HOW DO YOU SEE YOURSELF 10 YEARS FROM NOW?
1. Why did you take IT as your course in college?
I took IT as my program in college even though my parents want me to go into field of engineering, my father graduated mechanical engineering and yes as a son, of course he wants me to follow his path. I did listen, but I have also told him my stand which is, I want to be an IT guy sitting in the dark corner and saying I'm in, just kidding.
What I mean is I want to be the guy who manage the networks and stuff of a particular network especially now, I have been studying Active Directory and the default features of an AD which we can abuse and possibly gain a shell on a Domain Admin of the network, it feels good having this kind of knowledge and be able to explain it to another, in that way you will really know if you are learning or just memorizing a lot of terminologies.
When I was just starting as an ordinary student, I research about "hacking" and found out a lot of scams and not helpful. And here is this YouTube content which made me check his channel and I discovered that Ethical Hacking is the real term you want to be looking for when you are interested in hacking, so, yeah, I discovered the fundamentals that I need to focus on which is networking, programming/scripting, security, and basic method methodology of hacking and a lot of practice using a VM (Virtual Machine). Unfortunately, I didn't manage to really focus because of the pandemic around midyear of it and because of getting overwhelmed of the knowledge and resources I am getting. As of now, I am really working hard on it on my fundamentals, I am also planning to get some entry level certification. Currently what I think of is the PNPT of @thecybermentor and the EJPT of eLearn Security or maybe just get first the CompTIA A+, Network + and Security +. For now, I should just master the basics as these will build my foundations so when I want to specifically master something, it won't be hard to go back on the basics for I already know the fundamentals.
2. What is your "Dream Job"?
My dream job isn't really a job or a position but rather the knowledge I want to gain, the specific knowledge/field under cybersecurity, what I truly want to master is reverse engineering, creating my own exploits. As a senior high student, before pandemic, I've been interested in ethical hacking. I've learned the basic networking of how networks really work behind our phones and computer, how IPv4 and IPv6 differ, what is TCP and UDP, that we can also capture packets sent from client to server and vice versa. After that, I've also grasped the basic knowledge in hacking, the methodology when you are about to hack. When you are hacking there is a step you need to follow or develop your own in the long run. The methodology:
1 Information Gathering - is where you get to know who you are attacking, like is this a person/individual? A company? An organization?
Passive recon - passive means we do not interactively recon the target, instead look for publicly available information on the internet.
Active recon - active means we actively recon the target like maybe social engineering target and getting some info's about him/here or setting up a phishing campaign or maybe just like pretending to be someone they know and luring them to give any personal information.
2 Scanning - scanning is where we can scan the information gathered, are they any ports open this specific range of ports? If we already know what ports are open, we can scan the exact version of their services in that way we can get some idea of how the structure of the network of the company/organization have or what kind of sys admin do they have? Is this a lazy one, who uses default credentials? and so on.
3 Exploitation - this is the easiest part of the hack, the hard one is information gathering, because you can't attack someone without knowing something, that is why info gathering is very critical step not to overlook. Exploitation is the fun part where we attack the target, using the info's we gathered.
4 Post-Exploitation - attacking a machine system, you will eventually need to have some backdoor or a way back in case the machine turned off you can still gain access when it turns on. It is also a stage where we can move laterally or vertically to gain SYSTEM on a domain admin.
5 Covering Tracks/ Report Writing - covering tracks are for those black hat ones and red teams, as for report writing is more on white hat/ pentest in general. This is usually the boring part where you get to document all of what you did and how to prevent those and that. A normal pentest result could end like hundred pages or more depends on what you are pentesting. This is to help the client of what patches could be missing or overlooked some part of their network security.
3. How do you see yourself ten years from now?
I see myself ten years from now, hosting a YouTube channel and giving a free resource to those who want to be the same as me, reverse engineered a lot of software's and created a lot of exploits and maybe discover some zero-day exploits. Maybe enjoying my life playing some CTFs while having a snack in weekends and so on and just chilling with some other hackers or co-workers I get to work with. Maybe put up a business where I can charge those who really want to go deep in terms of reverse engineering and ethical hacking, or maybe master a new sub field in cybersecurity. And give some reviews for the certifications I have taken and books I have finished reading.