White-Hats fit better

As a die-hard hat fan, I can assure you that the sun won't burn your head! As more you know about the technologies behind ethical or non-ethical hacking as more you are protected. In fact I've been quite a lot of times confronted with viruses, cryptolocker viruses, ddos attacks and other harmful stuff! The question is not what your computer is infected with - no - more important is how did it come on your computer.

That's how I came to white-hat hacking or better said penetration-testing. My abilities are far away from governmental professionals but my resources are limited and becoming a grey- or black-hat is definitly not my intention. The reason why I opened this Page-Section and didn't publish only DEFENCE is that I want to show everybody how easy it could be getting hacked.

I will publish only Information which is easy available on youtube - or any other public source.  

What do you need?


PenTesting is not a job done in 5 minutes. You need time and a lot of nerves. For example testing a server means to clone or copy the whole system and build your own environment, and for this you need to grab as much information as you can get. I would say analyze and rebuild is the most time-intensive part of the job.


People think why does pentesting cost so much if most of the used software is open-source and free to get. Those guys I just want to ask why they should get payed in their day job if time doesn't cost anything.  Despite my love for the cause and unpaid free time self-study good pentesting tools do cost a lot of money. I just want to link one I rarely use but I thought I can't live without it. [ Great Scott Gagets HackRF One ]. But trust me this is a never ending story the hardware need explodes.


If it comes to fuzzing or debugging decompiled code you definitely need some programming skills and knowledge but everywhere else a good technical understanding, a little bit of scripting and a bunch of logical thinking should bring you on the right way. In my opinion, you have to understand the logic that followed the programmer, administrator or responsible person to build the network  on which you are testing. As the big saying says - the problem sits between keyboard and chair - not always the software is the gateway in - humans do open the doors more often than software fails!

Patience & insistence

This personal idiosyncrasy you should bring by. I stopped counting the times I wished my computer to "hell" - but hey there is a German saying - even a blind chicken finds grain once. For me it was a good experience to find a vulnerability in my first 5 minutes of the job but the friend of mine was not happy that his cams where showing his privacy to public! On the other hand not finding any vuls in more than 10 hours of hard pentest shows the quality of the sysadmin! But I can ashure you with a lot of persistence you will find some doors open.

Legal stuff

I do not advise you to hack anybody or anybodies property without permission! I would even go so far that I do not show solidarity to grey-hat hackers who first inform the "victim" and then publish the results, because in my opinion I stop using the product because of it's vulnerabilities and publish this "point of view" if company doesn't care about customers security. For example the "Chinese" security cams I've seen on my brothers house I've moved to a separate network without Internet access, because I didn't trust them and voila I do sleep well!

I do not advise any proxies, secure vpns, servers in "hacker-friendly" regulation less countries or the onion network because if you don't harm anybody you don't need to hide. Becoming a black-hat is not that difficult if you spend some money on darknet forums and get some easy to use scripts - but where is the fun?

Where  a victim is there is also a fraud - Where a client is there is also good money to earn legal!