Hijacking the control systems that manage a city's utilities. Unraveling the mathematical armor of cryptographic algorithms. Eavesdropping on the faint electromagnetic whispers emanating from silicon. The realm of cybersecurity is as interesting as it is vast. But many folks starting out will have the same question: where can I spend my time to start earning money as quickly as possible?
In this article, we will discuss certain subfields of cybersecurity and explain why they may not be suitable for beginners. At the end, we will discuss why web application security testing is likely to be the quickest route in establishing your career and the best return on investment, as there is high demand, and the knowledge required to start making money is less broad in scope.
Cryptography is the study and practice of securing communication and data by transforming it from human-readable plaintext into illegible ciphertext so it is scrambled and unreadable to anyone that it is not intended for. Keep it secret. Keep it safe.
Discoveries of cryptographic failures that enable decryption are incredibly rare, but when they do occur, their impact is historic. You'll be a lecture subject, chapter in a text book, or there will be a movie made about you if you ever manage to crack a popular encryption algorithm.
During WWII, Alan Turing, a British mathematician, was a key figure in cracking the encryption of the German Enigma device. This breakthrough discovery has been credited with significantly shortening the war and saving millions of lives.
To even approach cryptanalysis, you'll need a background in advanced mathematics, including number theory, probability, and algorithmic design. That said, the majority of cryptographic bugs discovered today have little to do with the algorithm itself. Instead, they usually stem from implementation errors such as nonce reuse, insecure key management, or weak randomness.
Overall, there are fewer job opportunities focused specifically on offensive cryptography and the attack surface is narrow in scope.
Hardware hacking involves analyzing, modifying, reverse engineering, or repurposing physical electronic devices to alter their functionality, gain unauthorized access, or better understand how they work. It gives shadowy government agency technician vibes.
In order to get started, you'll need an entire workstation equipped with cutting mats, screwdrivers, flush trimmers, magnifying glasses, multimeters, soldering equipment, and additional specialized tools based on your objectives. To account for the sensitivity of electronic components, you'll also have to take precautions against electrostatic discharge (ESD) when using these tools to avoid damaging the device.
From carefully dismantling devices to probing circuit boards and intercepting signals, every step requires precision, patience, and a solid understanding of electronic theory. Not only does hardware hacking require in-depth technical knowledge, it also requires patience and steady hands.
You must also be familiar with commonly used communication protocols used in hardware devices like UART, SPI, and I2C.
For embedded systems that integrate Wi-Fi or Bluetooth capabilities into devices, you will also need to know about radio frequency transmission and the details of the wireless communication protocols. For Bluetooth Low Energy hacking, this includes the Controller layers that dictate hardware processes and Host layers that control the software processes.
For Wi-Fi hacking, this includes a variety of other concepts such as network interfaces, Medium Access Control (MAC) addresses, Internet Protocol (IP) addresses, wireless access points (WAPs), the Dynamic Host Configuration Protocol (DHCP), the Address Resolution Protocol (ARP), and Network Address Translation (NAT).
Hardware hacking can be expensive too, as testing usually means buying and dismantling multiple devices with the chance of bricking them.
Additionally, even if a vulnerability is discovered, it can be hard to replicate across different hardware revisions.
Because of this, hardware and embedded systems are not the best targets if you’re looking to turn a profit early in your career.
While hacking Android and iOS mobile applications is attractive due to their popularity, the path to testing them is filled with roadblocks.
For both Android and iOS devices, you will need to download and install their official Integrated Development Environments (IDE). These each could warrant an extensive article discussing their features and use cases.
You will also need to know how to properly configure the settings of a device in order to proxy the traffic that mobile applications generate. This is done by adding self-signed SSL/TLS certificates of proxy tools to their stores.
Some applications will only trust preinstalled or explicitly defined certificates in order to prevent this. If this is the case, you will need to bypass these measures by modifying the code in an application package to alter its configuration settings or to inject custom scripts into certain functions that check for certificate validity. This is accomplished using tools such as Frida. This requires decompiling the application packages into their individual resource and modifying platform specific programming languages to hook custom scripts into function calls.
Acquiring Android Package Kits (APKs) for Android applications is relatively straightforward. Numerous websites offer APK downloads, and you can also extract APK files directly from an installed device. In contrast, obtaining iOS application packages (IPAs) is more challenging. Many IPAs downloaded from the App Store are encrypted and without the proper decryption keys (which are securely tied to Apple’s ecosystem) it is extremely difficult to access or analyze their contents.
Beyond the technical barriers, testing them requires a firm grasp of their ecosystem, permission models, local storage practices, encryption methods, and more.
Lab environments can be tricky to configure. Jailbroken or rooted devices are often the only way testing can be performed, and emulators don't always behave like real hardware. Even with elevated permissions, some applications perform security checks to detect if the device has been compromised.
So, although mobile applications are widely popular, bypassing their security models can be challenging, making this another specialty not suitable for beginners.
Binary exploitation involves discovering and leveraging vulnerabilities in compiled software to manipulate its behavior, to execute arbitrary code or gain unauthorized access.
This is one of the most technically demanding disciplines in offensive security. Binary exploitation requires background knowledge in a multitude of concepts such as:
Because compiled binaries are meant for machine interpretation, analyzing and understanding them can be unintuitive and challenging. To write reliable exploits, you'll also need to understand modern mitigations like:
Binary exploitation also requires proficiency with debugging tools like the GNU Project Debugger (GDB), IDA Pro or Ghidra.
Testing can pose yet another hurdle. Even in labs, you'll need to build or acquire vulnerable software, set up isolated systems, and be comfortable with crashing them. Repeatedly.
Binary exploitation requires such a wide breadth of knowledge that it requires years of experience. Something you will obviously not have if you are just entering the industry.
Web application hacking. Unlike the fields we just discussed, web application security testing requires a less intensive foundation of knowledge. You can start making meaningful progress with an understanding of just one protocol, the Hypertext Transfer Protocol, and fundamental web development languages: Hypertext Markup Language (HTML) and JavaScript.
At a basic level, you can conceptualize HTTP as two people exchanging letters:
To conduct basic testing, this a significantly smaller body of information compared to the extensive prerequisites for the security niches previously discussed.
And, since web applications are ubiquitous and handle massive amounts of user data and traffic, companies are highly incentivized to ensure their security.
In fact, the vast majority of security breaches can be attributed to web application vulnerabilities.
In fact, the vast majority of all penetration tests will be focused on web applications, as their vulnerabilities account for 73% of successful breaches in the corporate sector. By being the first to report a valid vulnerability that would impact their business in a negative way, companies with bug bounty programs will pay, and often pay very well for your finding.
Furthermore, the barrier to entry for web application hacking is relatively low. You don't need specialized hardware or complex lab setups. All you really need is a computer and an HTTP proxy toolkit, like Caido and Burp Suite, so you can view, intercept, and modify web traffic. This accessibility makes web application security testing an excellent starting point for anyone looking to get paid for hacking sooner rather than later. It allows you to quickly apply your knowledge, against real-world targets, to find real vulnerabilities that pose a threat to organizations.
To learn how to find target domains to hack on view our guide on advanced reconnaissance techniques!
In short, while the intricacies of cryptography, hardware, mobile, and binary exploitation offer fascinating and impressive challenges, web application security provides a more direct route to earning in the cybersecurity field. With readily available tools and a wealth of online resources, aspiring ethical hackers can quickly begin identifying and reporting vulnerabilities, turning their skills into income sooner rather than later.
