The internet is full of opportunities — but also traps. From fake online shops to phishing pages that mimic your bank, scams are evolving faster than most people can keep up. A single click can mean lost money or stolen data.
An estimated 3.4 billion phishing emails are sent every day, making up about 1.2% of all global email traffic.
Google blocks around 100 million phishing emails daily, yet millions still slip through.
Since the COVID-19 pandemic, phishing attacks have more than doubled in frequency.
Phishing sites increased from 110,000 in 2019 to over 1 million in 2024 — and the trend is still rising.
With the help of AI, scams now look more realistic than ever. Professional-looking sites, convincing emails, and manipulative tactics make it harder than ever to know who to trust. That’s why reliable resources for checking websites before you interact with them are essential.
That’s where ScamRaven comes in.
What is ScamRaven?
ScamRaven.com publishes human-verified scam reports. Instead of relying only on automated scans or blacklists, ScamRaven investigates suspicious domains, checks technical signals, reviews their content, and cross-references public feedback.
The result is a detailed, structured report that anyone can read before deciding whether to trust a site. Each report includes:
Technical background
Content analysis
Public feedback
A final verdict — Scam, Suspicious, or Legitimate
How is this different than other scanners?
Most “scam checkers” act like instant virus scans: type in a URL, and they return a one-line safe/unsafe label. While fast, these tools often miss newer or more sophisticated scams. ScamRaven takes a different approach:
Manual verification — every report is reviewed and validated by humans, not just automated filters.
Evidence-based — reports include screenshots, technical traces, and links to external discussions.
Transparency — all reports are archived and searchable, so users can check history and patterns.
In short: ScamRaven values accuracy and trust over speed.
Why it matters
Scams are getting more professional every year. Many sites look polished, copy real brands, and advertise aggressively on social media. With phishing attacks rising 150% year-over-year from 2019 to 2022 — and still climbing — gut feeling is no longer enough.
By combining automation, AI, and community input, ScamRaven makes scam detection accessible to everyone, not just cybersecurity experts.
Before you buy from an unfamiliar shop or click a suspicious link, make it a habit to check ScamRaven first. If a report exists, you’ll see clear evidence to help you decide whether to proceed or steer clear. Safer browsing starts with trusted information.
ScamRaven is currently in beta, with a public scanner in development — but the reports are already available for anyone who wants to browse smarter and stay safer.
As a penetration tester, I know firsthand how important it is to have the right laptop for ethical hacking and Kali Linux. When my old hardware started slowing me down, I realized it was time for an upgrade. I spent countless hours researching the best options—from Apple’s sleek machines to high-performance gaming laptops. Now, after testing and comparing various models, I can share my recommendations for the best laptops for ethical hacking.
Having powerful hardware is essential for a penetration tester. The daily tasks of ethical hacking—password cracking, vulnerability scanning, brute forcing, and running resource-intensive tools—demand a machine that can keep up.
Of course, laptop choice is personal, but investing in a fast and capable system not only improves efficiency but also saves you from the frustration of dealing with a slow, unresponsive computer. Let’s dive into the best options for penetration testers.
We are Anonymous. We are Legion. We do not forgive. We do not forget. Expect us.
Maybe it’s just me, but every time I hear the word Legion, I immediately think of that. And while the Lenovo Legion 5i is technically a gaming laptop, it happens to be an excellent choice for cybersecurity professionals as well. Let’s dive into why.
The Legion 5i isn’t just about gaming—it’s built for performance. This machine packs a 16-inch 2560×1600 LCD display with a smooth 165Hz refresh rate, making everything from gaming to penetration testing a seamless experience.
Under the hood, you’ll find two processor options:
Paired with 32GB of RAM, this laptop can handle virtualization, reverse engineering, and multi-tasking with ease. And since it’s a gaming laptop, it features a NVIDIA GeForce RTX 4070 GPU with 12GB GDDR6 memory, ensuring smooth GPU-intensive tasks like password cracking or machine learning applications.
Of course, different Legion configurations exist—some with more RAM, larger SSDs, or even better cooling solutions. If you’re willing to pay more, you can get a truly beastly machine.
Gaming laptops are known for their powerful hardware, and that’s exactly what makes them ideal for cybersecurity work. Whether you’re running multiple virtual machines, or stress-testing networks, the Legion 5i can handle it all.
However, battery life is the trade-off. Gaming laptops tend to drain power quickly, and the Legion is no exception. On average, you’ll get around 5 hours, but that depends on your workload. If you’re running resource-heavy tools, expect it to be even less.
If you’re always on the move, you need a laptop that’s lightweight, compact, and stylish. Whether you’re a frequent speaker at security conferences or just prefer a sleek and professional-looking machine, the Dell XPS 13 is built to impress.
But beyond aesthetics, a good cybersecurity laptop needs to be powerful, efficient, and portable. So, let’s break down why the Dell XPS 13 is a top choice for security professionals who need mobility without sacrificing performance.
Why Choose the Dell XPS 13?
1. Compact & Travel-Friendly
Laptops with 13-inch screens are ideal for travel, and the XPS 13 (9310 and newer models) takes portability to another level. At just 2.8 pounds (1.27 kg) and featuring an ultra-thin design, it easily fits in any backpack without adding bulk
2. Impressive Performance
The latest Dell XPS 13 models come with:
Intel Core i7 (10th or 11th Gen) processors
8GB to 32GB LPDDR4x RAM
512GB to 2TB SSD storage
Intel Iris Xe or Intel Iris Plus Graphics
While it’s not a gaming laptop, these specs are more than enough for penetration testing, virtualization, and remote security work.
3. Excellent Battery Life
When you’re on the move, battery life is crucial. The XPS 13 delivers up to 12+ hours, depending on usage, making it a reliable companion for long work sessions or conference days.
4. Stunning Display & Premium Build
The 13.4″ FHD+ or 4K touchscreen offers sharp visuals, and the near-borderless InfinityEdge display maximizes screen space without increasing size. Plus, its aluminum chassis gives it a premium, durable feel.
Final Verdict
If you need a lightweight, premium laptop that’s perfect for both cybersecurity work and everyday use, the Dell XPS 13 is hard to beat. It’s powerful enough for security tasks, ultra-portable, and has a sleek, professional design.
For those who prioritize mobility and battery life over raw GPU power, the XPS 13 remains one of the best choices on the market. With this mobile laptop you will be able to work from anywhere, and it will be easy to carry it around, as it weights only 2.8 pounds (1.27kg).
Would I recommend it? Absolutely—especially if you’re always on the go.
Cracking passwords isn’t something an ethical hacker does every day, but brute-force attacks are sometimes necessary—whether to test a client’s password security or to brute-force web application directories. While RAM and CPU performance are often the key priorities for penetration testers, having a powerful GPU can also be useful—especially if you plan to use your laptop for more than just hacking (though, let’s be honest, hacking is more fun than gaming).
That said, if GPU power isn’t a necessity for your workflow, you don’t need to invest in a high-end graphics card unless you have the budget for it. But if you do want a machine with strong GPU capabilities, the Acer Predator Helios 300 is a solid choice.
This laptop has a terrific GPU – NVIDIA GeForce RTX 3060 with 6 GB of GDDR6 RAM, comes with 512 GB SSD, 16 GB of RAM, and 11th gen Intel Core i7-11800H.
If the hardware resources that comes with a base model are not enough for you, you can upgrade RAM to up to 32 GB. You can also install higher capacity SSD.
Advantages of this computer:
Excellent sound quality – Features DTS:X Ultra for immersive audio
Plenty of USB ports – Ideal for external devices and accessories
Decent battery life – Up to 6 hours, depending on usage
Smooth 144Hz display – A great feature for gaming and video-heavy tasks
Disadvantages:
Overheating – As with many gaming laptops, heat buildup can be an issue. However, Acer’s AeroBlade 3D Fan technology helps keep it under control. Still, proper cooling is essential, so keep this in mind.
If you need a powerful laptop with a strong GPU—whether for hacking, gaming, or high-performance computing—the Acer Predator Helios 300 is a fantastic choice. It offers great hardware for the price, solid upgradability, and a well-balanced mix of power and performance.
If you’re looking for an affordable option that offers solid performance for ethical hacking and penetration testing, the Acer Nitro 5 is an excellent choice. This budget-friendly gaming laptop provides a good balance between price and capability.
While it comes with 8GB of RAM and a 256GB SSD—specs that are slightly below the recommended minimum—it still meets the basic requirements for a pentester’s laptop. What sets it apart is its NVIDIA GeForce GTX 1650 GPU with 4GB of GDDR5 VRAM, making it a great choice for password cracking and other resource-intensive tasks. Powered by an Intel Core i5-9300H processor capable of reaching up to 4.1GHz, the Nitro 5 delivers impressive performance for its price.
One of the best features of the Acer Nitro 5 is its upgradeability. The laptop comes with a single 8GB RAM stick, so you can easily add another stick to expand to 16GB of RAM for even better performance.
Advantages of the Acer Nitro 5:
Upgradeable components: Open slots for RAM and storage upgrades.
Portable size: Easy to carry and transport.
Affordable price: Great performance for its cost.
Disadvantages:
Loud fan noise: Expect a bit of noise under heavy load.
Short battery life: As with most gaming laptops, battery life is limited.
Overall, the Acer Nitro 5 is a fantastic budget gaming laptop for ethical hackers looking for a performance-to-price ratio. While it may not offer the same high-end specs as more expensive gaming laptops, it’s an excellent option for those who need solid performance without breaking the bank.
Kali Linux is one of the most well-known penetration testing distributions in the cybersecurity world. Whether you’re an ethical hacker, security researcher, or just learning the ropes, Kali Linux is often the go-to OS for penetration testing.
But which laptop should you choose for running Kali Linux smoothly? Our pick: the Lenovo IdeaPad 3—a budget-friendly laptop that meets and exceeds the minimal requirements for running Kali.
Flexible Hardware Options for Every Budget
One of the best things about the Lenovo IdeaPad 3 is that it comes in multiple configurations to suit different needs and budgets:
Budget Version: 8GB RAM, 256GB SSD – A great option if you’re looking for an affordable Kali Linux machine. Performance Version: 36GB RAM, 1TB SSD – If you need more power for heavier tasks like virtualization, this version is worth considering.
