how to NOT be a hacking noob in 2022 // ft. John Hammond

NetworkChuck (2) · Intermediate ·🔐 Cybersecurity ·4y ago

Key Takeaways

The video features John Hammond, a cybersecurity researcher, discussing how to get started with hacking and cybersecurity, covering topics such as necessary tools and certifications, including OSCP, OSCE, and CEH, as well as the importance of Linux and Python for hackers.

Full Transcript

all right welcome to the well not the network check podcast anymore we're calling the noobs podcast episode one of the noobs podcast episode zero zero one um now if you saw my last video this guy he's uh a new guy who are you uh i am cameron i am chuck's brother hopefully you've seen me before but if you haven't and this is your first time thanks for tuning in glad to have you guys here he's not drinking coffee he's drinking tea in case you're wondering that's why he's not as excited as i am anyway so today again episode zero zero one cameron and i we're gonna get more into hacking in 2022 like we really want to do it um but you know what we're still noobs that's just that's just how it is we we don't devote a ton of time to studying and we really want to take it seriously this year right yeah we want to buckle down and figure out the best path and hopefully hopefully you guys can kind of learn along with us and go along the same path so anyways today on the podcast on the noobs podcast the best person in the world we could think to bring on for episode one mr john hammond uh go and get him on the screen austin hey what's up everybody thanks so much for having me it's good to be here oh absolutely now john before you introduce yourself we already did that for you with a really slick video so uh go ahead and play that for us austin [Music] the illustrious john hammond okay so real quick for those of you who don't know about john hammond first of all where you've been and this is a great introduction to hacking so if you don't know who john hammond is you're definitely a noob john who are you well hey yeah hello my name is john hammond um i'm a cyber security researcher uh i don't know someone that tries to do education and training and content uh i i just like computers i just like technology i just like hacking and cyber security i do it as a day job and i do kind of a youtube thing off on the side i try to host a lot of capture the flag competitions i try to offer training and do talks and presentations and webinars and podcasts and live streams just like this to bring education to people and get folks in the know in cyber security so you are definitely selling yourself short um i know that's you rattle off a lot there but first of all real quick and this might take a minute so if you guys need a coffee break take one tell me what certifications you have just in the hacking space send this to me already well i want people to know like what like it's not ed sheeran here it's it's actually someone better we've already had a few comments there hey look it's ed sheeran yeah certification what you got okay so i am in the double digits and i'll be fully upright with that and transparent i think it it is a baker's dozen it might even be more baker's doesn't being 13. uh but let's see if i can remember them all uh so elearn security side ejpt ecppt uh offensive security side oscp osce when that was a thing os e d osw e o s ep ah and i think i already covered the other one they're new stuff i haven't jumped into yet so the uh pcapp for python programming lfs for linux file system stuff uh security plus way back when um ceh way back when uh did the pmpt the submariner uh they're i'm totally missing another one but but yes we made it at least the double digits so that's a little insane um i've never had double digit certifications in my life um so i just want people to know like we're dealing with someone who you pretty much tried everything in the hacking education space like you know what's out there you know what um what's good what's bad and probably what's the best what the best path is for someone just getting started or trying to figure this journey out so that's what we're dealing with here so i'm just going to jump right into it we're going to talk about some exploits later um some of the big linux things going on we'll pick your brain on some things about the the kind of what's going on with the industry and um also about your uh your youtube exploits youtube exploits and what and what you're doing with that because i think what you do is amazing you hit deeper stuff than i do and i wish i could do what you do i can't so if you haven't subscribed to john hammond you're an idiot go subscribe right now just kidding i love you but still go subscribe to john hammond so real quick john now i've been doing hacking on and off for a little bit but i'm still a noob very much so cameron he knows nothing nothing he's a little swaddling baby so what what does he need to do right now to get started to even like consider getting on the path of john hammond oh super good question uh there are a lot of different ways to take it and truthfully it varies for everyone and honestly my answer to this question changes a lot over time uh because it varies as kind of what you already know or what you might want to start with etc but i think there are a couple core competencies and some that you probably already have uh cameron because i know hey you've been burning through some certifications you're checking out all the good good content here on youtube um so linux is absolute necessity uh and python is one absolute necessity in my mind and the linux being an operating system right linux being a lot like windows kind of a different variation for free open source software uh much more fine-tuned and tailored for developers for programming for coding and you might say it's a good question that comes following that like hey do i have to be a programmer if i want to be a hacker yeah like how how deep do we have to go with python like it's like if you think have you ever used codecademy that website that teach so like um they have their like python one and they take you all the way to like learning how to use functions and um what's the last thing they teach you like is it i forget i think it's classes classes they go all the way to classes and learning everything before that so do you need to go much more beyond that or do you have to go a bit deeper so you don't need to go much further beyond that when people ask the question do i need to learn programming or coding to be a hacker i always say no but with an asterisk like with a little disclaimer and a footnote that like you should learn some programming and coding and scripting but you don't need to learn absolutely everything you don't need to master every single language you don't need to build the next great app or anything fancy i am not by any means like a software engineer or architect i i can't do that i can't make a giant hey supports millions of users program an application but i can script i can i can write a loop that might brute force passwords right or might try all the different potential characters that might hey cause some sort of blind sequel vulnerability or inject to happen and you don't need to learn you don't need to know a whole lot of hardcore complex programming concepts for that you just need to know the basic