Let me start out by saying, hacking is not a crime.
Mostly by way of media interpolation, hacking has gotten a bad rap. Hacking and attacking have been mixed into a soup of misinformation and when scrounging for a term to describe the latest cybersecurity event, journalists reach for a familiar one: hacker.
Hacking is legal; it serves as a well-paying job and most of all, its process helps secure us and the systems we use. Attackers, on the other hand, are criminals who leverage hacking for malicious intent. They attempt to hurt the systems and networks they hack and, in turn, they hurt people and businesses.
Hacking is not a crime.
Now why emphasize this? Because if you work in IT, InfoSec, Systems Administration, DevOps, DevSecOps, Software Engineering, Software Architecture or the plethora of other technical fields with user responsibility, you should learn how to hack. More specifically, learning the basics of hacking - and especially how to consume results from a security test - will make you and your company safer.
Security can be solved and in large part, it can be solved through education.
The SMB and Enterprise markets share a truth here: if the existing technical staff were to append offensive security as a skill on top of other know-hows, the organization will be safer. At a small business, this may be the difference between staying afloat or not. At a larger one, it could mean significant cost savings.
Learning how to hack doesn’t mean you’ll execute these skills all-day-all-night like Mr. Robot. But it does mean that you will understand the adversarial viewpoint.
You’ll understand how attackers put campaigns together and how they fly under the radar. You’ll also learn how to catch them, how they think and arguably most important, how to execute small security assessments and convert the results into action.
Now, how to get started.
Maybe you’ve been interested in the past.
You may have Googled things like “how to hack” or “how to become a red teamer.” If you have, you were likely inundated with how-to articles, expensive certificate programs and outdated undergraduate programs.
Seems like a lot of work with an outcome that is kind of fuzzy.
After all, you’re not trying to become a red teamer. You’re trying to learn useful skills that can help you at work. As a systems administrator, if you gain the latest “security certificate”, can you use that at work to protect your organization? Or does that open up a new career as a security professional?
At Prelude, we’re taking a different spin at the problem of cybersecurity education.
We don’t want to re-educate you. We don’t want you to memorize dozens of shell commands from the back of index cards to prep for an exam. We want to quickly and efficiently teach you how to think like an adversary, how to execute a basic security assessment and how to pivot those results into easy actions to better secure your workplace.
Now, how do we do it
Pink Badge. Prelude offers a Pink Badge certificate program which takes you through self-paced training modules in order to learn the process red teamers take when performing security assessments.
The 4-week program is free, accessible to all and is completely supported by the security team at Prelude. As a basic training program, Pink Badge is intended for already-technical professionals who have not had (significant) exposure to the world of cybersecurity.
What will the program teach you?
Basic security terminology and how a red team operates, including video demos of hackers executing different parts of the kill chain.
How to get a Remote Access Trojan (RAT) on a target computer. Also, what a RAT actually is.
How to build your first attack.
How to read threat intelligence reports and convert them into actionable adversaries you can execute on a real network.
How to run a basic security assessment and write your findings into a report even your manager at work can act on!
As a result - and aside from new skills - you’ll gain a Pink Badge (certificate) which you can use for proof of continued education at your workplace.
Hacking is not mysterious. It’s not even always that complicated. It is a skill, like any other.
By learning the concepts behind offensive security, we hope that you will take these skills back to work in whatever position you hold. We hope that you will use them for good, not bad. And we hope that your organization, this country and this world are safer because of it.