Surprisingly, even the higher-end version remains highly affordable compared to many other laptops in the same category.
Intel Core i5-1135G7 – CPU benchmark: 10,172 (Better performance)
Intel Core i5-1035G1 – CPU benchmark: 7,796 (Slightly weaker)
If you plan on running multiple virtual machines or handling more CPU-intensive tasks, the i5-1135G7 is the better choice. However, both CPUs are fully capable of running Kali Linux without issues.
Why the Lenovo IdeaPad 3 for Kali Linux?
Affordable – Great specs for the price Multiple configurations – Choose based on your needs Lightweight & Portable – Ideal for security professionals on the go Good battery life – Stays powered longer than many budget laptops
Final Verdict
If you’re looking for a reliable, budget-friendly laptop to run Kali Linux, the Lenovo IdeaPad 3 is an excellent choice. It’s affordable, customizable, and powerful enough to handle ethical hacking tasks—without breaking the bank.
Would I recommend it? Absolutely, if you’re looking for a solid Kali Linux machine on a budget.
MacBook laptops are recognized worldwide for their high-quality design, sleek aesthetics, and impressive performance. But can they be used for cybersecurity? With the M3 chip, Apple’s latest MacBook Air is more powerful than ever, making it a solid option for security professionals. However, there are a few things to consider if you plan to use it for penetration testing and cybersecurity work.
MacBook Air vs. MacBook Pro – Which One Should You Choose?
When choosing a MacBook for cybersecurity, you have two main options: MacBook Air (M3) – Lighter, fanless, and ultra-portable MacBook Pro (M3, M3 Pro, or M3 Max) – More power, better cooling, but heavier
For most professionals, even the base MacBook Air M3 model offers incredible performance. It comes with:
8GB, 16GB, or 24GB of unified RAM
256GB, 512GB, or up to 2TB SSD
13.6″ Liquid Retina display – compact and lightweight
Why Cybersecurity Professionals Might Consider a MacBook Air M3
Performance – The M3 chip is a major upgrade, handling multiple security tools and VMs efficiently. Battery Life – Lasts up to 18 hours, making it great for work on the go. Security – Built-in macOS security features, including Secure Enclave, Touch ID, and FileVault encryption. Portability – Weighing just 2.7 pounds (1.24 kg), it’s perfect for cybersecurity professionals on the move.
What to Keep in Mind for Penetration Testing
While the MacBook Air is powerful, it’s important to note: macOS lacks native support for some penetration testing tools (Kali Linux, for example, runs better on dedicated Linux machines). You may need to use virtualization (UTM, Parallels, or Docker) to run certain security tools efficiently.
While the first Apple laptops with M1 initially faced compatibility issues when running VMs built for different architectures, many of them have since been ported to Apple’s silicon, and the situation is now much better than before.
Final Verdict
If you want a lightweight, secure, and high-performance laptop with outstanding battery life, the MacBook Air M3 is a fantastic choice. However, if your work heavily depends on Linux-based penetration testing tools, you may need to dual-boot or use a dedicated machine for security research.
Would I recommend it? For cybersecurity professionals who prioritize portability and macOS security features—absolutely.
If you’re looking for an affordable and well-rounded laptop that balances performance with portability, the Acer Aspire 5 is a great option. This 15.6-inch laptop is designed to meet the demands of daily computing tasks while providing exceptional performance and comfort.
Powered by the 13th Gen Intel Core i5-13420H processor, the Aspire 5 ensures fast and efficient performance whether you’re multitasking, browsing the web, or working on more intensive applications. With 16GB of LPDDR5 memory and a 512GB PCIe Gen 4 SSD, it offers plenty of storage and speed for your files and software.
The 15.6″ FHD IPS touch display offers crisp visuals with wide viewing angles and narrow bezels, giving you more screen real estate to work on. Acer’s suite of visual technologies optimizes colors and enhances your viewing comfort, making it perfect for both work and entertainment.
Key Advantages of the Acer Aspire 5:
Performance: Powered by the Intel Core i5 processor and paired with 16GB RAM and 512GB SSD for smooth multitasking.
Clear and Comfortable Viewing: 15.6″ FHD IPS touch display with vibrant colors and a wide viewing angle.
Sleek Design: Slim 0.71″ body, ergonomic hinge for comfortable typing, and improved cooling for better performance.
Up-to-date Features: Wi-Fi 6 and Bluetooth 5.1 for faster connectivity and better performance on wireless networks.
Video Calling: Equipped with a 720p HD webcam and AI Noise Reduction for clear, high-quality video calls.
Disadvantages:
Graphics: Integrated Intel UHD graphics might not be suitable for high-end gaming or graphic-intensive tasks.
Battery Life: While decent for everyday use, the battery life may be shorter under heavy load, typical of laptops in this range.
The Acer Aspire 5 is an ideal choice for those who need a solid and affordable laptop for daily tasks, including work, web browsing, and media consumption. With the ability to upgrade your storage and memory, it’s a great choice for users who want long-lasting performance at a budget-friendly price.
HP has a reputation as a reliable laptops manufacturer. It offers a range of different models, but there is one that interests us the most – it is HP Pavilion.
If you’re looking for a compact yet powerful laptop for penetration testing, the HP 14-inch laptop is an excellent choice. Equipped with a 16GB DDR4 RAM and a Core i3-3050 Processor with a base speed of 2.2GHz, this laptop can handle a variety of pentesting tasks. The Intel Core i3 processor, with a maximum boost speed of 4.1 GHz, delivers reliable performance for handling basic penetration testing tools and applications.
Despite its smaller screen size, the 14-inch display provides a sharp and clear view, and the touchscreen offers added convenience for multitasking and ease of navigation. Whether you are running virtual machines or using tools for web application security testing, this laptop provides good performance in a compact form factor.
The HP 14-inch Laptop offers good value for penetration testers who require a compact and efficient machine. While its performance may not match that of higher-end models, its upgradeability and portability make it a solid choice for those on a budget or those looking for a second laptop for basic pentesting tasks.
When it comes to the Dell Inspiron series, there are many options you can choose from. These are consumer-oriented laptops that will fit anyone. Great news is they are also relatively cheap. While these are definitely not a gaming machines, and are not that elegant as the high-end laptops, they are perfect for work.
The Dell Inspiron 3520 (2024 model) is an excellent choice for those seeking a reliable, affordable laptop for penetration testing and general work tasks. With a sleek design and a 15.6-inch Full HD touchscreen display, this laptop provides a crisp and clear viewing experience while ensuring easy navigation through touch.
Powered by the 11th Gen Intel Core i5-1135G7 processor and equipped with 16 GB DDR4 RAM, the Inspiron 3520 offers ample performance for running penetration testing tools, and multitasking across virtual machines. Its 1 TB PCIe SSD ensures fast data transfers, providing efficient storage for tools and files required in the cybersecurity field.
Advantages of the laptop:
It is cheap
You can choose from different options with different specifications
Decent battery
Disadvantages:
Cheap quality of the laptop (but it gets the work done)
Overall, the Dell Inspiron 3520 (2024) is a solid, budget-friendly choice for penetration testers and general professionals who need reliable performance for their work. The combination of a large SSD, fast processor, and touchscreen functionality makes it an ideal option for handling a wide range of cybersecurity tasks.
MSI Thin 15 15.6” Gaming Laptop combines performance and portability, making it a great choice for penetration testing. It features a 144Hz Full HD display and is ultra-thin, standing out among its competitors.
With an Intel Core i7-13620H processor and NVIDIA GeForce RTX 4050 GPU, it delivers excellent performance for tasks like password cracking and running virtual machines. The 16GB RAM and 512GB SSD provide ample space for your tools and files.
Advantages:
Slim and lightweight for easy portability
Strong performance with Intel Core i7 and RTX 4050 GPU
Disadvantages:
Short battery life during intense tasks
Loud fans during heavy usage
Ideal for those needing both power and portability in their work.
Just like there are holy wars among developers about which programming language is the best, the same is with the ethical hackers. There are various opinions about what OS is the best for a cybersecurity specialist.
Let’s make a quick overview about the three most popular operating systems. At the end of this paragraph it should be easier for you to make a decision what OS to use while seeking a career in cybersecurity.
If you are an Apple fan, there are many different models you can choose from. However, keep in mind that MacBook has its own disadvantages if you are planning to use this laptop for ethical hacking. We made a case study about how good is the newest MacBook with M1 chip for cybersecurity professionals.
If you are a hardcore Windows user, you can definitely use it for cyber security. There is no need throw it away just because some people say that no respected hacker uses it. It is a myth from the past, that is not true anymore. In the 2016, Windows released a feature called Windows Subsystem for Linux (WSL) that provided a layer for running Linux binaries. In the 2019, Windows Subsystem for Linux 2 was released. With this version a real Linux kernel is used, instead of a compatibility layer like it was with the first version. So, even if you are using Windows, you won’t have any problems running Linux tools.
If you like using Linux, then there are some great news! Most of the cybersecurity tools are running on Linux. There even are Linux distributions created specifically for ethical hacking needs. You can also run Linux on any laptop (on a MacBook also), so as you are not bound to a specific type of machine. The choices for a Linux laptop for ethical hacking are endless.
As you can see, every OS is suitable for a hacker.
What Are the Requirements for an Ethical Hacker’s Laptop?
There are a few requirements that a good laptop for pentesting should fulfill.
In general, a laptop for an ethical hacker must have enough processing power, it should support virtualization, have enough RAM, have an SSD, be convenient to use.
Even though a good laptop for ethical hacking is needed, there is no need for a spaceship. A solid laptop having enough hardware resources would be a perfect fit.
Because you are looking for a hardware that you will potentially be working with for years, you should be willing to invest some money and look for a high quality product.
But before diving into the technical details, let’s talk what tasks ethical hackers do on a daily basis. If you are a cybersecurity student, or you are learning ethical hacking on your own and you want to change your career, you must understand what you will be doing on a daily basis. And this is also a very important thing to understand before investing solid money into a laptop. Things an ethical hacker does on a daily basis:
Performs web application testing with Burp Suite. As this is a swiss knife of web application security testing, Burp Suite is often running on a hacker machine.