concepts what's a variable what's a function how can i figure this conditional loop into something else those are the things that take a lot of practice but i don't think there's any better way to do it than trying to do it trying to hack kind of working some projects trying to you know fire off some exploits now as far as linux is concerned what do you recommend is the best uh distro to use to learn ooh that is a heated debate my friend uh it's an interesting can of worms because a lot of folks folks might say hey fire up kali linux and then you're a hacker right which is you are right that's how that works that's what i've been telling people so i actually really like this perspective and it's a really cool talking point uh kali linux is a linux distribution that is loaded up with security testing tools and programs and applications that make your life easier if you want to be a hacker if you want to be a penetration tester if you want to do bug bounty if you're going to capture the flag all that stuff it's nice that it's all ready in there for you and that's a good thing that helps you learn right away how to use those tools and how to do those things but i tend to use ubuntu like ubuntu linux and some folks might see that in videos and some folks might even ask like hey john why are you using ubuntu when you could have been using cali or paired os or distribution yeah come on why aren't you running build your [Laughter] oh sorry oh no go ahead go ahead i i think it's really valuable to learn how to install those tools and learn how to configure those tools and watch and see them break because then you'll be able to figure out how to fix them and you'll be able to troubleshoot and understand oh what are the packages what are the repositories how does this all work within linux uh so maybe a little bit of banging your head against the wall trying to get things together in ubuntu is still really worthwhile for your own learning and your own growth yeah i definitely think i've ran into that a lot where you get something like parrot or cali and it's like here's what you use for hacking here's all these tools and you're like all right now what do i do because you have it's like sensory overload with everything they do provide in those distros yeah i will have to say that i enjoy using cali and once once i know what tools i need to use normally i'm like okay that's gonna be in cali i'll just spin up cali real quick but going through and like setting up my own ubuntu and going oh i need to install this from git or i need to you know install this via apt doing that is part of the learning process and i don't think people should skip that that is essential yeah it's it's amazing how much i mean because okay let's talk about this real quick so you've mentioned like okay getting into hacking some prereqs linux and python even some people right now are like bro i i can barely turn on my computer like what what do i need before that would you say like a a help desk level of knowledge would be good enough to start taking that journey what what do what do you think someone needs because like i know a man i get people all the time who just they they don't even have a help desk level knowledge like oh i want to get into hacking and they're like man i you said linux and i had to google that so what what do you what do you think is the prerequisite knowledge to even start that that journey with that you're mentioning oh an another good uh conversation there because i oh we're gonna hit you up so i know there is a approach to getting into infosec or getting into cyber security right um and some folks say like hey you know what i climbed the ladder i started at this help desk job i got into this it network engineer and then i got into this hey junior penetration tester role and now i'm like top dog now i'm running the team yes that is that is a way to do it that is absolutely a path and i agree and i honor and respect that at the same time i think there is a lot of value in you going after the things that you want to do and you're interested in so to answer your real question there what about the prerequisites for even hey i don't know the difference between a mouse and a keyboard google yeah as you mentioned and knowing how to use a computer knowing how to navigate knowing how to use those keyboard shortcuts to make your life easier knowing how to i said google and research but i don't know knowing the parts of the computer knowing networking knowing hey this is an ip address this is a subnet this is a blah blah blah i think you don't need to suffer through the textbooks to do that at the very start i think if you are just really fascinated and interesting in ethical hacking then that knowledge will come it'll it'll come slowly if you don't get that hey sit through the textbooks and draw them through the lectures but it will happen i i'd be interested in your take there network chuck and cameron if i could like you guys obviously both come from a networking background has that helped you and what you're learning and hacking is that totally cool for me to ask oh yeah completely so yeah i will say that um knowing networking like holy crap yeah like a lot of the networking attacks i'm like oh yeah i know how that's working like tcp man in the middle yeah i got this i i can cover that it's when we start using the tools and like manipulating things and like um just doing these random things i didn't even know were possible because i it's it is a different mindset coming from the building the securing the fixing then going to like oh how do we break that that's that's really and that's one of the reasons i wanted to get into hacking i'm like this is this is really fun and it's and and hacking is almost the entire industry is almost gamified which i love i love that mentality yeah knowing hacking or no knowing networking definitely helps on camera you're just now starting so how is your networking and even cloud knowledge helps you kind of along the way yeah it's definitely helped a lot i before i was doing anything cloud related i knew nothing about like windows server or linux server administration so learning linux skills and learning window skills in more depth has really helped a lot but definitely when i first looked at it i think one of the first things that was going through try hack me one of the first things they send you through is like network fundamentals which i think is really really easy because well i would hope so he has a ccna actually your ccna just expired didn't it yeah in june are you going to renew no um so yeah john i guess that's the next question is um i mean have you did you ever get your ccna i mean you probably just woke up with your oscp and you're in the crib no uh i'll be honest i i wish i had more of that networking like fundament like the foundation really there i don't have my ccna i don't have i don't even know the acronyms i'll be i don't know the ccie the the csent you mentioned i don't know oh that one died a long time yeah no yeah so okay interesting interesting so what you know i guess what would help me and maybe maybe those out there is let's let's dive into john's history john how did cause like you're you're not an old guy like how old are you well if you don't mind answering how if you don't mind doxing yourself how old are you yeah if i'm not already a a