Cyber Defender

The power of hacking

Alexis Lingad

i
Cyber Defender. Copyright 2016 by Alexis Lingad.
All rights reserved. No part of this work may be reproduced or transmitted in any
form or by any means, electronic or mechanical, including photocopying, recording,
or by any information storage or retrieval system, without the prior written
permission of the copyright owner and the publisher.

Printed in Philippines
First printing

Cover Illustration: Wimby Grace Yee

Interior Design: Alexis Lingad
Non-Technical Reviewer: Leonard Torrenueva
Technical Reviewer: Roselle Gabuya
Proofreader: Stacey Rigos

For information on distribution, translations, or bulk sales, please contact Cryptors,

Inc. directly:

Cryptors, Inc.
B8 L8 San Marino Classic, Salawag, Dasmarinas, Cavite
Links: www.fb.com/cryptors; cryptors.officia@gmail.com; www.cryptors.org

Cryptors and the Cryptors logo are registered trademarks of Cryptors, Inc. Other
product and company names mentioned herein may be the trademarks of their
respective owners. Rather than use a trademark symbol with every occurrence of a
trademarked name, we are using the names only in an editorial fashion and to
the benefit of the trademark owner, with no intention of infringement of the
trademark.

The information in this book is distributed on an As Is basis, without warranty.

While every precaution has been taken in the preparation of this work, neither the
author nor Cryptors, Inc. shall have any liability to any person or entity with respect
to any loss or damage caused or alleged to be caused directly or indirectly by the
information contained in it.

ii
 About the Author

Alexis Lingad is a penetration tester and researcher, as well as

the founder of Cryptors, Inc., a cybersecurity firm who raised
the cybersecurity awareness around the world. He is currently a
senior security consultant in iEi Securities, LLC, an information
security firm in United States of America. He presents in some
conferences and seminars on topics such as penetration
testing, website hacking, hacker mindset and social
engineering.

He is popularly known as the ethical hacker who hacked back

the entertainment platform of the students, having a 20,000+
audiences, in Mapua Institute of Technology called Mapuan
Files. He is also the team leader of the group who bagged the
2015 Hacker Games Champion trophy in one of the biggest IT
security conference in the Philippines called What The Hack: IT
Security Summit.

iii
 Warning!
The search for the TRUTH is not for the faint-hearted!
This book may destroy your traditional beliefs..

Review

Alexis give a different perspective in a hacking story. It's not

everyday that you read the thoughts of someone from the
other side of the fence. A Filipino version of Kevin Mitnick's
Ghost in the Wires and Kevin Poulsen's Kingpin.

I'll definitely discuss his digital tales in my College Network

Security and IT Professional Code of Ethics classes from here
on.

-Mars Cacacho
Founder of HackTheNorth.PH

iv
 Table of Contents
Foreword ix
Acknowledgments . xi

PART 1: Start the Revolution 1

1.1 What is this Book? 2
1.2 Why Teach Hacking? 5

PART 2: Becoming a Superhero 8

2.1 Hacking is the Modern-Day 9
Superpowers
2.2 Using the Power to Protect 13
2.3 Using the Power for a Cause 15
2.4 Using the Power for Personal 18
Gain
2.5 Using the Power Out of 21
Curiosity
2.6 Becoming the Modern-Day 24
Superhero

PART 3: Misconceptions About 31

Hackers
3.1 All Hackers are Evil? 32
3.2 All Hackers Know Everything 33
About Technology?
3.3 All Hackers are Magicians? 35
3.4 All Hacker Groups are Well- 38
Organized?
3.5 Having Hacking Tools Can 41
Make You a Hacker?
3.6 All Hackers are in the Same 44
Age Group?
3.7 The Real Definition of Hacking 47

v
PART 4: Be-Do-Re Hacking 51
4.1 The Be-Do-Re Hacker 52
4.2 Be, the 80% of a Hacker 57
4.3 Do, the 15% of a Hacker 60
4.4 Re, the 5% of a Hacker 62
4.5 Finally 63

PART 5: How to Think Like a 65

Hacker
5.1 Think Out of the Box 66
5.2 You Can Achieve Anything 72
5.3 There is No 100% Secure in 78
Cyberspace
5.4 Hackers Dig Deeper 80
5.5 Be PRO (Patient, Resourceful, 82
Observant)
5.6 Choose Your Environment ... 89

