It's time for more Stories From Cybersecurity! This time we talked to Sathyaprakash AKA Encryptor. Encryptor is an 18-year-old certified ethical hacker and cybersecurity enthusiast who is currently working on his Computer Science degree!
We hope that Sathyaprakash's story will help aspiring hackers gain some clarity on how to enter our field and what it takes to become an ethical hacker. He's also provided some great resources for our readers so be sure to check them out. Let's take a look.
How did you get started in cybersecurity? When did you first become interested in hacking?
I remember my dad brought a pc for me when I was in 6th Grade. I was too young back then to understand the complexity of the machine, but I was eager to learn. Eventually, I understood most of the basic things on that Pentium powered PC with Windows XP on it. Within a year I had learned a lot of things.
The next year, my dad bought me a brand new laptop with the Windows 7 OS. I could now explore a different version of Windows, and that's exactly what I did. After some time, I even learned how to use multiple OS on Virtual box /VMware. I was was only 12 years old at this point and thought my achievement was pretty cool - I was doing stuff my friends couldn't!
Slowly my laptop started lagging, had many software issues, and other general issues, that’s when I started my life in IT. I googled a lot for troubleshooting and rectifying my issues. This got me interested in the technical side of things.
My parents supported me in my journey. They made me join a computer institute when I was in grade 8th where I learned PC maintenance, Troubleshooting, and rectifying issues. Eventually, I got certifications in these areas. It taught me a lot about how computers actually work and helped me a lot in InfoSec too. I also did a course on Networking from the same institute and learned a lot about networks, protocols, IP, servers, topologies, as well as some hands-on practical stuff.
It was in 9th grade when I came across the term "ethical hacking" after surfing the internet to learn more about the fields within IT. I had watched several hacking movies but I wasn’t aware it could be a professional job. I started learning from online resources and learned to make batch file scripts which were quite amazing at that time for me.
And then like every other newbie, I joined an institute for Ethical Hacking, which wasn’t a wise decision. I would never recommend it to others, but it helped me a lot with theoretical knowledge but less on the practical aspect. Honestly, In my opinion, certificates (especially theory-based ones) hardly matter in this field. What matters is your in-depth knowledge about a topic and appropriate practical skills. At this point, I had developed many skills including compromising websites to social engineering.
I started learning everything from online resources because I believe the internet is the best teacher. I opted for many online courses (OS, Linux, Networks, etc). I also learned web languages and programming which helped me greatly with understanding web technology and the background working of a web application. Currently, I am using python for developing tools and contributing back to the community.
I have also been freelancing and have earned a good amount of money through this field. The scope in this field is huge, the only downside is that most of the people aren’t aware of this field and there is no fixed syllabus to get into InfoSec, it’s all about your research and eagerness to learn from several sources.
I then started my page on Instagram @xhackerboyy back in 2018 and started uploading Ethical Hacking content. Along with my Instagram page, I also started my blog www.cyberbuddy.co.in where I started posting practical content about Ethical Hacking.
It’s my internet family that motivates me to always keep myself updated, learn new things, and pass it on to them through my content.
What do you think are the biggest cybersecurity threats we are facing right now?
Cybersecurity threats are getting more advanced day by day. Malicious hackers dynamically updating themselves with new techniques and tools to hack in systems and also deceiving people to clutch sensitive information.
One of the biggest cybersecurity threats that we are facing in recent times is cyber fraud. People can be easily tricked by malicious hackers who want access to their sensitive information.
A lot of people are still not aware of bank scam calls and they end up giving their bank details to scammers who pretend to be a legitimate bank employee.
Another issue is people are recklessly clicking on links without even thinking twice if that link is genuine or not. Hundreds of people become prey to phishing attacks. The scammer will make things look so real that you will end up opening the link. Even Google drive links are masked with malicious code to exploit your device. Never open a Google Drive link directly on your phone as it will have access to your Gmail account before opening cross verify the link
Tip: Before opening a suspicious link verify that link at virustotal.com, the website will alert you if the link is masked with any kind of phishing pages or malware.
Another biggest cyber threat is Ransomware. People are becoming the victim of ransomware attacks by downloading unofficial software and products from an untrusted source. Ransomware locks down your whole system and demands you to pay a ransom amount to unlock your system. This thing can be avoided by taking proper security measures :
- Do not download anything from untrusted sources.