walking docks this should stay on the network chalk channel so all you john hammond viewers don't go tell other people uh yeah yeah yeah i'm 25. so 25 25. so i'm i'll dox myself with you so you're not alone i'm 32. and um you are so far ahead of the game and stupid so i want to know the path you took and and and i guess even diving deeper what drove you and because like i've seen pictures of you when you look like you were you just left the lunchroom in school and you went to a ctf and were like the boss so what how how did this even happen where did you start and what drove you to keep going like this so can i tell the long story is that okay and you guys can like speed run me or like hey john hurry up if i'm if i'm taking too long is that all right oh yeah well just a little bit we'll tell you we'll tell you when you're boring don't worry [Laughter] i was a kiddo right one time at band camp no i'm kidding um i wanted to go to school and i wanted to go to college and i wanted to do cool tech stuff you know every kid says i want to make video games or i want to be a hacker often times and at least in my case the school the high school that i went to didn't have a curriculum or a program for that thing uh and this was a annoying uh and i thought all right well what about college maybe i'll find that for undergrad for my education that i'm in the funnel and people say that kids are supposed to do that so i guess i'll go do that but i don't want to pay for it i don't like having looming debt and all that i don't like money so i thought you know what let's go to one of the military service academies one of the united states like hey armed forces navy air force coast guard any of those and i tried to apply to all those i wanted to go to the air force academy i want to go to naval academy i wanted to go to west point coast guard i actually got some nominations for navy and air force which i was super super happy about but they didn't say yes uh coast guard said yes now coast guard is maybe not as far ahead in cyber security as is air force or army is that fair to say i don't think i'm getting anyone too upset uh so coast guard didn't have a computer science program or major or study didn't have a cyber security program or anything to study that so it was again in that problem where dang we just don't have the resources and material ready and it's not easy for us to latch onto it and play so at that point you already knew you wanted to become like something in the cyber security realm yeah so i grew up uh and was into more of the creating and building mindset i asked for my i asked like for my birthday when i turned 10 or something i told my dad dude i want a website because i thought it was cool so he taught me html he taught me css uh and i thought sweet now i can have a website uh is your dad so my dad is actually a network engineer actually insists administrator okay yeah so let me start it so our data is a system admin more focused on vm wear stuff so yeah i mean it kind of just bleeds into your life yeah uh but i knew it was continuous no so no i'm sorry i knew hey once i had a website a dad now i have to have a server so he got me this like old school uh like turbo linux dell ancient dinosaur uh and it was cool it was fun and that was that's what started the snowball of like learning html learning programming learning linux but it was never in the sense of security it wasn't until i got into the coast guard and the military aspect that it turned not to not to just building things but breaking things so there was a competition there was an event there was a sport so to say uh like an olympic-style event of hacking for across all the different service academies and it was like hey we'll test the cadets in midshipmen how good they are at web application security or how good they are at cryptography or forensics or binary exploitation and stuff like that and i didn't know it at the time but i was going to go play and participate in this thing it was really cool we all got to go to like philadelphia or something i don't know it was where they filmed silence of the lambs which is a weird fun fact uh i appreciate it yeah yeah and we played in this competition which i now know was a capture of the flag event uh and we were at the bottom of the scoreboard because we were completely new to this we were the others were noobs yeah we were noobs and i don't know that the people that were hosting the event were the team from for all secure um and the folks that are part of the plaid parliament of pwning capture the flag team so for folks in the audience that might know and perk up at that name that's like the number one team in the consistently winning defcon the world series of hacking uh and i was standing in front of and having dinner with tyler nicewander who's like god among men wizard in cyber security and capture the flag and i had no idea but i asked him how do i get better at this so real quick so i'm going to interrupt you here i'm going to stop here so i'll first i want to comment the fact that hacking's amazing like just the fact that there's competitions where like you can be on a team kind of like gaming and and compete with your knowledge that also translates to a career with money is insane i mean they i didn't know this was a thing like when i became a help desk engineer then a system admin and then a network engineer i mean first of all there's no competition it's like that's not like i'm like okay this is boring i mean it's so i love network engineering but i'm not like competing which by the way they should have that but i don't think it's popular enough to have that um because it's all going to the cloud anyway but seriously that's amazing i never knew about that so real quick just for people who don't know what a ctf is because like man that's that's a weird thing like capture the flag they know what that is like they play call of duty or whatever and that's that's like a one of the maps what is it in the hacking realm yeah thank you for for keeping me honest there i know i was just kind of steamrolling without explaining that one so a capture the flag is a game uh it is a sport it is a competition but it's not a real world sport uh you're kind of sitting at your keyboard and typing away and solving problems within cyber security like hey can i break into this website and when they say capture the flag they mean some sort of key or some sort of token that is the flag that is the reward that you use as proof that you accomplished this task hey i broke the cryptography i hacked into this website i found the secret sensitive information and here is my token to prove that i have accomplished that the more of those flags you capture the more points you get and there's a leaderboard there's a scoreboard keeping track of hey who's doing what who's winning and you can benchmark your progress against everyone else playing so you have a lot of fun with that because it has a little competitive edge and you're learning like you're trying to learn new technology or see a new software stack or things that you haven't been familiar with before so that's the love and lore of capture the flag which is still it's amazing to me that's a thing and i love that which is why i steer more people towards that because it's it's such an amazing opportunity but anyways people are getting mad that