Analyses malware. In an isolated environment, usually concluded from a few virtual machines with VMWare or VirtualBox software.
Performs network assessment. Tools, such as Nmap, Nessus, and many specialized tools of Kali Linux are used.
With the routine of a hacker being clear, let’s see what specifications a computer should have in order to be considered as the best laptop for ethical hacking and Kali Linux.
RAM – as you will be using a few programs/VMs at the same time, your machine will be under a constant load. You should look for a device that has somewhere between 8 GB to 32 GB of RAM. And 8 GB, in my opinion, is a minimum. I am successfully working on a machine with 8 GB of RAM. But do I want more random access memory? I sure do.
CPU – it is pretty important to have a good multicore processor. Having a CPU with good clock speed is beneficial. You should look for a late generation CPU with 4-6 cores.
GPU – if you aren’t going to crack password hashes non stop, you shouldn’t worry about the GPU too much. Well, maybe if you are gamer, you should. But if you are looking for a best laptop for cyber security needs, GPU is not the most important component. At least in the bug bounty hunting.
Hard drive – when it comes to the storage, you should always look for a machine with SSD instead of HDD. SSD will provide you much more speed. When it comes to the capacity of the drive, this is often a personal preference. The minimum is 256 GB, but I recommend at least 500 GB. As you will need enough storage for your software and virtual machines, 256 GB is barely enough. 500 GB is enough for me, as I use a separate machine solely for work related stuff. But if you are thinking of storing personal files on it, or having a few games, you might consider getting a 1 TB drive.
Price – good item costs a lot, and if you are willing to get a good laptop, it might cost at minimum 1000 USD. But of course, none of us have unlimited money and in order to buy a laptop we have to make our own financial sacrifices and compromises.
Make sure the machine supports virtualization.
If you will be working as a penetration tester, at some point you might want to have a few virtual machines spinning. Depending on the things you might have to do, there might be many different cases for using VMs. For example, you might want to analyze a malware in a isolated virtual machine, or you might want to have a vulnerable machine such as DVWA running, and have Parrot OS and Kali Linux machines for attacking.
So, virtualization is a very important aspect while choosing a machine. We made the analysis for you and all of our picked laptops are good for virtualization.
Kali Linux System Requirements
We have already found the cheapest laptop for Kali Linux – it’s Lenovo IdeaPad 3.
But let’s talk about the system requirements you need to run Kali Linux. Because it is definitely the OS you will use a lot as an ethical hacker. This Linux based distribution is loved by many professionals, if you are willing to be a hacker, your will have to use this or other similar OS (such as Parrot OS).
You will also need Kali Linux to get the famous OSCP certification. One of the reasons is that the Offensive Security is behind the OSCP and Kali Linux, so it is easier to use the tools of the Kali Linux for the challenges of OSCP. And the other reason is that Kali Linux is just awesome. It has packaged most of the things you might need, is intuitive, and easy to use even for the newbies.
So, let’s see what are the system requirements for Kali Linux laptop.
Minimum requirements:
20 GB of hard disk space. Keep in mind that for a complete set of tools and a graphical interface, more space is needed.
2 GB of RAM for i386 and AMD 64 architectures.
Intel Core i3 or AMD E1. But the better is the CPU, the more performance you get.
These are the recommended requirements for Kali Linux:
50 GB of SSD space. It is important to use SSD as it will add more performance.
More than 2GB of RAM (at least 8 GB are preferred). Some of the tools, such as Burp Suite, are pretty resource intensive. So, the more RAM – the better.
Do You Need a Separate Laptop for Ethical Hacking?
This question can be answered from two different angles.
Do you need a separate laptop for hacking in a bad way (malicious activity)? If you are thinking of performing a criminal act, this question is irrelevant, as there are many ways you can be tracked down. So, having a separate laptop won’t help you.
And another perspective of this question is the practical side of having a dedicated laptop for penetration testing. There are at least a few legit reason why it is smart to have another device dedicated for this purpose only:
You might break your OS while working. Let’s say you are a malware analyst, and you make a deadly mistake by accidently opening the malware on your host machine. Well, these things might happen even to the best, what can you do. VM escape is also a possibility. And even though you have opened the infected file in an isolated environment, it escaped and reached your host machine. Of course, you might break the system after unsuccessful software updates.
Having separate devices for work and for personal use. If you have the luxury to have one personal device, and one for work, this is a smart choice. Firstly, it will help you to remain disciplined by setting boundaries for yourself. The work ends when you turned the laptop off. A separate computer for personal user only, such as browsing, gaming, and watching Netflix, is also handy a you know that all the configuration of software and the device remains the same after a day of work. Sometimes the day can be crazy. During a day you might need to change DNS, install older versions of browsers, etc.
Final Words
If you are looking for the best laptop for ethical hacking, have in mind that you should choose the one, you will like the most. No matter how praised a device is, if you personally do not like it, don’t buy it. After all, this is just a tool. No laptop will give you the skills needed to be a good security researcher.
That’s totally fine if the only device you have is an old laptop, as every has to start from somewhere. But do yourself a favor, and if you can afford it, use a decent hardware.
While a computer is the most important of all the hardware you will use, do not forget the peripherals. If you are fan of using a configuration with laptop, external monitor, and keyboard with mouse, or just like mechanical keyboards as it allows you to work comfortably, check out my hacker keyboards review and choose the one you like.
Nowadays, there are plenty of pictures generated by AI. It is often used to create images of real people, and these images are of such high quality that it can sometimes be difficult to distinguish between AI-generated images and real ones. While there are often some obvious signs to differentiate AI-generated images, in some cases, the artifacts are either minimal or barely visible.
In this article, we will discuss the risks associated with AI-generated images. We will also provide examples of what these images look like and how to detect them.
Generating an Image with AI – Case Study
To illustrate AI-generated people, we used the virtual image generation software Genfluencer.ai.
The first step in using the platform is to generate a face. The following image was generated by specifying just a few parameters, such as gender, age, hairstyle, and color:
Creating a face first ensures that other images will feature the same, consistent person. While a face can be created with just a few features, a well-crafted prompt is necessary to produce realistic images.
I decided to use AI to generate a prompt. Who communicates with AI the best? It is the AI itself! I asked ChatGPT to provide a “super realistic” image of a woman, specifying that I would use a face image as input, so there was no need to describe facial features.
This is the prompt that ChatGPT provided:
A super realistic, full-body image of a young woman in stylish, high-quality clothing. She stands confidently in an elegant outdoor setting, with a well-designed background featuring modern architecture or a scenic landscape. The lighting is natural and flattering, highlighting the texture of her outfit and the richness of the environment, creating a polished and sophisticated look.
I used this prompt, along with the previously generated face, to create an image using the Genfluencer.ai image generator. This is the image I received:
This outcome is a super realistic. And there are no obvious signs to detect that this is a fake person.
So, What Are the Cyber Risks of AI-Generated People?
There are several ways in which AI-generated images can be used for malicious purposes, including:
Misinformation: one of the most significant dangers of AI image generation is the creation of deepfakes. These highly realistic images or videos can impersonate real people, such as politicians, to spread false information or incite panic among the public. Deepfakes can easily deceive viewers, making them a powerful tool for disinformation.
Scams: scammers are always on the lookout for new ways to exploit people, and AI-generated images have become a potent tool in their arsenal. By creating realistic but fake profiles, scammers can impersonate others, tricking individuals into forming emotional connections or sending money. The realistic nature of these AI-generated personas makes these scams even more convincing and dangerous.
How to Spot Images Generated with AI?
Spotting AI-generated images can be challenging, especially as the technology becomes more sophisticated. Nowadays, not only the images can be generated, Open AI is creating a tool that can be used for generating super realistic videos. However, there are several techniques and signs that can help identify such images:
Unnatural Hands and Teeth– AI struggles with generating human hands and fingers. Look closely, and you might notice that the hands have more fingers than a real person. AI also often produces distorted teeth.
Weird Backgrounds: Take a closer look at the background, and you may see strange, unrealistic objects or people that appear unnatural.
Clothing and Accessories: Check for inconsistent or nonsensical patterns in clothing, like stripes that don’t align or strange fabric textures.
Facial Features: Mismatched eyes or ears, irregularly shaped pupils, or eyes that aren’t aligned correctly are different signs that can indicate the image is not real.
Almost a month has passed, so it is time to update how is the challenge going.
Honestly, it is not going so great. I was doubting if I should even share my progress. However, I decided to be transparent as I realized that any outcome is still an outcome.
I spent a total of 15 hours hunting.
This is a little bit less than I was hoping to spend. But the first obstacle I faced was the lack of motivation as soon as I started the challenge. The main reason is that doing this after a 9-5 job is hard psychologically. Especially when you are not finding anything, and you feel like you are wasting your “rest time”.
However, I am not giving up yet, and hope it will get better soon. But for now let’s see what I’ve tried during the first challenge hours.
Choosing My First Target
I’ve already mentioned in my previous article that I am going to hunt on Intigriti platform. The first step, and the most important step was to choose a target.
This is a program of the Canada Post, that has no payouts for the accepted vulnerabilities.
I had a few criteria for choosing the company I was going to hunt for:
No payouts – I wanted a program that has no monetary rewards. There are normally less security researchers working on the program without payouts.
Number of the exposed systems – I wanted the program to have more than a few systems available. This way the attack surface would be bigger and there would be more chances of finding a bug.
Previous submissions – I wanted the program to have potential. If a program has just a few submissions accepted, it means that either the systems are very secure, or they are really picky about the vulnerabilities and reject most of the submissions.
Newest submission in the last few days – I wanted to be sure that the program is still active, and the vulnerabilities are being found.
And the program of Canada’s Post seems to meet all of my criteria:
It pays no bounties.
Has three domains (I’ve also checked the subdomains, and all the domains have plenty of them), and 2 Android, and 2 iOS applications.
At the time I was choosing the program, it had more than 140 submissions
Last submission was 4 days ago.
Also a few other programs caught my eyes: Tomorrowland, Nestle, Red Bull, Bpost.
However, I’ve decided to start with one at the time.
Things, That I’ve Already Done
I performed subdomain enumeration as the first thing when I just started. For this purpose I used Sublist3r, Amass, and Subdomain Finder to make a list of available subdomains.
