mallio.se https://mallio.se A site of many things The Hacking Project: An Overview https://mallio.se/the-hacking-project-week1.html https://mallio.se/the-hacking-project-week1.html sön 11 okt 2020 15:22:25 CEST The Hacking Project: An Overview

What is ‘The Hacking Project’?

The Hacking Project is a self-directed education where I improve my skills in IT-security with focus on offensive techniques. This is commonly known as hacking.

I’m planning to run this project for about 3 months full time.

Isn’t hacking illegal?

Hacking must not be illegal. The terms Ethical Hacker and White Hat Hacker (among others) describe a hacker that does not engage in illegal activities.

To comply with the law you can:

  • Hack stuff you own yourself.

  • Get someones permission to hack them. This known as Bug Hunting. There are organized events for this that are possible to join. Essentially, companies invite hackers to try to hack them. The hackers get paid for the vulnerabilities they find and return to the company. They can then be fixed before someone with malicious intent finds them.

  • Participate in hacking competitions. These are called “Capture the flag”, abbreviated CTF. The organizer provides targets that can be hacked. The hackers that participate should extract data from the targets. The data is the flag. There is usually some time limit and the hacker with most flags is the winner.

I expect to engage in some of these activities and will probably write more about them later on.

Background

By now I’ve done over 10 years in the trade as a software developer. It’s overall a great job, but some things are really more interesting than others.
To me the most enjoyable moments are when I’m trying to get things to work (that doesn’t work) and when I’m getting past obstacles. These things are at the very core of hacking. I learnt this two years ago when I took a hacking course.

Due to Covid-19, my contract was recently cancelled and I have an upcoming parental leave on the horizon. So right now there is a window of opportunity to take the hacking one step further.

For fun or profit?

The project is roughly divided into 75% fun and 25% profit. The fun-part is there to make sure that whatever I focus on comes from the heart. The profit-part gives me guidelines to follow to make sure I don’t mess around too much. I don’t expect this project to pay my salary in any way.

The guidelines are:

  • I should strive to hack real applications or things. Not settle with toy programs or practice examples.

  • I will plan my activities week-by-week and follow through with the plan. I will conclude each week with a website update similar to this one, see below.

  • The project should result in an IT-security skill that can put on to my CV. Even better would be if I’m able to also practice the skill in a real environment, similar an actual work experience.

As long as I honor these I can choose freely what interests me and focus on that.

There are no goals or expectations related to achievements because I simply do not know how long this journey is. I don’t want to set goals for what I cannot directly control since it might just make me feel stressed or incentivize me to take shortcuts that will inhibit true learning.

The weekly updates

There are two major reasons for writing about this every week:

  • To communicate to the outside world what I’m doing.
    Because of this I want to keep every post at least partly accessible to all readers, independent of background. There might be some obscure technical details but it should still be possible to get the greater picture about what I’m doing and what is on my mind.

  • As a future reference about what I have been doing.

Also, even though this project was the excuse to create a website, I have been thinking about it for some time. My intention is to keep maintaining it after this project is over.

Closing words

That was it. I have finally started. I hope you want to join me on this journey and I hope I should be able to keep things a little bit shorter in the future.

Thank you for reading!

]]>