i interrupted your story so pick back up where you you met the most famous ctf hacker in the world and go from there so i the gist of that was that we sucked we were at the bottom uh and it was like man i want to get better like this was so cool how do i improve because i'm in a spot where i don't have the resources but i don't have like you know the formal education in academia wasn't bolstering me up the way that i was hoping for so when i asked these people they said like go online and you'll find stuff like ctftime.org uh you'll see things like smash the stack or ring zero or you'll see things like over the wire try hack me and hack the box which came later now but what we learned are war games we're like always on cyber ranges where you can practice uh and you've showcased these before and uh chuck and cameron on your stuff hey you're working through a hack-the-box thing or you're playing and try hack me and that gives you that practice it might not be hey there's a goal and prize for a weekend competition it's not a vanilla and cookie cutter capsule flag but it's an always-on game that you can sharpen your skills with and in academia i had the time to stay up late and avoid obligations and i would grind on capture the flag and war games and stuff like that just try and practice just try and learn and it was fun and that's what kept me going so would you say that you learned more from doing this than like a i don't know if you you said you got your degree was it in like it's just like a a normal comp sci degree not like cyber security angled or anything yeah so i i studied um electrical engineering because that was the closest thing they had but it was like systems and signals uh nothing that i use in my actual life and you and you finish that degree i assume so i got it's funny story can of worms i got to the fourth year uh and it was a week before graduation and slipped away didn't graduate but four years of education so undergrad whatever nice so i i guess so i assume i assume that you were learning more from the ctfs than you were in your classroom or probably any classroom you've been in before just because you were you were learning and doing and and hitting walls but getting past those i assume that's the process right yes yeah and and i know sometimes that's kind of a hard pill to swallow like we'd like the easy button but no i i learned more out of the classroom than i did in the classroom just me personally so okay so we're going through the history of john hammond now real quick guys just so you know this live stream will be saved we're going to have that in a nice edited format on the noobs youtube channel and it's still growing and building up so if you want to subscribe to that go and check the link below um but anyways now back to john hammond john so john you started doing ctfs you graduated with something i don't know if you finished it or not and then you kept hacking um after that what did your life look like did you start looking for a cyber security job immediately after the coast guard or what did you do yeah so this is where i'll get into a little bit of uh career advice if that's totally a-okay um because i'll throw up we'll accept it yeah all throughout this thing that i was doing uh undergrad and learning hacking and capture the flag was this youtube presence that i kind of had and i was trying to grow a cohort of peers at that universe at the college to try and get better at cyber security so i would make write-ups and i would try to blog or write articles on all those war games and practice scenarios that i was going through so i had a a body of work to show on youtube and all these things and like kind of teaching my peers how to get into this how to do cyber security how to be a hacker and when i was now out and about looking for a job looking for a gig looking for something to you know pay the bills uh i somehow got referred to a uh training academy like for learning and teaching cyber security so i was chatting with them and they had kind of knew about hey what i could do because i was able to show them this body of work i was able to show them everything that i'd done in the past and that kind of helped prove my merit and my competency so they brought me on board as an instructor like as a subject matter expert and i'm just a stupid kid right out of school and i don't i don't i don't know it sounds so silly and it sounds so dumb and i feel weird when i tell the story because it's a little braggadocio but like hey your first role could be a teacher you could be a senior pentester if you prove that effort and that merit in that competency now i i hold the weird opinion about being a like an expert and then being a teacher and um so i'm curious do you think you were a better teacher because you didn't know everything yes and this will be a breadcrumb if i'm willing to add it in as there are no experts in cyber security i'll i'll never call myself an expert i don't think you you can't you can't be you're just making everyone [Laughter] there's just so much out there right like cryptocurrency artificial intelligence machine learning binary stuff low level assembly and processors i can't i humanly can't i don't know about you oh no i i i don't sleep yeah it's hard so okay um you you got this job instructing which i think goodness i i've said this before on my channel the best way to learn anything is teaching it 100 it is because once you reading something you can read it and passively understand it but to have to take that hard concept and explain it simply to someone else that's a whole different ball game you have to know that thing inside and out that's the best way to learn so to john's point about a career and i know you're going there with this point the best way to kind of start getting your career started is just to start documenting like you don't have to be a genius you don't have to be the expert hacker but just do one thing make a blog post about what you're learning today yeah sure there might be 20 000 other people doing that same blog post it doesn't matter they're not going to put that on your resume put that on your resume and that's what people are going to see you're the hiring manager you're going to see when you put that in there so anyways i digress go ahead john what happened after that oh geez we're still going well yeah yeah because because right now i mean you're you're a young guy and i'd say like you're one of the most prominent people at least i know about in the hacking space you have this incredibly successful youtube channel you're doing all this crazy stuff you have every certification under the sun so i think i want to see how you guys where you are now and then also kind of get into the the drive how do you keep yourself um inspired and up to date and uh yeah yeah go for that i think that's enough okay cool thank you and i i really appreciate you i don't know just the interest so thank you um i can continue to tell the story and that'll get us closer to the answer to that question um i was at that role uh as a teacher with the department of defense cyber training academy so that was more in the government military space coming out of the coast guard and that was fun and it was cool but it was teaching it was hey you're up on the podium for eight hours a day trying to entertain students and keep them awake and