There are a million and one disciplines in hacking and it might seem like an endless pit that you can keep pouring energy and time into without ever getting back anything but did you know hacking can make you a pretty penny as well? Many hackers have received incomes that many can only dream of and luckily for beginners, there are a bunch of cash opportunities to tap into. you just have to know where to look.
Whatever hacking path you take, I want to stress that you need to stay ethical in every action you take. This is not a video game, you (and I) are about to ‘attack’ real companies.
With that out of the way, here are five ways you can make money hacking in 2021!
Most people are probably familiar with bug bounties even if they do not recognise the name. You’ve probably heard about hackers getting 5 to 6 figure bonuses for hacking big tech companies like Google — that’s a bug bounty! Bug bounties are companies exposing themselves to a talented group of security researchers which can either get a cash reward or get points which help them advance the leaderboards and get them “swag”. “Swag” is hacker slang for merchandise related to hacking.
And here is an example: https://www.securityweek.com/google-paid-out-67-million-bug-bounty-rewards-2020#:~:text=Google this week said it,paid just over %246.5 million. Not every hacker should expect to get the same outcome yet a significant amount of hackers who hunt for bug bounties do manage to grab extra pocket money from a skill that probably started as a hobby. Don't get me wrong, bug bounties are not easy but it's certainly worth a shot. I started out knowing nothing about bug bounties and in a matter of 3 months I hacked my way into the top 20 hackers off intigriti (https://www.intigriti.com/researcher/profile/theamazingferret) though I recently decided to focus more on penetration testing. I managed to grab over 3000$ in a short timespan with logic vulnerabilities but my best bug is still the one i found accidentally while looking around and exploring my target. I always put XSS attack vectors into every input field that I see which led me to fully taking over my victims account due to stealing the session cookies. This bug got me 750$.
A penetration tester is a hacker who gets hired by clients to test the required scope items. This is a vague description so let’s get deeper into this. When a company designs a new product or feature, these often require penetration testing. The clients set up a scope document and an approval slip and when all the deliverables such as contracts have been fulfilled, the penetration can get to work. They will follow a set methodology depending on what they are testing that is determined by the company but that does allow for deviations where required. A penetration tester can be hired to test many different things suchs API’s, specific features of a product or the company's whole infrastructure. These job opportunities are sure to rise as demand for penetration testers goes up. If you go for a certificate like OSCP, you will stand out from the people who do not but make sure to publicly share any research you do while training to become a penetration tester. Community work is always a plus but it will help any future employer in their choices.
Penetration testing enables another way to make money with hacking but we need to train ourselves to become good enough to be accepted into a company that performs penetration testing. The thing with hacking is you can't really go to any school to learn it. You just have to do it a lot and companies who hire penetration testers know this. They want you to have tried every possible attack scenario and to be able to show that. After the hiring process, you will be guided by a senior to start your career as a penetration tester which will execute test cases at first but determine security testing strategies for big companies in no time. The salary of a pentester can easily grow up to 100,000$ in the USA at the time of writing. The average salary for a pentester is 86,241$ with the lower 10% of the payscale making 59,000$ and the upper 10% making 139,000$ in the USA according to payscale and while junior pentesters enter the company at a lower rate, they will quickly notice their paychecks rising.
Besides working for a company you can always decide to go solo and start up a consultancy company. While this is not a bad idea at all, you should know, companies usually don't trust new penetration testers to test their most critical infrastructure unless you have a proven track record. If you manage to break this wall down though, you will find a wealth of companies (new and emerging) who are desperate for security testing
Now that you know how hackers operate, you can help others by teaching them how to hack ethically or defend themselves against bad actors. A lot of consumers use their computers and the internet as if it's completely safe and are surprised when they are met with a threat. You can help contribute to a safer internet by informing people about the dangers and training them on how to defend themselves all while making some side money. If you are really passionate about training, you can even consider making this a full-time job after judging your chances in the market.
I think you could a little more about how you can train others, for example YT or creating courses or even writing about it.
With covid-19 rising, we also saw a big increase in cybersecurity attacks on companies and consumers. With your newfound knowledge of these cyberattacks, you might be able to help the victims of these cyber attacks recover and if you are providing them with tech support, you can certainly make some good coin with this method. You can possibly offer to remove any viruses that were installed or possibly try to recover data after the system crashed and is unable to recover.
I made sure to let every business near me know that I was a security engineer and that if they needed me, they could always reach me. About 2 days after I gave my number to a local car dealership they got hit with a crypto locker. These viruses are designed to encrypt all of the user's files and demand ransom for the key to decrypt them. Luckily I had an unlocker for this specific virus and I was able to decrypt all the files with no damage done. Needless to say, they were very grateful for this.
You don’t have to go that big though, you can also think a bit smaller and just help out a family member or friend in need. Everyone has had a family member ask them to repair their computer at some point but you might also get called into a crisis situation and if you are able to resolve the issue you might have prevented a lot of damage for them.
Lastly it never hurts to put out posters that contain descriptions of what you are capable of in locations that allow it. People in need might see this and contact you. It pays off to mention your prices on the poster though so your customers can make a more informed choice.