Subdomains of the three targets that were in scope:
*.purolator.com
*.postescanada-canadapost.ca
*.canadapost-postescanada.ca
I’ve also tried the brute-force module of the Sublist3r, however, strangely during the process the internet connection had disappeared for every device connected to the same network. My guess is that DNS servers that are set in my router settings (I am using DNS servers of the ISP) have some kind of protection for DNS brute force. The internet connection was restored soon after the brute-force attack was canceled.
Each of the tools provided different results. In total I found over 100 active subdomains.
Some of the subdomains had resulted in the timeout, some of them required logging in with Okta SSO, others were there for displaying the status of one or another application, and the others were public web applications.
I used Notion.io for making the notes of found subdomains. This is how my notes looks like:
Firstly I checked if the identified subdomains responded. If so, I’ve checked them and made short notes about what the subdomain is about.
Then I decided what I should do next. If I found a custom business website on the subdomain (ex. Parcel sending website), I tested it with Burp Suite and checked for the vulnerabilities, such as XSS, SQL injection.
If I identified that a product or a software component was on the subdomain (ex. Okta SSO login, default Red Hat Enterprise Linux Test Page), I’ve tried to identify version and check for the known CVEs.
For the custom websites I’ve also tried directory brute force, inspected the cookies and headers.
What Are the Results?
There are some vulnerabilities that I’ve found, but according to the program rules, these are out of scope.
I found out that one of the applications leaks technical information in case of the server error.
And another vulnerability that I’ve found, might be treated as a sensitive information leakage. There is a status page that shows utilization of the specific systems. This could help the malicious hackers to execute the DDoS attacks as it shows how the system reacts to increased load. Normally such a page should be accessible to the system owners only.
I might still submit them, for learning purposes, just to see how the communication goes, but these are unlikely to be accepted.
While I would normally include them in the penetration testing report, it seems that the rules are stricter while hunting in the assets of bug bounty programs.
But again, I’ve only spent 15 hours working on the program, and part of the time was spent choosing the program. I might still be able to find bugs on this one. Also, I’ve written an article about the problem I faced when I ran Burp Suite with my antivirus software enabled. This can be considered as a small milestone of the challenge.
What’s Next?
It looks that the approach I am currently using, is not very effective with the systems faced in the bug bounty platforms. Typical approach helps to find the vulnerabilities in typical systems, but not in the systems that are battle-tested.
Next I am going to check what type of vulnerabilities are being found in bug bounty programs. There are many public HackerOne reports, so it will help.I am also going to continue with the same scope, dig deeper, and check for these vulnerabilities (I am guessing it will be IDORs, XSS injections in complicated places).
Also, I will try to dig deeper, especially with the custom applications.
If you are using your casual browser, instead of the built-in Burp Suite browser, the first thing you have to do is to import the Burp certificate. This can be easily done by downloading it from the http://burpsuite and installing it according to your browser instructions.
But what if your certificate is in place and you are getting a blank page by using Burp Suite proxy?
This can be antivirus fault.
Antivirus software usually provides some kind of web protection. For example, ESET Internet Security, has a Network Attack protection (IDS), that prevents network attacks.
And the thing is, by using Burp Suite, you are basically executing a MiTM attack. So, the antivirus blocks the “attack”.
This is how you can fix the the Burp Suite blank page if you are using Windows and ESET antivirus.
Open the ESET Internet Security dashboard:
Go to the Setup:
Choose the Network protection:
Choose the Network attack protection (IDS):
Now in the opened page, choose the Web and Email, and expand the Protocol Filtering settings. You will see the Excluded applications option. Click Edit:
A list with exclusions should open:
What you should do next, is to make the exclusions for the two applications: Burp Suite, and Burp Suite embedded browser.
Locate where is the Burp Suite installed, and copy the path of Burp Suite executable, and the embedded browser executable.
In my case they were located in the AppData\Local\Programs\BurpSuitePro directory:
Probably the easiest way to find where is the Burp Suite in your system, is to search for the Burp Suite shortcut, right click on it, and check what is the path in the properties.
After making the exclusions, you should not get the blank page on the embedded browser of the Burp Suite anymore.
NOTE: keep in mind that in the Chrome browser, that is built into Burp Suite, is stored in the folder called by the version number. This time we whitelisted the browser that is located ..\burpbrowser\104.0.5112.102\chrome.exe, but after an update, the version will change, and the URL might be ..\burpbrowser\105.0.5195.54\chrome.exe or any similar. So, after every update, you will have to repeat the process and edit the path you’ve previously whitelisted.
Bug bounty is one of the hot topics nowadays. If you are actively following cybersecurity people on social networks (especially Twitter), you had probably noticed this. Once in a while you could see that one or another person found high severity vulnerability, and was rewarded with a significant bug bounty.
On the other hand, this is pretty rare. Many people are participating, but only a few are succeeding.
So how perspective are the bug bounties? Is it just a way to kill your time, without earning anything or is it a legit way to make living?
I guess it is something in between. At least that’s my opinion. But for the curiosity and for the learning purposes, I’ve decided to try it myself.
That’s why I am starting 160 hours bug bounty challenge.
This is an introductory blog post explaining my motivation and goals. I will update my progress periodically, and you could expect the next article after about a week or two. In my next post, I will talk about the targets I’ve worked with and what strategies I’ve used.
Why?
I’ve had this idea for a while.
There is a popular opinion that by participating in bug bounties you are free to decide how much you work, and when you work. Even though I have a very realistic view of the bug bounties and I understand that only a few makes a living from it (compared to the many of those that are trying), I’ve wanted to check if this is true.
I am not dreaming of becoming a full time bug bounty hunter, as it has some drawbacks, that I am not amazed with (I’ve explained them in my other article). But of course, earning some pocket money would not hurt.
The reason why I am really going to do this, is to become a better penetration tester and to grow my skills.
So, I will be dedicating part of my free time searching for the bugs.
I probably spend more time than needed planning and strategizing how I am going to execute this. Now looking back it would be wiser just to jump into bug bounties.
Anyway, this is what I want to achieve:
Understand the potential RoI bug bountying with my current skill set (time spent vs money earned)
Learn a lot. As I can work on anything I want, I can choose the targets where I will learn the most.
Have a bugs found under my name that I could add to my portfolio. Being employed at the company, I can‘t disclose my accomplishments to the public (because of the NDA). But having publicly disclosed vulnerabilities would benefit my career in the future as I will be able to add it to my portfolio.
Give back to the community by documenting my journey on my blog. I would be happy if my journey will inspire at least one person to start participating in bug bounties.
Some other things that I want to emphasize:
Financial goals: I have none. By setting financial goals I would put myself under unnecessary stress. This would have negative impact for my productivity, and I would potentially miss possibility to learn from interesting targets („this one does not pay that much, I should not pay attention to the program“).
Challenge duration: 160h. This number is not based on anything specific. But I believe that in order to see some results you need to spend some time on the craft. After some time, ex. after 160 hours, you can draw conclusion. The 160h equals to working for a whole month full-time (8 hours a day, 20 days a month). So, it is interesting to investigate what can be achieved in a month.
When I am going to hunt: “at night”. Well maybe not literally. I am aware about the burnout possibility when doing this after my 9-5 job. So, I will try to spend at most couple of hours each working day, and will hack for a little longer during the weekends.
Platform: Intigriti. While there are many different platforms out there, I‘ve decided to start on the Intigriti. Even though I am not very familiar with it, I like the platform. I also expect there to be less competition, compared to the HackerOne or other bigger players.
My Strategy
I am going to spend some time on one program, try all the things I know and can, then move to another one after a while (after 5h, 20h, 40h, etc. This really depends on the size of the target).
What I mean by “trying everything I know”:
Using open source recon tools and scanners
Checking for IDORs, and other OWASP vulnerabilities
Using OWASP checklists and assessing functionality manually
Executing other relevant to the target security checks
…
Nothing too fancy.
I could go with one of the approaches:
Choose one type of vulnerability and and look for it on different targets that are in scope of the vulnerability disclosure programs.
Choose a target and thoroughly look for different types of vulnerabilities
As for this project I am heavily focused on learning, I will be focusing on testing different targets. So I will do my best with my current skills and knowledge. Of course, reading vulnerability disclosure reports will be a part of the journey, but I will try to spend as much time hands on as possible.
As an example – if I‘ve found that the target is using Oracle database, I wont‘ spend days after days reading everything about Oracle databases configuration, I will rather check if the software is up-to-date, if not, what are the vulnerabilities and how it can be exploited.
My Background
I’ve started my career 3 years ago, when I was still at the university (I had finished IT studies at the Vilnius University). I got a job at the company creating custom software. At the beginning of my career I was working part time as a QA, but at the same time I was learning penetration testing.
So, right now I have almost 3 years of experience working as a penetration tester, and I am working with different clients of our company. During my career I’ve mostly performed penetration tests for web applications. However, once in a while I have to perform internal penetration testing.
I am not a superstar pentester, and during the day to day testing I often rely on commercial tools (so, my manual pentesting skills are not on a high level), but I am not a newbie also. I still have so much to learn, and I consider my knowledge average at most.
Why Making a Full Time Living From Bug Bounties Is Not My Goal
First of all, I find it highly unrealistic that I will be able to earn the same while bug bounty hunting, as I am earning being employed as a 9-5 penetration tester. There aren‘t many people doing bug bounties full time instead of the traditional 9-5.
I would be happy to disprove this. But in order to earn while doing bug bounties full time you have to constantly deliver. And if you are a 9-5 worker you get paid for the hours. So, it means you are also being paid for participation in the useless meetings and working with the dull documentation.
Also, the beginning of participating in bug bountying is hard. There is a lot to learn and there is a lot of competition. Even if I‘ve managed to find vulnerabilities, I have to be faster than the other to get paid.
And of course, cost of living in Lithuania where I am based is not very low. It is not that high like in the western countries, but far higher than in some countries, such as Pakistan, or India, where you could potentially make better money from bug bounties than 9-5 job at a local IT company.
Another reason why I am not thinking about going full-time on bug bounties, is that I want to keep it fun. And the easiest way to start hating your hobby, is to do it full time.