PART 6: Mr. K's Step in Hacking 91

6.1 Let's Do The Hack 92
6.2 Step 1: Choosing a Valuable 93
Target
6.3 Step 2: Study The Details 95
About the Target
6.4 Step 3: Creation of Possible 102
Methods
6.5 Step 4: Execution 105

PART 7: Hacking Humans 111

7.1 Social Engineering ... 112
7.2 Social Engineering Methods 116
7.3 Psychological Factors 120

vi
7.4 Countermeasures 124

PART 8: The Beginning 126

8.1 Ethical Training 127
8.2 Application of Hacker's 128
Mindset
8.3 Technical Hacking 130
8.4 Learning Continuously 136
8.5 Join Us in Our Revolution 138

Recommendations ... 142

Resources ... 143

vii
viii
 Foreword

The book is focused on a hacker's mindset that gives you a

basic idea on how to think like a hacker and it will also
inspire you to become one. It will also teach you that having
a mentor will create a big impact on how you choose and
decide in every step of your life.

This is just the beginning.

Happy Hacking!

-Meric Mara
CEO and CTO of 8layers Technologies, Director of Maralabs, The man
behind the KahelOS (The First Linux Distro in the Philippines)

_____________________________________________________________

ix
x
 Acknowledgments
First of all, I would like to thank Jesus who gave me all of the
things I have now. I am very grateful that he gave me a chance to
spread the good news about cyber security and to make our cyber
world a more secure place.

I would like to thank my parents and my little brother who

supported me in my ethical hacking journey even if they find it a
very different path.

I would like to thank my team in Cryptors, Inc., for

supporting me in raising cyber security awareness around the
world.

I would like to thank my mentors who guide me in chasing

the path I want to pursue.

I would like to thank the cyber security community in the

Philippines such as HackTheNorth.PH, Philippine Army, 8layer
Technologies, Global Knowledge Philippines and Bitshield Security
Consulting to name the few for supporting me in building a safer
cyberspace in the Philippines.

I would like to thank Technological Institute of the

Philippines and Mapua Institute of Technology for taking a big part
of my hacking journey.

Lastly, I would like to thank my friends who joined me in my

adventures. I wouldn't made this book without the memories
you've given me for the past few years. This book is for you all to
cherish the memories, especially the underground hacking
organization we made called 'Mapua Cryptors'.

xi
xii
 001
Start the Revolution

________________________________________________________________

Spiderman has extraordinary strength and ability of the

spiders as his power. The Flash can run very fast like a
lightning. Hulk has an invincible strength of a huge green
monster. Like these superheroes, hackers have powers too: a
power that can fully control the new world we are living, the
cyberspace.

1
1.1 What is this Book?

Congratulations! You just found the holy grail of how to become

a real hacker. This book is the only book on the planet that
focuses on building a strong hacker's mindset for you to able to
hack everything under the sun. Yes, you've read it right, HACK
EVERYTHING. This book is what you are waiting for a long time
ago. We are so glad that you didn't miss the chance to take
your first step in discovering the TRUE HACKING.

Many of the people today are always asking these questions

about hacking:
Where should I begin?
How to start a career in hacking?
I know how to use tools, but I don't feel like I am a
hacker, what will I do?
How to become a real hacker?
How can I hack anything?
What should I study to fully understand hacking?
What are the secrets of hackers?

2
 How to think like a hacker?

This book will give you all the answers to those questions. Don't
worry if you don't know anything about technology because this
book is created for everyone. If you are already a professional
hacker then this book might be for you too. Why? Because
many of our professional hackers these days are not really a
true hacker. Many of them didn't think like a true hacker. They
depend too much in hacking tools which is not a way of a real
hacker. Fortunately, this is your chance to see if you are one of
those real hackers or not.

This book will focus on developing your Hacker Mindset,

because by solely using this, YOU CAN HACK EVERYTHING.
How? Let this book explain to you the details of how to do that.
Forget about hacking Facebook account or any other accounts!
You will learn to hack all of those things and even bigger things
by just reading and applying what is in this book.

This book will train you to become one of the finest superhero
in the history. You will become a real hero, not like Superman,
Batman, Wonderwoman, or any superhero you know in your
childhood which is only fiction. You are reading this book for a
reason and it is not an accident. You are destined to become a
real cool hero of this society that can help many people.