you know make sure they still got a pulse because you're droning on the lecture right so i felt like i was riding a unicycle and just trying to juggle to keep these folks with it it wasn't always the most fun so i thought you know what i still want to go do this stuff i want to be a part of cyber security and be an operator go be that hacker go be that penetration tester so i moved on to a different gig with the defense threat reduction agency which sounded so cool hey we're going to go be hackers we're going to do the spooky squirrely you know high speed low drag stuff let's go hack like nukes or stuff that's like oh man we get we got to have a high clearance or something shenanigans this got me demonetized man we're past 60 seconds it's fine no that's true you're right you're right i'm seasoned so that was cool i did that for a little bit but it was kind of sitting around in a top-secret space with no windows but we didn't have authority we weren't able to do much so that was hard to you know live with it's like i go to work but i don't do anything there so i didn't stay there for all that long and i'll be completely honest but the next opportunity that came about was out of the government and military bubble and it was uh the role that i'm at right now and i'm still there and i'm going to stay here for a while because i gosh darn love it but it's it's cyber security for the 99 it's cyber security for small to medium businesses or mid-market organizations that don't have a government or military budget and they're getting hacked left and right uh so it's weird when we say hey i want to get into penetration testing and i want to be an ethical hacker think about the other side of that the people that are getting hacked how do they do their defense how do they protect their own organizations and endpoints and security so the stuff that you might learn the stuff that i learned that when you're trying to be more on the red team or act as the adversary go be the hacker that's all great knowledge to have but i find a lot of fulfillment and a lot of meaning and like hey we're gonna go use that for good by protecting and building up organizations so this is how you don't get hacked because all the techniques all the exploits and all the all the vulnerabilities that i would beat up i can't beat them up anymore because i was able to use that knowledge to fix the problems rather than exploit them it's such a weird duality and i love it that's the red team versus blue team you hear purple team and all those shenanigans but it's so it's so funny when people say john you're a hacker you're a red teamer i actually think i'm i think i'm a blue teamer now i don't know it sounds like you're purple in a way i don't know so i mean so you're you're helping companies that i used to work for like i we didn't have dedicated security staff i go i was the network engineer i was the windows admin i was the help desk guy sometimes when they were at lunch and when it came down to a hack like i had to figure that junk out one person they had right yeah like one of like two and and it was the worst so um so you essentially help these companies out like you you come in and like help them i guess do a penetration test and and then build up their security in a way so truthfully my role is a lot of uh incident response um and manage threat detection so when more managed detection than it is incident response uh we sort of just do that because it's fun uh when we see malware on an endpoint when we see hacker activity like oh there's there's a back door or there's some persistent access with an implant or a hook on the computer we'll notify that that business and that organization and we'll help them get it out so it's really cool and really interesting because it takes all the stuff that i learned in capture the flag and makes it more real world and i hate i hate that terminology when people talk about that because sure ctf could be a game it could be a puzzle or a toy but you still learn real world things and when you do it for a day job of is this organization going to get hacked or not and how can i prevent that you see the techniques that you learn there and it brings it to a whole nother level when you're talking about ransomware you're talking about actual malware actual denial of service attacks actual website defacement bots and remote access trojans mining for cryptocurrency weird weird stuff right and i think that's a cool bridge to cross and i'm really happy with that that's what motivates me now is i feel like i'm making a difference doing the cyber security stuff both in educating people and bringing the right security stuff to the right people that's amazing so with um with ctfs i i think it's a great example of like okay do you think cts prepared you for the job you have now and i i i'm assuming yes because you're here um and that's what you love doing but was there a big learning curve going from the ctf mentality to doing what you do now oh you asked two antithetical questions right beside each other [Laughter] and come on out of this one yes i i do feel the ctf's prepared me uh for what i do and for everything that it kind of came along my way uh and no i didn't feel like i needed a whole lot else which is weird because there's the conversation of oh are ctf's just a game are they not real world enough there's a really good tweet and i saw some folks uh chatting about it in the in the live chat for the stream here ipsec another creator another great hacker had tweeted yeah and said out lied out loud publicly like look capture the flag is what got me my job that's where it got me where i am today like back in x however many years ago i didn't know anything about cyber security i didn't know anything about hacking or vulnerabilities or exploits or any of this stuff capture the flag is what got me there when i took my offensive security certified professional the oscp that people the certification that folks considered like the holy grail of the industry for some reason they oh i'm sorry we'll talk about that here in a second i passed my oscp because i played so many capture the flag events okay okay so yeah we're going to touch on that here in a bit um so first this is probably most important question we're going to ask you um who do you like being compared to the most ed sheeran or seth rogen because i've seen like at least 15 of those in the chat i'm saying yeah so at the ed sheeran makes more sense to me i guess the seth rogen i kind of see it but not as much as the as the ed sheeran okay okay yeah i don't see the ed sheeran that much but i definitely see really i i it depends i feel like when you're when you're talking and you're getting excited seth rogen comes up seth rogen comes out when you're when you're just sitting there looking pretty ed sheeran's there yeah but anyways on to um less important things um this is a question i get asked all the time and i think i asked you this last time but it's okay new people new new crowd totally someone coming in to like i i there's so many people who watch my channel who are in this the stage they hate their job maybe they're a plumber maybe they're in sales maybe they are a doctor i don't know they hate their job and they think cyber security looks incredible what do they need to do like tonight to start taking those steps to become a hacker for