Even though I will not be looking at financial numbers while doing this, I expect this to pay it off in the long term. I will be building skillset and creating a track record of bug bounties. With the solid knowledge that I can prove I will be able to progress my career. Certificates, blogs, bug bounties – everything helps you to stand out from the competition. I strongly advice you to be working on your side projects if you want to progress your career.
Part Time Bug Bounties vs Full Time Bug Bounties
Let‘s start from the advantages of spending your whole time on bug bounties:
You learn at a fast pace. As you can choose what vulnerability disclosure programs to work on, you can learn dozen of things along the way. You can test different systems having various tech stacks, use different testing tools, methodologies.
Disadvantages of the full time bug bounty hunting:
If you are thinking of doing this instead of a „normal“ 9-5 to job, you are facing an unstable income. This can be pretty stressful as you do not know if your effort will get rewarded. You might not find anything after spending a month on a target, or your findings might be rejected as duplicates.
Chance of burning out. This is a serious problem not only for the cybersecurity professionals, but for the other professions too. However, cybersecurity specialists are often facing the chance to burn out. If you spend day after a day searching for the vulnerabilities, which is a pretty technical job, you might soon face the consequences.
What are the advantages of doing bug bounty hunting part time:
If you are doing this on your free time, you are not restricted to anything and you can have an open and well rested mind. Bug bounty hunting for 2 hours each day might be beneficial compared to the grind of 8h+. You might be more creative and have better ideas during the splitted sessions on different days. Different things, such as your mood and level of energy are a huge success factors. And while you are sitting on the same task for a prolonged period of time, being creative might be harder. On the other hand, if you are digging to find one specific vulnerability, focused and undisturbed time might be better instead of 4 separate sessions.
Final Words
As this is public challenge, I am going to periodically release updates. I have not decided how frequently I am going to share my progress, but I will try to write every 20-40 hours spend on bug bountying (of course, if anything major happens, more frequently).
I am also not sure how long the journey would take. But I believe it will take at least a few months, as the 160h is not a calendar time, but the actual time spent working. So, maybe some weeks I will not feel like doing it, and will spend only 10 hours. But some other weeks I might dedicate more time on this.
What I promise you, is that I will not step back and I will finish the challenge.
It does not matter if you want to be a bug bounty hunter, or get employed as a penetration tester, in order to increase your ethical hacking skills, you must constantly learn. One of the knowledge sources, are the books. So, today we are going to review best books for ethical hacking.
I have read most of the books from the list. Being a cybersecurity professional myself, I can rate how useful these books are. Without a doubt there is no golden book that will teach you everything. Each of them provides value in different ways.
Reading technical books is great. It will broaden your mind and teach you things you couldn’t think of before. This is especially important in ethical hacking – the more different hacking methods you know, the more likely you will be able to find new vulnerabilities.
But what is more important is the practice. That’s why in each of the book reviews I’ve recommended vulnerable application to train and apply book concepts on. For example, to understand the web application vulnerabilities, you might to practice on DVWA.
So, today we are going to talk about the best books for ethical hacking. I am sure that anyone, from a complete beginner to a seasoned professional will find value in these books.
When it comes to the penetration testing and hacking books, there are a few big publishers:
Wiley
Packt
McGraw Hill (All-In-One type of books)
No Starch Press
There are also some independent writers who had managed to write a book and release it from their own pocket. The books could be found on Amazon. However, the books vary in quality as nowadays it is very easy to create an e-book and put it for sale as a digital product.
But the real knowledge lies in various blogs, like the bughacking.com itself. As the industry is growing at a fast pace, for the newest information you have to refer various sources. And the write-ups of the security researchers that managed to find zero-days are pure gems. It teaches you the latest vulnerabilities and vulnerability searching methodologies.
Books do become obsolete and the knowledge might be a little bit outdated. Especially if the books were released 3, 5, or even more years ago. Although if a book is well written, it holds value for many years. After all, the cybersecurity basics and the goals of the criminals does not change that drastically..
Best Ethical Hacking Books
These are some of the best books for cybersecurity professionals and penetration testers.
This book is great for: anyone who wants to gain basics of the hacking. Even non technical people will benefit from the book.
Hacking for Dummies is a book of the For Dummies series. Written by the Kevin Beaver, CISSP with 27 years of experience in the IT security, the book covers the main concepts of hacking pretty well.
Book topics includes:
Security testing – why is it needed, how do you start, what tools to use, how to identify the security flaws, and how to evaluate the results
Hacking mindset – what is it and how you can gain one
Social engineering, physical security
Network hacking, operating systems hacking, applications hacking
Prioritizing vulnerabilities, patching them, increasing the security psoture
On the April 8 of 2022, 7th edition of the book was released. As this is the updated version of the book, it covers new topics, such as Windows 11 security issues.
If you are a complete beginner in hacking, this is really the book to go. It does not require a comprehensive IT background, explains the things in an easily understandable way, and guides you in your further learning.
Difficulty: intermediate (not a “for dummies” type of book)
This book is great for: developers that wants to improve their security knowledge; novice hackers
Even though this books was written in the 2008, it is still relevant nowadays. Hacking: The Art of Exploitation is book that goes deep with the hacking concepts. And that’s why this book is praised – instead of being another book about high level attacks, such as SQL injection, XSS, or RCE, the book is goes into explaining programming concepts (over 100 book pages are dedicated for this topic. C programming language is used for the examples), code exploitation (ex. buffer overflow with code snippets that shows what is going on under the hood), networking, cryptography, shell scripts, and countermeasures against attacks.
These are main things you will learn after thoroughly reading the book:
Basic C programming, assembly language (definitely a necessary thing to understand before continuing with the modern programming languages), shell scripting
Arbitrary code execution by exploiting buffer overflow and format strings vulnerabilities
How everything works on the low level – by using the debugger to inspect processor registers and system memory
Evade typical security measures and IDS (intrusion detection systems)
Use port-binding or connect-back shellcode for gaining access to the remote server, and hide your tracks by altering server logs
Scan ports, sniff network traffic by redirecting it to your machine, and hijack TCP connections
Crack WiFi traffic with specialized attacks
.. and many other things
While this is not a book that will make you a professional penetration tester overnight, the material explained in the book is a must for a deeper understanding of the art of hacking. This is one of the books you should start with as it teaches you the hacker mindset (but don’t expect to magically get this mindset only from one book).
This book is great for: for those who want to get the basics of ethical hacking
This is another great book for hackers that are just starting. If you are an advanced penetration tester, you might not benefit much from the book. But for those who do not have the basics, this is the perfect starting point.
You might find the following topics in the book:
Penetration testing introduction (Kali Linux, creating hacking lab, phases of the penetration test)
Reconnaissance (main tools and methods of recon)
Scanning (different types of port scans with Nmap)
Exploitation (Medusa, Metasploit, password cracking, Wireshark, and more)
Social engineering
Web based exploitation (spidering, intercepting, scanning, attacking)
Post exploitation and maintaining access (backdoors, rootkits, Meterpreter, Netcat)
Delivering penetration testing results (writing a report)
While published in the 2013, the book is still relevant today as it nails the basics pretty well. Tools covered in the book are still actively maintained nowadays. And other topics, such as social engineering, are evergreen as it exploits the same aspects of the human psychology just in different ways.
This book is great for: beginners (to learn web vulnerabilities), penetration testers (great reference guides during pen testing), developers
Calling this book The Bible of web application penetration testing would be brave, but it’s close to that. The book covers majority of the topics of web application security testing. This book is written by the people behind Burp Suite – one of the most popular tools for web app security testing.
The 912 pages of this book cover the following topics:
Web Application security
Core Defense Mechanisms
Web Application Technologies
Mapping the Application
Bypassing Client-Side Controls
Attacking Authentication
Attacking Session Management
Attacking Access Controls
Attacking Data Stores
Attacking Back-End Components
Attacking Application Logic
Attacking Users: Cross-Site Scripting
Attacking Users: Other Techniques
Automating Customized Attacks
Exploiting Information Disclosure
Attacking Native Compiled Applications
Attacking Application Architecture
Attacking the Application Server
Finding Vulnerabilities in Source Code
A Web Application Hacker’s Toolkit
A Web Application Hacker’s Methodology
The second edition of the book was released in 2011. However, even though over 10 years had passed, the same vulnerabilities are often found in the modern software. This is a comprehensive guide of the web vulnerabilities that can be used as a reference guide. If you are a penetration tester, this is a book you must have on your shelve
This book is great for: people who want to get the basics of Linux
Linux is something that every aspiring hacker has to known. Not only many popular cybersecurity tools are written for Linux operating systems, Linux is often used as an operating system for hosting business applications. So, you will face Linux often if you are going to be a penetration tester. Knowing the main concepts of the operating system will help you to understand more advanced ethical hacking topics.
But the book provides more than the Linux basics. It covers many interesting Linux security topics that will come in handy working as an ethical hacker. Some of the topics are:
Covering tracks by changing network information and clearing logs
Scanning network connections
Using TOR, proxy, VPS, encryption
Writing your own bash scripts
Abusing common services (MySQL, Apache, OpenSSH)
This can be considered as one of the best Kali Linux books. While talking about Kali, it teaches your about the Linux in general, as Kali Linux is based on Debian.
If you not only want to learn the Linux basics, but also to hack on Linux, this is a book to go. It covers some Kali Linux tools, such as aircrack-ng.
While the book is not the longest one (it has 247 pages), you will definitely find value. Even if you are an experienced Linux user.
This book is great for: everyone (in order to know how not to fall victim)
This book not a hands-on technical guide. However, it talks about very important hacking subject – social engineering. Human is the weakest link. It is easier to trick a person into revealing his or her password, instead of spending resources and time cracking the password.
And when it comes to the corporate networks, the consequences of one employee opening malicious email, can be disastrous. That’s why the social engineering is something every ethical hacker should know.
Some of the companies are even hiring hackers to execute phishing campaigns in order to raise employees awareness. And more than that – sometimes you even have to use social engineering to get into the building. After such exercise, it can be evaluated how many employees became the victims of organized campaign.
The book Social Engineering: The Science of Human Hacking will teach you:
The most common social engineering tricks
Techniques that are not effective
Some of the infamous cases of the social engineering that made it to the headlines
Skills needed to be a social engineer
Counter measures against social engineering
This is one of the best books of social engineering.