This book will let you know the misconceptions that the
traditional arena gives about the hackers. This is for you to
know the truth about hackers. They say that the hackers are
evil, geniuses, and only for geeks, but they don't know that
there is a bigger revelation than that. A hacker can be
mysterious, sometimes but we will reveal the secrets that most
of them didn't want you to know.

3
This book will also tell you the step by step process of how real
hacking occurs. This is for you to be on the right path because
many of the professionals today want you to rely on the hacking
tools and any technical details but not with the thinking details:
the hacker's mindset which is a better computer and tool for
hacking. Many of our hackers today were misled and end up
being a script kiddie professionals. But no more worries, this
book will help you hack the way out of that wrong path.

This book will also teach you how to think exactly like a true
hacker. Knowing what's inside their mind can be a great
weapon to counter them. Additionally, it can be also a great
advantage for you to become a real hacker. This book will tell
you the exact phrases that a hacker always thinks.

Lastly, this book will tell you all of the things you need to start
your journey in ethical hacking right away. With the knowledge
you will gain in this book, you can activate the 80% hacker in
yourself. This book is very important, but this is just a major
start to begin your journey as a real hacker.

4
1.2 Why Teach Hacking?

I founded Cryptors in April 2015 with a goal to raise cyber

security awareness around the world. I built this startup
because this world needs someone who will teach them how to
protect themselves in cyberspace. I need them to think like a
hacker who breaks into the computers for them to be ready
24/7 in the possible attacks they might encounter. But first of
all, we need to teach them the ethical hacker's mindset which is
the very important.

Imagine this: when I am speaking in front of many people, I can

kill anyone in that room but I don't because I am ethical. I am
trained not to do it and trained to act ethically even if I have
the ability to do such lunatic and terrible things. And that's why
training the student the ethical way of hacking is very
important. However, some of the professionals today think that
by just saying the phrases like, Do this for educational
purposes only, Do this with permission and something like

5
that, they expect that the students will just build the huge
foundation of being ethical in hacking in just a snap of saying
those things which is not true. It takes time and a lot of effort to
train a student to think ethically in the certain field and that
type of training is included in what we are teaching interactively
in this book and in our seminars.

I know some of you have questions in the back of your mind

like, Wait a minute! Aren't you just arming people with digital
weapons? Well, that's true. I teach things that they can abuse
and so are the chemistry professors, military academy and
martial arts instructors. Just like these people, I am putting
my whole trust to the students that they won't use this to harm
anyone. The chemistry professors teach students to use those
learnings in the benefit of the people, for they know it is the
ethical way of becoming a chemist. Military academies train
their students to become disciplined, helpful and ready to die
for the sake of their country since they know it is the ethical
way of becoming a soldier. The martial arts instructors train
their students to use those techniques they acquired in
defending themselves and by helping anyone in need because
they know it is the ethical way of becoming a martial artist.
Chemists, soldiers and martial artists can harm anyone using
the acquired talent given to them by their teachers but they are
trained to do what is ethical in their field.

It is the same story in hacking. Students who learn hacking can

also harm anyone using this kind of power they acquired from
the teachers. However, we can train the students to use this
power in securing our cyberspace for we know that this is the
ethical way of being a hacker. That's why I created this book,
not just to teach them how to hack, but to teach them how to
become ethical in this field.

By teaching them hacking, they will learn how the digital world

6
works. The student will learn how to defend themselves in
cyberspace because depending too much on the ready-made
software like anti-viruses or firewalls are not enough. To make
this possible, they need to learn how bad hackers victimized
people and become smarter than the bad hackers by
developing the best countermeasures.

~ Things to Remember

If you want to be with us in our revolution, start it by

NOT pirating this book.
By being with us in this revolution, you just made a
difference.
If you want to use the power of hacking for good, then
this book is for you.
We are teaching hacking to make our cyberspace more
secure.

7
 002
Becoming a Superhero

_____________________________________________________

When I was 13 years old, I found out about this kind of power
(hacking), I explored it. I want to have that and use it to save
the world. I want to save the innocent people from the invisible
hand that controls us without us knowing. I want to start a
revolution that all of the people can have this kind of power to
defeat evil. But who am I? I am nothing. I cannot save the
people if the people themselves don't want to be saved.