a lack of a better term and let's let's assume they were a nerd in high school and they know what a computer is maybe they built one maybe they have let's okay they have a gaming computer that they built themselves that's the starting the starting level of knowledge what do they do uh no pressure yeah i mean i feel like this is like the penultimate question um create a virtual machine uh and install ubuntu linux and create a try hack me account or hack the box account connect to their vpn and get started on a room or a box or something to hack keep google open because you're going to google around a lot and while you're at it there's one article that i would recommend you read there is a how to become a hacker by eric s raymond and i think that is a really really good one uh for getting your mentality right for what you're learning what you're studying what you're becoming it's genuinely an article on a blog post called how to become a hacker and it has all the right stuff that's i think what got me off on the right foot oh fantastic austin remember that we're going to put that in the show notes all right yeah so okay that's incredible advice first of all yeah i got a video on virtual machines if you guys are curious about how to do that um but anyways beyond that uh so they start learning and they start going down that path um what do you i guess i kind of hit the wall too where it's it gets overwhelming at some points like you the beginner labs are like okay networking cool linux cool i can get past that when you hit those like really really hard things like whoa i wasn't ready for that like trying to jump into a hack the box room was like ah do you just brute force through it do you watch some ipsec's videos or do you just suggest going back to the basics this is a hot topic and this is where it shows how i'm i'm a noob just as well when you're learning i don't think there is any shame in looking at the solutions like if you're trying to ride a bike you're not gonna go without the training wheels on for the very first couple of runs right like it's totally okay to peek at the solution to get past whatever wall or to see what new technology you just weren't even looking at because you didn't know was a thing it didn't exist in your mind so you weren't able to go enumerate or go find that or go learn something in that regard if you're not like playing in a competition or something hardcore and intense right now if you're just learning for the sake of learning go check out ipsec in his walkthrough video or go look at the blog posts and articles that someone already wrote a year ago when they worked through this box this machine or this task i don't think there's a big issue in that because you're learning like you're trying to get better and one day the next time you're playing this for a competition for a tournament or you're doing it for your real work and your job you don't know that there is an answer out there you don't know if this thing is vulnerable or not well you practice you've prepped you've been you've been worth the training wheels for so long that now you don't need him anymore and i think that's my perspective if you're banging your head against the wall do it for a little bit but not so much that you bog yourself down and want to give up right excellent advice and by the way i love interviewing other youtubers because when you're on you're on like i feel like i'm watching one of your videos i'm like yeah yeah continue can i pause this oh wait no we're live so it's definitely fun um where did my question i was going to ask you go hmm oh that was what it was okay so we talked a lot about ctfs and we talked about hack the box which with if those of you who don't know what hack the box is if you're watching don't know what the box is it's basically they give you a computer or a room that you can you're allowed to hack and it's designed to be hacked and you learn so much in the process and some of them are like beginning starting easy right they get crazy hard and that's why we have people like ipsec and other people in community who do walkthroughs because they are hard and ipsec's videos are long that's how hard they are so that's a cool thing to do and i love that about the hacking community but now i want to talk about my personal favorite thing and that's certifications and i know this this is so hotly debated in the community but you have all of them so where where do you stand on certifications versus i guess i wouldn't say versus ctfs but how do they weigh against each other and do you still recommend people go for certifications and let's say someone like me who's has an i.t background cloud networking if i want to jump into ethical hacking where do i start yeah do you i understand there's there's a try hack me and all that that have fantastic um paths they draw out for you which is amazing but do we still need to go for those certifications that have a path as well that give you a holistic learning opportunity what do you say so i think this is a question for yourself and what you want to do for your job or where you are in in your career right uh if if you're just getting started in the field and trying to find your footing with a new role or opportunity your very first roller opportunity having a certification will get your foot in the door hands down like there's no arguing that in my mind having that something on the on the resume just a check box just a notch on the belt just say yep i did it that's great better question when hacker one hires somebody when you hire someone for your team do you care if they have a certification some companies do some companies don't you know uh let's say i was going for the first opportunity that i had in my career the training academy one you remember that one i needed to have uh security plus or they wouldn't hire me because they had regulations they had the standard they had something that they needed to meet that i needed to be iat level two blah blah blah so i had six months as a grace period to go get that certification and i understood and respected and realized that i needed to do that for the penetration testing company or the next gig that i was looking at to be a hacker and go do some of that spooky squirrely stuff they wanted to see a lot more of those hardcore low-level exploit work like oscp and osed and osc and all those the company that i'm at right now kind of startupy not under the same regulation necessities we don't care what certifications you have we just want to see your merit it depends where you go and what you do i will say that it helps you no matter what the same way that going for formal education helps you it might not be the end all be all but they do augment who you can present yourself as do you need 12 no i've probably gone way overboard okay okay that was that was a fantastic answer um so let's assume that most of the jobs out there and i don't know the ratio but most the jobs out there are more um not not um startup style and and that's that's where most of the jobs are going to be is is bigger companies who maybe really do care about certifications from security plus which you know is going to have that government regulation required situation and then higher ones as well um let's say someone that's that's their goal they want to get that job whether it's a red team penetration