- Do not click on untrusted links
- Always update your software/apps/OS
- Avoid opening/downloading untrusted email attachments
- Do not run behind cracked software
- Use a good antivirus
Nowadays every third person becomes the prey of cyber fraud because of their lack of cyber awareness. Even employees of a company are tricked into leaking their sensitive confidential data.
The only step that can be taken to tackle these cyber threats is educating individuals to understand these kinds of attacks.
As I always say “No one can hack you without your consent”. It’s we who create loopholes for hackers by not setting proper passwords (a combination of A-z, 0-9 & special characters), ignoring multi-factor authentication, not updating software/ apps, logging on untrusted websites with Gmail ID and so on. If a user is fully aware of such things and adopts proper security measures then the risk of getting hacked is slim to none.
What types of resources have you found most useful for learning security? (Videos, courses, blogs, qualifications)
There is no specific course or certification that will make you an elite hacker. This field is all about self-learning and self-practice. The theory isn't enough, you need practical skills.
The Internet is the deep ocean of knowledge. Everything is available on the internet you just have to hit your keyboard to get the correct resource for yourself. The InfoSec community is constantly providing valuable content. Invest your time in learning and it will make you stand out of the crowd.
Get yourself some Udemy / Coursera courses. I believe you should invest in learning because it’s a natural human phenomenon that if we spend time on something, we'll focus even more on it. Learning is a snowball. Don't rush, learn the fundamentals, and take your time.
The basics for the security field are:
- Understanding OS and Computer Hardware
- Web languages (HTML,CSS,PHP,JS)
- Programming language (at least one – Python Recommended)
I was always excited to learn new things. I have learned a lot from online resources be it Youtube or any other platform. I am a visual learner and therefore I prefer video lectures over blog articles but I also do read blog articles related to my domain.
Coming back to the question for resources I mostly rely on video courses, but I also read books. Some of the books that I would like to mention are:
- The Basics of Hacking and Penetration Testing
- Hacking – The Art of Exploitation
- Kali Linux Revealed: Mastering the Penetration Testing Distribution
- RTFM (Best Manual to keep handy)
- The Web Application Hacker’s Handbook
Some of the youtube channels that I’d like to mention :
Apart from learning it is also important to execute those skills in real life. You can't test your skills on live websites because it's illegal. Instead, you can use practical labs which are deliberately made vulnerable to test your skills. For example:
Nowadays CTFs are trending. In CTF’s you experience all kinds of challenges from OSINT to forensics, the more you play the better you get. Some of the CTFs which can be played for beginners are :
You can always have an eye on ctftime.org for upcoming CTFs so that you can participate in them.
Coming to the certification part, certifications are not that important in this field if you have a firm knowledge (theory as well as practical). You will be hired purely based on your skills and not certificates. Certification is sometimes important for some organizations, so yes you can opt for some well-known certifications
- CompTIA PenTest +
- CompTIA Security +
If you could only give our readers 3 pieces of cybersecurity advice, what would they be?
1. Think before you trust.
There are lots of people on the internet who make fake profiles and try to be friendly with you with nefarious intentions. Such people will get into your profile and start stalking everything you do and try to make you feel comfortable with them and ask for your pictures, videos, etc. Never share your pictures /videos with any unknown person on the internet.
2. Clicking without thinking is Unwise
Just because you are free to click on anything, don’t be an ignoramus and click on everything that you see. Always verify the links/attachments before opening them. You never know what’s behind that link. So think before you click.
3. Sharing is not always Caring
Nowadays everyone is following the trend of sharing everything on the internet without protecting their privacy. Do Not share everything that happens in your life on social media. This not only makes you vulnerable to stalkers but also shows your routine to everyone, and this should be private. Do not share your personal details like a contact number on your social media, always keep it private.
What was your motivation for doing this interview?
I believe in contributing back to the community and educating people. I constantly post content on my Instagram page and blog to connect with others in the community.
There is this major misconception in people’s mind that hacking is all about compromising social accounts and doing bad stuff. This is is not true and I want to change people’s perception of hacking and cybersecurity. I want to educate and make people aware that the InfoSec field is far more than just hanging around compromising social accounts
My aim has been always towards making people aware of hacking, cyber frauds, tackling cyber threats, and similar issues. Cyber frauds have increased a lot during the pandemic, and I try my best to make people aware of this through my social media accounts.
I hope you have enjoyed my journey in the InfoSec field as much as I have! You can find me here:
Social Handles :