FAQs

Frequently Asked Questions

Please send your questions to faqs@yehg.net. Only idea questions.
For technical questions, only Google knows better than us.



  • Q: How should I get started learning hacking?
    A [Updated 2018]: There are a few ways.
    One is to get involved CTF challenges online and locally (not a lot but hosting frequently) - You can watch some inspiration videos. Learning curves could be frustrating and steep but rewarding in the end.
    Second way is to get a grab of copy of Security+ study guide and get the basics of all info sec stuffs. Take the exam if you can. After getting basics, you can move on to reading hacking ebooks and practising yourself. Or get the certifications from COMPTIA - Pentest+, Offensive Security, ElearnSecurity certs and others. Those certs enable you to bring you to higher levels as well as give you some form of guarantee for employment as pentester.

  • Q: How do you think guys in Myanmar who are learning/doing hacking?
    A [Updated 2018]: In early days of youth, they may randomly hack into web sites/systems illegally. But the most profitable way is to join HackerOne, BugCrowd, SynAck and be a paid professional bug hunters.

  • Q: What are differences in IT Security Engineers, IT Auditors, Pentesters/RedTeamers?
    A [Updated 2018]: IT Security Engineers enforce security policy and hardening procedures. IT Auditors ensure IT Security Engineers do things correctly as intented. Pentesters check whether those things are no longer sufficient to protect current evolving attack techniques.

  • Q: I'm tired of seeing vulnerabilities in softwares. Will there be any softwares without ones?
    A: New vulnearbilities will always arise as long as security is not enforced. Even if security is enforced, attackers will find new ways to bypass it. It's the beautify of security vs hacking.

  • Q: What should I prepare to work in security field?
    A: Of course, the first is technical skill. The second is communication and language skills - the most important one all technical people don't give a shit about. Even if you possess tons of Offensive Security and CREST certs, have done tons of bounty huntings, finding CVEs, you won't be hired unless you can speak and write English to the point that People can understand you. This language skill will always be a barrier for our Myanmar people unless one strive to practise hard daily and frequently until their first job is landed at English-as-the-first-communication-language company either locally or abroad.