tester or they don't care they just want to be in cyber security what would you recommend as their first certification now i asked you this last year i remember we kicked around a few things but things have changed i'm assuming so actually it wasn't last year was 2020. my goodness time flies so what would be what should be cameron like i don't i still don't have a hacking certification i'm lazy so i'm going to change that this year what should be me and cameron's first attempt at a certification what should it be we're going to we're going to be your students right now what should we do oh no oh no and if i don't get that job it's your fault no i'm just kidding i'm trying to think of a accurate and precise answer for you it's okay we'll wait for you google is always a right there [Laughter] yeah google my answer real quick what does the world think pretty yeah let's just look at the 2020 video we can come back to it if you want yeah yeah if that's all right i will let that simmer for just a little bit and i hope you realize like dude john's not coming up with an answer because i'm genuinely trying to think of like what is the best thing that is so broadly applicable that it will fill that void for as much as possible it it's really tough i see a lot of answers in the chat for ejpt so folks that don't know ejpt was the elearn security junior penetration tester i'll just fill these gaps in if that's okay um oh yeah yeah yeah and maybe and then this will be more helpful to answer your question maybe snipe out the ones that you shouldn't get okay shoot i'm gonna offend to people it's okay you know what we're we're way way past that come on let's go yeah john you've already done the damage right um i i i don't hold a lot of water to ceh um i don't hold a lot of water to security plus shots fired that was a one right now i'm burned [Laughter] oscp has started to flip-flop oh no ej pt is great but i think it's fallen away i don't even know there is the the pnpt right the the cyber mentor thing that's up and coming still gaining its ground is did we run out like is the world i'm struggling to find another cert that we haven't mentioned yeah so the answer is don't get one because they all suck so the sand stuff gcih that's a good one but it's like ungodly expensive yeah yeah yeah we're gonna be here all night guys you know what if you're game for it i don't know i i just well i have this much coffee left so uh that's how that's your timer okay so so um ejpt which is the one i've i've been eyeing because like i know last time we talked it was it was good and um and elearn was recently purchased by ine and um it sounds like you know that that may have may have not been the best thing i don't know um so interesting so ejpc is out ceh already knew that security plus it's it's good for i think i t people and to check a box um but then yeah uh the cyber mentor stuff i don't know anything about that one really but i know he's getting some traction in circles so if we forget uh about the marketability of assert how's the knowledge in that one oh for the pnpt yeah yeah and he does he have a couple of those knowledge or just the pmpt cnn certification um and oh so i i took pnpt that is the last cert that i've achieved just very recently at the end of 2021 so just last month i guess uh and that cert focuses on active directory but not active directory and that like hey you're taking advantage of forest trusts and uh generic right generic all right tackle shenanigans for permissions and privileges it it showcases and harps on mistaken user education like bad passwords and password reuse and some of the shenanigans of hey if a domain controller trusts this device you could grab one ticket or another so it's taking advantage of natural windows kind of miscuration misconfigurations and flaws uh bundled with just human stupidity which is a real vulnerability right that's that's almost i mean yeah if you were to go back to my previous company where i was the admin they'd be riddled with those yeah so i totally understand that and i a lot of folks really really like that a lot of folks that really enjoy that um i think i i see and hear one mantra of hey that exam isn't ctf like as if ctf like is some blemish i actually haven't said this publicly yet but i think it's a worthy worthy thing to note i think there is an element of it that is very ctf like in a weird way uh because it's something that you have to look for and you have to know that you're going to look for that and then it leads you back down the track of okay bad passwords etc but it's really hard to this is the maybe the correct answer to the question that we keep getting closer to it's really hard to find training and education that fits what everyone wants and what feels like they need when you keep trying to ask hey what's the best certification to get there isn't one and we literally just dragged ourselves through that epiphany so experimenting in everything that you can uh exposing to so many different things and absorbing education like a sponge maybe that's the best thing to do because maybe that's the best that we can do okay so that's um i wanted more than that no no no i can't expect anything better than the right answer and that is the right answer you're i mean so let's maybe look at it from different perspective knowledge wise is confusing um now as far as marketability for the job market what would be the best one it may not maybe not best maybe what's the like a few of them that would look really good on a resume that would help someone get a job like is it verifies an adequate number of skills that someone would feel comfortable hiring that person so the easiest thing uh if they were doing just that hr bypass is gotta be security plus uh it's gotta be oscp pentest plus is in there just as well uh i think you could get by with ceh too but those are the things th

Original Description

@John Hammond is going to teach us how to hack and stop being noobs. Listin on Spotify: https://ntck.co/noobspod 🔥🔥Become a Member!!: https://ntck.co/Premium 🔥🔥 ☕☕ COFFEE and MERCH: https://ntck.co/coffee
Watch on YouTube ↗ (saves to browser)
Sign in to unlock AI tutor explanation · ⚡30

Playlist

Uploads from NetworkChuck (2) · NetworkChuck (2) · 1 of 37

← Previous Next →
how to NOT be a hacking noob in 2022 // ft. John Hammond
how to NOT be a hacking noob in 2022 // ft. John Hammond
NetworkChuck (2)
2 noobs Q&A with NetworkChuck and Cameron
noobs Q&A with NetworkChuck and Cameron
NetworkChuck (2)
3 He put all his money in NFTs and crypto // ft. Knox Hutchinson
He put all his money in NFTs and crypto // ft. Knox Hutchinson
NetworkChuck (2)
4 why David Bombal became a hacker
why David Bombal became a hacker
NetworkChuck (2)
5 How to go from a Hacking noob to a John Hammond
How to go from a Hacking noob to a John Hammond
NetworkChuck (2)
6 LINUX saved his life! // ft. Shawn Powers
LINUX saved his life! // ft. Shawn Powers
NetworkChuck (2)
7 Do I need to learn coding to be a Hacker?
Do I need to learn coding to be a Hacker?
NetworkChuck (2)
8 The best Linux distro to learn to become a hacker
The best Linux distro to learn to become a hacker
NetworkChuck (2)
9 What skills do I need to start hacking??
What skills do I need to start hacking??
NetworkChuck (2)
10 Does knowing networking make hacking easier??
Does knowing networking make hacking easier??