If you’ve mastered the basics of penetration testing, this is a book if you want to level up your skills. It talks about social engineering, command and control centers, privilege escalation, network infiltration. Basically it guides you through the main steps how the red teamers operate.
In the book, you are being introduced with ransomware gangs and how the gangs are operating, infiltrating the networks, and achieving their objectives. The book is pretty informative, as it contains code snippets of scripts used for the attacks.
The book contains examples of how the cyber kill chain steps are being implemented in the wild. From discovering the attack vectors, to creating custom code in order to achieve your goals.
It also has many different stories by the author from the security assessments he had personally participated. This makes the book a perfect source of a specific security knowledge, as it contains unique examples.
This book is great for: red teamers and penetration testers
RTFM is heavily focused on the red teamers, but this is also a great book for penetration testers. Even though it has only 96 pages, it provides great value.
RFTM is a big cheat sheet with various commands beneficial during the red team engagement. It contains information on many topics:
Unix
Windows
Networking
Web
Databases
Programming
Wireless
Not only the guide shows simple commands handy during the red teaming engagement, it explains how to use penetration testing tools, and also provides useful information (ex. the most common ports, broadcast addresses).
What is important to understand about the book, is that it is a reference book. This is not another tutorial that shows how to install Linux, or run Kali Linux tools.
Another great book for hacking web applications and networks. It contains everything you need to become a good ethical hacker:
Using the most common tools (Cobalt Strike, Metasploit, PowerShell, and many other)
Performing reconnaissance
Web application vulnerabilities
Compromising the networks
Social engineering and technical part of performing a social engineering attack
Physical attacks (not that type of attacks you thought. Network attacks)
Various tricks of cracking, exploiting systems, disabling logging, etc.
The Web Application Hacker’s Handbook is very comprehensive guide that will introduce you with the main techniques and tools of hacking. If you are a beginner, you might want to choose a less advanced book, however if you are dedicated enough, you will learn a lot. However, you might not understand everything the book says, but you can always re-read it after you’ve gained more experience.
This book is great for: penetration testers, developers
Another great book about hacking that covers basics needed to be a good penetration tester. As the name of the book indicates, this is a hands-on book focusing in providing relevant examples instead of theoretical situations.
With the book there comes a lab where you can practice the things explained in the book. However, as the book is released in 2014, the labs are a little bit outdated. But as there are platforms, such as TryHackMe, or Hackthebox, you can easily find where to practice.
If you are a beginner in the penetration testing but you have IT background, this book will give you a comprehensive view of the penetration testing field.
The book is separated into five different parts:
Part I talks about basics of penetration testing (Kali Linux, virtual labs, programming, using Metasploit)
Part II covers assessments essentials (information gathering, finding vulnerabilities, capturing traffic)
Part III talks about different attacks (password attacks, client side attacks, social engineering, web application, wireless), antivirus bypasses, post exploitation activities
Part IV explains about buffer overflow vulnerabilities in Linux, and Windows, exception handler overwrites, fuzzing, porting exploits, and Metasploit modules
Part V focuses on mobile hacking (and using the Smartphone Pentest Framework)
The hands on approach of the book makes it a great choice if you want to get practical skills. It also covers mobile hacking, which is rarely talked about in other books.
The book is perfect for the beginners of penetration testing. Even if you do not have an IT background, you will understand the things explained in the book. Although having the general IT knowledge won’t hurt.
Real-World Bug Hunting talks about the classic vulnerabilities:
Open Redirect
HTTP Parameter Pollution
Cross-Site Request Forgery
HTML Injection and Content Spoofing
Carriage Return Line Feed Injection
Cross-Site Scripting
Template Injection
SQL Injection
Server-Side Request Forgery
XML External Entity
Remote Code Execution
Memory Vulnerabilities
Subdomain Takeover
Race Conditions
Insecure Direct Object References
OAuth Vulnerabilities
Application Logic and Configuration Vulnerabilities
It also covers bug bounty basics (including how you can find the bug bounties). The book also teaches writing vulnerability reports, and provides a list of tools used by the hackers on a daily basis.
This book stands out from the other ones of the same genre. With each of the explained vulnerability, there are actual examples based on the HackerOne vulnerability reports. Not only you learn the basics, but you get an example of how the vulnerabilities look in the wild.
All in all, this is one of the best hacking books covering main web application vulnerabilities. Specific examples allows you to understand how you can find the given vulnerability in real targets.
This is one of the newest books of the list, but it it is not inferior to its competitors. As the book was published in the 2021, it has the most up-to-date examples. The book is well written, informative, and covers most of the basics of the ethical hacking.
The books talks about intermediate level penetration testing topics. So, understanding the subjects fully requires some technical background. If you are coming from other IT position, this book will be a great entry point to the ethical hacking. If you are a complete newbie, this might be a little bit over your head. But with enough dedication you will be able to crack the topics.
The book is divided into five big parts:
Part I: Network Fundamentals
Part II: Cryptography
Part III: Social Engineering
Part IV: Exploitation
Part V: Controlling the Network
Ethical Hacking: A Hands-on Introduction to Breaking In contains many practical tasks, such as:
Capturing the traffic and analyzing in the Wireshark. This is a task you will often face when performing internal network penetration tests.
Using Mimikatz to capture passwords in corporate Windows networks
This book is great for: those who want to start the penetration testing career
If you are determined to become good at penetration testing, this is one of the books that you could use to start your journey.
The book goes a little bit deeper than the usual “for dummies” type of book. The sixth edition, released in March 9, 2022, has 704 pages and covers many different relevant ethical hacking topics. Including:
Basics of C, Assembly, and Python programming
Different types of fuzzing (the book also has lab exercises where you can learn to use fuzzing tools)
Reverse engineering methods
Software-defined radio hacking
Penetration testing essentials (how you can become a pentester, pentester taxonomy, training, degrees, practicing, etc.)
Red teaming operations (tactics, scoping, communicating, attack frameworks, …)
Purple teaming
Bug bounty programs (history, different types of disclosures, bug bounty programs, incident response)
Exploiting systems (capturing password hashes, getting shells)
Basic and advanced Linux and Windows exploitation
Web application vulnerabilities and exploitation
Malware analysis
Ransomware, ATM malware
IoT hacking
The book talks about gray hat techniques that could be successfully used during the daily tasks of a penetration tester. As you might see from the previously stated topics, it covers a variety of ethical hacking subjects. There are plenty of books which, even though are about ethical hacking, focuses on the web application vulnerabilities.
But this one touches topics that are relevant nowadays, such as ransomware, or IoT hacking. It is true that most of the penetration testing job requires to perform tests for web applications. But that does not mean that vulnerabilities exists only in web apps. It has been proven many times, that everything from the IoT devices, to SCADA systems could be hacked. And if you want to become a good penetration tester, you must have basics of different types of devices and systems security. After all, you don’t know what you will have to work with in the future.
This book is great for: penetration testers that wants to improve their skills
While the book is not for the beginners, this is one of the best books for hacking, that every cybersecurity specialist must read. Especially if you want to become good at reverse engineering.
Ghidra is a software reverse engineering suite of tools used by many different reverse engineers. Developed by NSA research directorate, the tool is de facto standard of the reverse engineering. What’s best about the tool, is that it is open source. Currently it has over 33.7k stars on GitHub.
Talking about the Ghidra Book, it covers main topics needed to become good at using the tool. After reading the book, you will be able to:
Perform disassembly
Use the Ghidra’s decompiler
Analyze obfuscated binaries
Extend Ghidra and build new Ghidra analyzers and loaders
Add support for new processors and instructions sets
Script tasks of Ghidra to automate workflows
Build your own reverse engineering environment
Even thought it talks about advanced topics, if you are completely new in the reverse engineering, this book is a great guide for you. Not only it describes the main features of the Ghidra tool, it goes into the technical details of the actual reverse engineering of the software. And this is not a “read and forget” type of book – you can use it as a reference guide.
Once in a while Humblebundle.com announces book bundles. During the discount, you can get books that are entirely focused on the cybersecurity topics. Usually there are more than 10 books in the bundle. And the books comes in different formats (EPUB, PDF, MOBI).
The money paid for the money goes to the charity. So, not only you get a great deal for a cheap price, the money paid serves good purpose.
Unfortunately, after the deal is over, you are not able to buy it. But keep checking the Humblebundle, and you will be able to find great deals. This is definitely not the first one, and probably not the last Humble Bundle offer of great books for cybersecurity professionals.
Further Learning
After you’ve got the basics of hacking, it is very important to practice your skills. And this can be done in many different ways:
Practice on TryHackMe. This is a platform with gamified lessons. There are plenty of free and premium rooms, where you can try hacking different things.
Watch cybersecurity tutorials and walkthroughs. There are many great teachers out there: John Hammond, NahamSec (streams on Twitch each sunday), STÖK, David Bombal, and many more. These are the people that create high quality content that is free and available for anyone.
Use this list of best books for hacking as a guide where to go next.
According to the NVD database, over 6000 vulnerabilities were published in Q2 of 2022. This is a really astonishing number considered that these are only the vulnerabilities with CVE assigned. There were plenty vulnerabilities found in the custom software that does not receive such ID. The rate the vulnerabilities are being found is not slowing down. That’s why ethical hackers that are searching for security flaws, are in high demand. And one of the ways how to bring together ethical hackers and companies that wants their systems to be tested, is the bug bounty platforms. So, today we are going to talk about the best bug bounty hunting platforms.
Why security researchers are participating in the bug bounties?
People are participating in bug bounties for many reasons. Some of them wants to quit the corporate job and be in control of when they work and how much they work. Others wants to learn. And for the others, this looks like an easy way to get rich. While this is definitely not a “get rich quick” method, a dedicated person can truly earn from this either by doing it full time or part time.
What Is the Purpose of the Bug Bounty Hunting Platforms?
Bug bounty platform is a place where various bug bounty programs are listed. The platform usually acts as bridge that brings companies that wants their systems to be tested, with ethical hackers, that wants to test the systems for a reward or recognition.
In a way, bug bounty platform is a man-in-the-middle.
Think of a bug bounty platform as a notice-board. Various companies had declared about their bug bounty programs and everyone could come and see what are those companies. Each of the postings has rules of engagement, targets in scope, and minimal and maximum payouts for the bounties.
