Frequently Asked Questions

Please send your questions to faqs@yehg.net. Only idea questions.
For technical questions, only Google knows better than us.

  • Q: How should I get started learning hacking?
    A [Updated 2018]: There are a few ways.
    One is to get involved CTF challenges online and locally (not a lot but hosting frequently) - You can watch some inspiration videos. Learning curves could be frustrating and steep but rewarding in the end.
    Second way is to get a grab of copy of Security+ study guide and get the basics of all info sec stuffs. Take the exam if you can. After getting basics, you can move on to reading hacking ebooks and practising yourself. Or get the certifications from COMPTIA - Pentest+, Offensive Security, ElearnSecurity certs and others. Those certs enable you to bring you to higher levels as well as give you some form of guarantee for employment as pentester.

  • Q: How do you think guys in Myanmar who are learning/doing hacking?
    A [Updated 2018]: In early days of youth, they may randomly hack into web sites/systems illegally. But the most profitable way is to join HackerOne, BugCrowd, SynAck and be a paid professional bug hunters.

  • Q: What are differences in IT Security Engineers, IT Auditors, Pentesters/RedTeamers?
    A [Updated 2018]: IT Security Engineers enforce security policy and hardening procedures. IT Auditors ensure IT Security Engineers do things correctly as intented. Pentesters check whether those things are no longer sufficient to protect current evolving attack techniques.

  • Q: I'm tired of seeing vulnerabilities in softwares. Will there be any softwares without ones?
    A: New vulnearbilities will always arise as long as security is not enforced. People will not enforce it until their softwares get hacked. This goes on and on until forever.