NetworkChuck (2)
11 What is a hacking CTF?
What is a hacking CTF?
NetworkChuck (2)
12 What does a threat analyst do?
What does a threat analyst do?
NetworkChuck (2)
13 Do CTFs prepare you to be hacker?
Do CTFs prepare you to be hacker?
NetworkChuck (2)
14 Ed Sheeran or Seth Rogen?
Ed Sheeran or Seth Rogen?
NetworkChuck (2)
15 The first thing to do when learning hacking
The first thing to do when learning hacking
NetworkChuck (2)
16 Cheating is okay (As long as you are learning)
Cheating is okay (As long as you are learning)
NetworkChuck (2)
17 talking with HakLuke (Hacker and creator of Hakrawler and other tools)
talking with HakLuke (Hacker and creator of Hakrawler and other tools)
NetworkChuck (2)
18 How to get a job in IT (according to the experts)
How to get a job in IT (according to the experts)
NetworkChuck (2)
19 Home Assistant made their own Alexa!!
Home Assistant made their own Alexa!!
NetworkChuck (2)
20 Is the NEW CompTIA A+ Exam Worth It? (220-1201 and 220-1202)
Is the NEW CompTIA A+ Exam Worth It? (220-1201 and 220-1202)
NetworkChuck (2)
21 How I Accidentally Created a Viral Meme Coin
How I Accidentally Created a Viral Meme Coin
NetworkChuck (2)
22 How I handle multiple Python Versions (pyenv)
How I handle multiple Python Versions (pyenv)
NetworkChuck (2)
23 how to host Open WebUI locally (self-hosted AI Hub)
how to host Open WebUI locally (self-hosted AI Hub)
NetworkChuck (2)
24 Turn Open WebUI into a real website (Domain + SSL)
Turn Open WebUI into a real website (Domain + SSL)
NetworkChuck (2)
25 How to Run n8n Locally (Full On-Premise Setup Tutorial)
How to Run n8n Locally (Full On-Premise Setup Tutorial)
NetworkChuck (2)
26 This Man Taught Me Everything I Know (Jeremy Cioara interview)
This Man Taught Me Everything I Know (Jeremy Cioara interview)
NetworkChuck (2)
27 The AI Attack Blueprint (Interview with Jason Haddix)
The AI Attack Blueprint (Interview with Jason Haddix)
NetworkChuck
28 The Telos Method Explained (ft. Daniel Miessler)
The Telos Method Explained (ft. Daniel Miessler)
NetworkChuck
29 How Long Do Network Engineers Have Left?
How Long Do Network Engineers Have Left?
NetworkChuck
30 Cisco's Certification Director Explains the Future of CCNA
Cisco's Certification Director Explains the Future of CCNA
NetworkChuck
31 From Engineer to YouTube Pioneer (David Bombal's Story)
From Engineer to YouTube Pioneer (David Bombal's Story)
NetworkChuck
32 They’re Teaching AI to Run the Data Center. Here’s How.
They’re Teaching AI to Run the Data Center. Here’s How.
NetworkChuck
33 Dark Web Expert Explains How He Infiltrates Cybercrime Forums
Dark Web Expert Explains How He Infiltrates Cybercrime Forums
NetworkChuck
34 Interviewing The Leader behind one of the Most Secretive Cybercrime Teams
Interviewing The Leader behind one of the Most Secretive Cybercrime Teams
NetworkChuck
35 Scam Researcher shows how he tricks scammers with AI
Scam Researcher shows how he tricks scammers with AI
NetworkChuck
36 He Hunts Malware for a living. Here's what he's most afraid of
He Hunts Malware for a living. Here's what he's most afraid of
NetworkChuck
37 Talk to Claude on 3CX Phone System Tutorial (Full Setup)
Talk to Claude on 3CX Phone System Tutorial (Full Setup)
NetworkChuck

This video teaches viewers how to get started with hacking and cybersecurity, covering the necessary tools, certifications, and skills required to succeed in the field. John Hammond shares his expertise and experience, providing valuable insights and advice for those looking to pursue a career in cybersecurity.

Key Takeaways
  1. Start with basic concepts like variables, functions, and conditional loops in Python
  2. Practice hacking by working on projects and trying out exploits
  3. Use online resources and tutorials to learn hacking concepts and techniques
  4. Create a virtual machine and install Ubuntu Linux
  5. Connect to a VPN and use a hacking platform like Hack The Box
💡 Having certifications like OSCP and OSCE can be beneficial for getting started in the field of cybersecurity, but it's also important to have hands-on experience and practice with tools like Kali Linux and Python.

Related Reads

📰
The Complete Web Application Penetration Testing Guide (2026)— Part 2
Learn to test web application security by focusing on authentication, authorization, and session management vulnerabilities
Medium · Cybersecurity
📰
The Networking Problem Nobody Talks About (Until It’s Too Late)
Learn about the hidden networking problem that can cripple even the most advanced systems, and why it's crucial for cybersecurity
Medium · Cybersecurity
📰
Built an AI-Powered WAF for PHP/Laravel Apps in Africa — Here’s What It Catches
Learn how a student developer built an AI-powered WAF for PHP/Laravel apps in Africa and what threats it catches
Medium · Programming
📰
eCPPTv3 Review
Learn from a firsthand experience of taking the eCPPTv3 exam and gain insights into the certification process
Medium · Cybersecurity
Up next
How to Recover from a Site Hack with Sucuri - Detailed Guide
Guide Answers
Watch →