Everyone can see this information (if the bug bounty program is public), and participate. Some of the benefits of such platforms is that you can use them to report vulnerabilities. After submitting a report, representative of the company to which you submitted vulnerability, will be able to review it, and accept or reject it.
Benefits of a bug bounty platform for security researchers:
Listings of various vulnerability disclosure programs (VDP) in one place
Rankings – you can easily compare how you stand with other platform users
Reports of publicly disclosed vulnerabilities. This is beneficial to understand how report of specific vulnerability should look like, and to learn in general.
Legal protection – you can participate in the programs legally without worrying about the consequences for doing the right thing.
Benefits of a bug bounty platform for companies:
Exposes targets to a high number of penetration testers. This results in found vulnerabilities before it is exploited by malicious hackers
The platform removes some of the administrative burden and assists assessing the findings that hackers had submitted reports
Promotes the vulnerability disclose program to security researchers. The users are already there and they are working on different programs
How Popular Is the Bug Bounty Hunting?
It all started in the mid-90s when the Netscape created the first bug bounty program ever. At the time the bounty of 500 dollars was declared for the bugs. The same amount of money as a prize remained standard until 2010, when the Google started offering 1337 dollars for the higher severity vulnerabilities. Soon after that, bug bounties started gaining traction and potential payouts started to grow. And there we are – right now, Apple offers for up to 1 million dollars for the critical vulnerabilities.
38 863 bugs were reported in 2020, and in 2021 this number increased by 10% – up to 42 805 bugs.
Money is also there. According to the same report, on average you can earn 3000 dollars for a critical vulnerability. This is 20% increase from the average amount in 2020.
So – are the bug bounties worth it?
It is for many different reasons:
First of all, it’s a great way to learn.
Secondly, this is rewarding financially (however you will unlikely get rich, especially if you are just starting).
Thirdly, the community is awesome. There are so many great people you can learn from.
How to Choose a Bug Bounty Hunting Platform?
In order to have the answer, you must answer yourself a simple question – what is your goal?
Is your main goal is to learn?
Then the biggest bug bounty platforms, such as HackerOne, or Bugcrowd has many participating companies with big scopes. However, you can learn from any program, so you don‘t have to fixate on one platform. A good way to become good at hunting, is to read reports of other security researchers. HackerOne disclosed vulnerabilities comes handy in this matter.
Do you want to make the internet a better place?
If you want to make the public software safer, search for the vulnerabilities in open source. Open bug bounty is a project for the purpose.
Are you interested in blockchain bug bounties?
For this purpose there are dedicated bug bounty platforms. One of them is the Immunefi.
Are you a seasoned professional looking for the extra money?
Choose a private bug bounty programs where the competition is lower. While getting into the private bug bounty program is harder, the rewards might be better, and, usually, there is less competition. However, as the top notch talents are participating in the private programs, don‘t expect it to be easier to find vulnerabilities compared to the public programs.
These were just an examples, you can still learn, earn, and make the internet a safer place, while working on any bug bounty hunting platform.
And how do you choose a bug bounty program from a platform?
There is no correct answer.
If you are a beginner, and want to learn, you should not restrict yourself. You might pick one program, and then switch to another. A good idea would be to choose a program with many disclosed reports. In this way you can spend some time testing, and when you are familiar with the application you are testing, might check the reports and analyze if you’ve managed to find such vulnerability on your own.
But if you want to earn some extra money, you should look for the programs that have the least number of researchers. The reason for this is that the well established programs have many people searching for the bugs, and they probably have found many of them. So, there might be less vulnerabilities left. But of course you should also check the payouts for the disclosures, and how many of the reports resulted in the payouts.
Best Bug Bounty Platforms
The main criteria that determine the worth of the bug bounty hunting platform are the number of organizations on the platform and the number of participating users.
The more different companies trust the platform to implement their bug bounty program, the easier it is for the bug bounty hunter to choose what they want to work on.
And the large number of registered people shows that the platform is popular among searchers and is reliable. Choosing the platform might be difficult at first. If you are a beginner, just get started on one, try the other ones, and decide which one you like the most.
Another important thing to understand about the bug bounty platforms, is that there are private and public programs. In order to be invited to the private programs you will have to earn your name. But more on this later.
These are the best bug bounty platforms.
HackerOne
HackerOne is probably the most popular bug bounty platform. Founded in 2012, and based in San Francisco, California, HackerOne received funding in Series A, B, C, D, and E rounds. In the last funding round, Series E, HackerOne raised 49 000 000 USD. Being one of the pioneers of bug bounty platforms, HackerOne is one of the biggest names in the industry.
Some facts about the HackerOne:
Over 1 million security researchers on the platform
More than 294 000 vulnerabilities resolved through the system
1 000 companies are working with the HackerOne (although not all of them have vulnerability disclosure programs on the platform)
Over 100 000 000 $ in paid bounties (as of May 2020)
Has many public reports that is a great source of learning
Bugcrowd is another bug bounty platform that is a huge name in the bug bounty industry. Founded in 2011, it is one of the first, and one of the largest platforms. Company was founded in Sydney, Australia, but right now they have different offices across the world with the HQ in San Francisco.
Various companies trusts Bugcrowd for hosting theirs vulnerability disclosure programs, and Bugcrowd also offers penetration testing services, and attack surface management.
Currently Bugcrowd has over 1400 bug bounty programs.
Intigriti
Intigriti is another popular bug bounty platform. It claims to be the most popular platform in Europe, and it has many European companies as their clients. Founded in Belgium in 2016, the company has made its name in the community. Intigriti is active with its blog – they have the Bug Bytes – periodical infosec news, and they are also actively engaging with the audience on Twitter.
While the Intigriti has less bug bounty hunters than the big guys, such as HackerOne, right now there are:
About 400 active bug bounty programs
About 50 000 security researchers
Over 5 million in bounties were paid
Intigriti had secured over 21 million in Series B funding in 2022 April, and is growing year after year.
YesWeHack
YesWeHack is another bug bounty platform founded in Europe – it is headquartered in Paris, France. The company has offices in France, Singapore, Switzerland, Germany.
Platform has 30+ different bug bounty programs.
While this is not the biggest platform out here, the company is gaining traction. In 2019 YesWeHack raised 4 million euros in Series A funding round. And in the 2021, platform had raised 16 million euros in Series B funding round.
Synack
Synack is a bug bounty platform you won’t get that easily on. Created in 2013 by former NSA agents Jay Kaplan and Mark Kuhr, Synack provides various cybersecurity services for the biggest companies. Synack also has private bug bounty programs for the security researchers, however in order to participate in them, you must prove yourself and apply for the seat in Synack Red Team.
One of the biggest advantages of the Synack, is that you can additionally get paid for other things than found bugs. Checklist work is also rewarded.
As the Synack takes care of the triage process, and pays the bounties themselves to the security researchers, the process is stable and consistent.
Openbugbounty
While you won’t become rich by participating in the Openbugbounty bug bounties, you have the chance to make internet a little bit safer place. Openbugbounty is a community-driven platform that connects security researchers that found the vulnerability in any website, with the website owners.
By the help of platform, over 1 259 000 disclosures were submitted, and over 905 000 of vulnerabilities were fixed.
Almost 1 600 bug bounty programs are on the platform, and over 3 165 websites can be tested.
To the date, the platform attracted over 28 000 security researchers.
Hackenproof
If you are interested in Web 3.0 bug bounties, Hackenproof is a platform to go. The platform is dedicated entirely to the bounties of the crypto projects. The platform is created by Hacken – company that was founded in Kyiv, Ukraine in 2017, and since then it is delivering cybersecurity services with strong focus on blockchain security.
Currently there are 37 bug bounty programs on the platform. And the total reward pool for the bounties is over 553 000 USD. Programs had received over 5700 reports.
Immunefi
Immunefi is another bug bounty platform that is dedicated for Web 3.0 bug bounty programs. Founded at the end of 2020, Immunefi offers some of the biggest bug bounties in the industry.
Bug bounty programs of the Immunefi has payouts up to 10 000 000 USD.
In total, over 40 000 000 USD in bounties were paid out. And there is still over 132 000 000 USD potential bounties left.
As the Web 3.0 is an industry where a hack could cause tremendous financial losses, found vulnerabilities had averted over 20 billion USD hack damages.
If you are smart contract auditor, this is the platform you will find many smart contract bug bounties.
Does the Bug Bounty Experience „Counts“ as the Work Experience?
While there are some positions where formal education and certificates is a must, people with experience are more valuable than fresh graduates. And if you have bug bounty experience, you can prove that you are capable of finding underlying security issues.
Unfortunately, not every HR understands what are the bug bounties and how much of a gem is a person that has a track record of vulnerabilities found in bug bounties.
As the term ‘bug bounties’ might not mean anything for some people, when applying for jobs you must formulate the fact that you have experience in bounties, accordingly. Example:
Last 6 months I’ve spend searching for vulnerabilities in systems of companies in various industries (some of the companies: Google, Facebook, Yahoo). I’ve managed to find critical vulnerabilities, that, in total, were rewarded 15 000$.
This definitely explains more than the plain fact that you’ve participated in bountying.
How Hard Is to Earn Living by Being a Full Time Bug Bounty Hunter?
What is worth considering, is the experience you already have. If you do not have much IT experience, jumping directly to the bug bounties and expecting making a full time, is just not very smart.
The applications that are on the programs are „battle tested“. Internal security teams had already performed penetration tests before exposing targets to the public. So it is way harder to find vulnerability in such application.
If you did not have enough experience with penetration testing, you should keep your expectations low. Of course, you might get paid, but have to be extremely lucky, but in most of the cases this will not pay off financially. Keep in mind that many people are searching for the bugs on the same target. Some of the most popular bug bounty programs even have thousands of security researchers searching for the bugs.
Be aware of the burn out.
If you are a full time bug bounty hunter, you can easily burn out. And the reason for this is that the job is pretty technical. Also hackers have the mindset of not giving up and trying harder. But if you know how to keep the work-life balance, you will be fine. It is crucial to understand that life is more than bugs.
