer from black-hat hackers. They’re in a constant battle against the black-hats, one that will continue as long as hacking is prevalent in modern society. For the foreseeable future, it will be, and so white and black hats continue in a race of proficiency.

Now I’ll go over a few topics and terms that are really essential in both white and black hat hacking, not that you should ever do black hat hacking because it’s illegal.

Penetration Testing: Common Tests

Local Network Penetration Test (Identify vulnerabilities in networks, systems, hosts, and network devices)

Web Applications Penetration Test (Searching for vulnerabilities in websites and web apps, usually requires some form of manual review)

Mobile Application Penetration Test (Identify weaknesses usually before initial release of software)

Wireless Network Penetration Test (Easily exploited vulnerabilities)

Social Engineering (People Hacking / phishing type methods)

DDOS Test (Distributed Denial Of Service / overloading services)

Important Standards →

OSSTMM — Open-Source Security Testing Methodology Manual

OWASP — Open Web Application Security Project

OWASP Top 10:

• A01:2021-Broken Access Control
• A02:2021-Cryptographic Failures
• A03:2021-Injection
• A04:2021-Insecure Design
• A05:2021-Security Misconfiguration
• A06:2021-Vulnerable and Outdated Components
• A07:2021-Identification and Authentication Failures
• A08:2021-Software and Data Integrity Failures
• A09:2021-Security Logging and Monitoring Failures
• A10:2021-Server-Side Request Forgery

What kinds of tools are important?

I’ve got a good few links to share from past posts I’ve written, and a few open-source projects —

Github repositories:

These tools will go a long way in helping further your knowledge, IF you put in the work. If you just expect tools to do everything for you, think again. Most hackers who discover significant vulnerabilities have done a ton of manual penetration testing and sifting through code themselves, as a human can detect imperfections in these things better than a bot can (for right now, anyway).

Constructing a vulnerability report (for bug bounties and that sort of responsible disclosure thing) →

Wait… why should you write good reports?

Because the better your report is, the faster the company can carry out their validation process, and you might even get a higher bounty. It makes you look more experienced, and increases your ranking from a professional standpoint.

Template (From HackerOne [popular bug bounty site]):

## Title:
[Title of bug, "[bug type] on [domain] leading to [list possible consequences]]

## Summary:
[add summary of the vulnerability]

## Steps To Reproduce:
[add details for how others can reproduce the issue]

1. [add step]
2. [add step]
3. [add step]

## Supporting Material/References:
[list any additional material (e.g. screenshots, logs, etc.)]

* [attachment / reference]

##IP Address:

[IP Address for identifying your traffic]

##Timestamp:

[Date and time of testing]

Following these steps, you’ll be sure to get bug bounty rewards quicker, and these are much more preferable to someone trying to validate your bug.

Further steps:

To improve even more, start doing hacking CTFs (capture the flag), and experiment with bug bounty tools. Learning the in-and-outs of Burpsuite was paramount for me personally, and it helped a lot with website hacking.

Here’s a few links for CTFs, and website hacking →

I highly recommend the Portswigger learning path, it’s got great exercises on real-world type applications.

Here’s a tool that I programmed myself that compiles a few other common programs into a really useful automated bug hunter:

Over 50 cybersecurity articles on bug hunting (/bug bounties), general online privacy, and malware development:

Thanks for reading about the best tips and tricks when it comes to red-team hacking! If you’d like to see similar articles, check out more posts on The Gray Area.

To support my content, subscribe to a Medium membership using my referral link. It gives you access to all of my posts, plus every other post from other Medium writers —

Thanks!