Another thing to consider before switching to full time bug bounty hunter, is that you will be working alone. Of course, the community is pretty supportive, and you can always talk with like-minded people on Twitter. But the fact is that you won‘t be working in a team, and you won‘t be communicating with people during your work (only when explaining your findings). If you are an extrovert that likes communicating, you might miss it sooner or later. Social isolation is a serious risk.
While bug bountying is a form of living, if you love hunting for vulnerabilities, you might consider becoming a penetration tester. Here I’ve written an article about penetration testing as a career.
Private vs Public Bug Bounty Programs
The main difference between private and public bug bounty programs, is that private ones are available for a smaller set of security researchers.
In order to be invited to the private bug bounty hunting programs, you must recommend yourself. And the best way to do so, is to have a track record of disclosed vulnerabilities.
By participating in bounties and having different vulnerabilities disclosed, you will receive an invitation. For example, if you are hunting on Hackerone and building your profile there, if you are successful enough, you will receive messages with invitations to the private programs.
The reason why these programs are private, is that the participating companies do not want to expose everything to public. Even though more testers would participate if the program was public, it also does provide more risk. Especially if it is a critical system for the company.
Final Words
At the end it really does not matter what platform you choose. As long as you are hunting for the security bugs, you are progressing in your career. You can pick one or another platform from the list of best bug bounty platforms, gets yourself familiar with it, and if you want to to test another one, feel free to switch. After all these are just platforms. The most important thing is the enrolled companies. And some of the companies might be participating on different platforms.
Cybersecurity specialists are the wizards that are capable of hacking the mainframe. At least that’s what we are told by the movies. However, have you ever thought how the hacking skills could be monetized in the real life without doing anything illegal? If you were doubting if the penetration testing is a path work taking, this article will help you to understand how you can make money from hacking.
There is always a way how you can use your talent in a legal way. As the cybersecurity skills are on demand, the opportunities are endless. Hackers do earn money in different ways. After building a solid skillset, it is a matter of preference how you want to make your living.
Method #1 – Participate in Bug Bounty Hunting
By participating in the bug bounty programs you could earn some serious money. Companies, such as Apple, could pay you up to 1 million dollars for a critical vulnerability. In reality only a small amount of hunters do earn enough money from the bug bounty programs for a living. If you have no experience with the bug bounty hunting.
If you want to become a hunter my website is pretty much dedicated for it. Slowly build up your skills, practice the learned concepts, and participate in public programs in your free time. After you are earning some bucks, and are being invited to the private programs, you might consider switching to it full time.
However, most of the ethical hackers treat the bug bounty hunting as a part time job and aren’t making enough money to quit the job. However, there are superstars that are earning hundreds of thousands dollars annually.
Payouts from some of the companies for critical vulnerabilities might be tens of thousands of dollars. For example, like this one.
While finding that one vulnerability might take months, and it might be wasted time if nothing is found, success stories shows that one can make a living from this.
Method #2 – Get a Job in the Cybersecurity Field
Getting a cybersecurity job can be extremely rewarding. With the cybersecurity specialists shortage worldwide, anyone with enough experience could get a well-paid job.
However, the keyword here is “with enough experience”. Entering the field might be challenging. Even having the well-respected certificates, such as OSCP, might not land you a job. What is also worth having in mind, if you do not have experience in IT, jumping straight into the cybersecurity is a bad idea.
Before switching to the security, you must have solid IT knowledge, be able to understand networking, web applications, programming, and many other things. If you want to be able to find the security flaws, at first you should understand how does the software works. Without that you won’t be a successful specialist.
Ethical hacking is often about the unique perspective. If you are capable to find security vulnerabilities that no one had identified, you will be rewarded. And you will be rewarded well. While the hacking mindset could be learned, if want to get in only because of the money, you won’t succeed.
While this is the salary you can expect in the US, and the pay will probably be lower in the other countries, being a penetration tester is still a very rewarding career.
Method #3 – Create Cybersecurity Content
With the cybersecurity industry booming, there is a demand for a high-quality cybersecurity content. Many people do want to enter the field, and are looking for a way to start. While there is already a lot of great content created, definitely not everything is covered. You can always find a subtopic that lacks educational content.
If you want to make money from hacking, you can choose different forms of content creation:
Make educational videos on YouTube. Later, monetize them with ads
Create your own blog. Bughacking.com is an example how the cybersecurity focused blog might look like
Create courses and sell them. Platforms. such as Udemy already have different cybersecurity courses.
To take an inspiration, these are some of the known content creators of ethical hacking and cybersecurity:
STÖK is a YouTuber that creates hacking content. He hosts bounty Thursdays live sessions where covers news of the bug bounty hunting. He perfectly finds a balance between informativeness and entertainment.
Farah Hawa is an example that you should not be an expert to create a cybersecurity content. She is learning along the way and is teaching the things that she’ve learnt.
TCM Security Academy creates paid educational courses and certifies the penetration testers.
While your beginning might be hard, and this is not a fast way how to make money from hacking, you will slowly build your audience. At the same time, you will be creating a portfolio, that might help you to land new clients.
Method #4 – Become a Freelancer
Just like you can be a freelance developer, you can be a freelance hacker. You might offer different cybersecurity services:
Penetration testing
IT consulting
Red teaming
Risk assessment
Helping companies to recover after a hack
…
When it comes to offering the services, there are various platforms, such as Fiverr, Upwork, Freelancer. You have a choice on what type of projects you want to work. There is a need for a penetration testing of a specific website, that might take you up to a week to finish. And there are big companies that has a lot of work to outsource and has projects running that would take months to finish.
I am not saying that it is easy to get these big clients, but everything is possible. If you have experience and can prove that you have the needed skills, you will definitely find a job. Being a freelancer has its own perks. While you can’t always predict how many gigs you will have, you will have the freedom to choose projects you want to work with. If you are willing to switch from a full-time job to hacking freelancing, do it slowly, and build up the number of clients before quitting your job.
Method #5 – Engage in Criminal Activity (Spoiler Alert: You Will Get Caught and This Does Not Pay It Off)
I’ve added this method ironically, as this is definitely not the way to go. I do not encourage any form of illegal hacking, neither does anyone from the cybersecurity community. Not only this is not morally accepted, but in reality, this does not even pay it off. And I will explain you why.
Participating in a criminal activity requires a deep knowledge of the cybersecurity. Not only that, you must understand how to stay anonymous, and how not to get caught.
It requires such a tremendous skillset, that being on the dark side simply does not pay it off. With these excellent skills you would be able to get a highly paid prestigious job as a cybersecurity specialist in an international company.
And on the contrary, being the bad guy, you would constantly live in a fear, as the big guys, such as FBI, might come to you one day. And it does not matter if you do not live in US, they can come to you, and you would be extradited to the US to stand a trial. Many such cases had occurred in the past. As an example, Russian hacker was extradited from South Korea to the US for a trial.
With the big salary and extra perks that a legal job would provide to you, being criminal does not sound so tempting. And on contrary – ready to microwave your laptop at the middle of the night, being extra paranoid, not being able to tell your activity to anyone, and not trusting anyone.
Simply. Not. Worth. It.
TL: DR – without the excellent skills, you will get caught soon, and won’t earn anything. With the skills you might live for a while without getting caught, but compared to the career in a respected international company, being on the dark side is not worth it.
Conclusion
This is an industry just like any other. There are different ways how to make money from hacking – 9 to 5 job is not the only option. You might become a freelance hacker, might participating in bug bounty programs, create educational content, or just organize trainings. Cybersecurity is an area with a lot of opportunities, especially nowadays. The shortage of specialists and growing number of cyber attacks requires businesses to invest more. And this means more opportunities for the workers.
Encrypting your computer disk is crucial. There is nothing worse than losing your personal data. Not only the data can be used to extort you, but you might immediately experience financial losses. That’s why should know how to encrypt Kali Linux after the installation?
As the Kali Linux is usually used for working with confidential data, it is very important to take care of the security of data stored on your machine. If the findings of the client’s target you are working with will be leaked, the vulnerabilities might be exploited. Which all would result in a serious trouble to your client, and to you.
Encrypting Kali Linux Disk BEFORE Installation
As the Kali Linux is not encrypted by default, you should select the encryption manually.
Encrypting the disk during Kali Linux installation is pretty simple and straightforward. There is a separate option on the Partition Disks page. After selecting this option you will be able to select the disk and set a password.
This is a really simple process. By following this your disk will be encrypted with LVM and LUKS.
However, it is possible that you choose the other option that does not include encryption. Rookie mistake. If you are installing it for the first time, there is a chance that you have missed it.
How to Encrypt Disk of Kali Linux AFTER the Installation
First step of encrypting the disk, is to install the ecryptfs-utils package.
sudo apt-get install ecryptfs-utils
After this, you should boot in recovery mode and execute the following command:
ecryptfs-migrate-home -u user_to_migrate
After the migration, logout and login as your user:
exit
For setting the passphrase, use the following command:
ecryptfs-unwrap-passphrase
After everything is done, reboot. You might then delete the temporary files created by the ecrypt.
Note: this will only encrypt the home directory of your user. But it will not perform full disk encryption. If you want to fully encrypt your Kali Linux disk, it is really easy to do this during the setup.
Login
Budget Version: 8GB RAM, 256GB SSD – A great option if you’re looking for an affordable Kali Linux machine.
Performance Version: 36GB RAM, 1TB SSD – If you need more power for heavier tasks like virtualization, this version is worth considering.
Affordable – Great specs for the price
Performance – The M3 chip is a major upgrade, handling multiple security tools and VMs efficiently.
Battery Life – Lasts up to 18 hours, making it great for work on the go.
Security – Built-in macOS security features, including Secure Enclave, Touch ID, and FileVault encryption.
Portability – Weighing just 2.7 pounds (1.24 kg), it’s perfect for cybersecurity professionals on the move.
macOS lacks native support for some penetration testing tools (Kali Linux, for example, runs better on dedicated Linux machines).
![Dell Inspiron 15 3000 3520 Business Laptop Computer[Windows 11 Pro], 15.6'' FHD Touchscreen, 11th Gen Intel Quad-Core i5-1135G7, 16GB RAM, 1TB PCIe SSD, Numeric Keypad, Wi-Fi, Webcam, HDMI, Black](https://m.media-amazon.com/images/I/51O3nNfyJPL._SL500_.jpg)