___________________________________________________________

8
2.1 HACKING is the Modern-Day Super
Powers

When I was in college, we have this so called Mapuan Files, a

Facebook page that everyone in the MIT (Mapua Institute of
Technology) community can rant about what they feel about
their professors, subjects, love lives, weird moments, and
unforgettable moments anonymously. They just have to click
the website of the page and fill up the form where you will put
your story, no true name required, just a pseudo name. The
Facebook page became popular and it was also became the
most popular entertainment place online in our college
garnering 20,000+ likes and have more than a thousand of
active audiences. It went well until the villains came into the
picture.

9
There is one organization for profit (let's hide it in the name of
Evil Org) who stealthily controlling and changing the Facebook
page, Mapuan Files, to an advertiser page. You can still see
some stories and rants (some of them are scripted related to
their products) but most of the time there will be some post
about their products and some advertisements alone. Here it is
again, the invisible hand that controls the joy of the viewers of
this page. Taking an advantage to the people by this kind of
trick, the Mapuan Files from the freedom page is turning into a
profitable and corrupt page.

I remembered that I can do something about this. I have the

super power called hacking. I can stop this kind of tricks of
this Evil Org on the page. People of Mapua community are
complaining already that time about how the page from
freedom page turns into a business page where only those
businessmen will benefit monetarily. So here I am, talking to
myself, Should I do something?, Should I fight these
businessmen?, What will I do?, Am I afraid?.

I came to my dormitory and think about these things. If I will

make a move, then probably there's no turning back. This thing
I will do can make my life miserable if not executed well. After
all, those student businessmen can be a moron in this kind of
battle, but based on the rules of Sun Tzu on the Art of War,
Don't belittle your opponent.

Having this kind of power can be a great blessing and at the

same time, a curse. It is because if someone needs a help and I
know I can help them using these skills, there are times that I
chose to not help them. My other self is talking to me like this:
You cannot save all the people in this world, so why bother?
and the other self of mine is talking like this, You can help
them, you can make a difference. I know I sound stupid and
my guilt was killing me inside.

10
The modern-day generation doesn't seem to realize that a
hacker can do bigger things. They don't realize that hacking is
not just a skill, but a power. Imagine yourself being in control of
the digital world like adding zeros in your money in your online
bank account, changing your grades in your school server,
knowing what your partner say in their private messages in any
social media, taking some pictures of your crush using her web
cam all of it without the victim's consent. Of course, all of those
big attacks can be countered by hackers also. That's how
powerful a hacker is. They're playing like a demigod in the world
of cyberspace by being in control of any other devices. And like
the other heroes we know, they chose to use these powers to
help others. The saying about the Spider-Man movie comes into
this picture, With great power comes great responsibility.

And here I am again, thinking that helping the Mapuan Files

community is my responsibility since I have that kind of power
that can really help them. Then here it is, there are some
rumors that this Evil Org is the one behind those posts in

11
Mapuan Files who humiliate someone like professors, students
or anyone that can come against them. They made it a trend by
not just using the 20,000+ audiences in Mapuan Files but also
on their Facebook pages, personal Facebook accounts and
websites just to make that person feel that they are fighting a
godlike organization. So I conducted my research and talked to
each victim, then I came up with a single conclusion. All of the
victims had a bad relationship with this Evil Org so in my point
of view, there is something fishy going on and I have to prove it
and make my best move.

12
2.2 Using the Power to Protect

There are some superheroes that have the power of invisibility.

That's also a power of hacker. Ordinary people will have a hard
time to see them since they are inside your computers, your
smartphones, and any other devices you have. They can
anonymously kill you or destroy your lives without you knowing.

A hacker can hack your pacemaker in your heart (if you have)
and kill you. They can hack the airplane you are riding, enabling
them to destroy it. They can break the electric grid to cause
power outages that can cause deaths of many patients in some
hospitals and much more. They can hack your car and fully
control it. Worse, they can control drones that can go to your
house and shoot you to death.

13
These things can be done by a Black Hat (bad hackers) and we
should know how to stop them. Why? You are not responsible to
save all of the people in this world, but I bet you won't take it to
see your loved ones suffer from these kinds of hacker attacks.
Therefore, make a move and do what you have to do. Go wash
your face, make sure you won't be sleepy and finish this book
because this book won't tell you how to use tools yet but will
focus on molding you to think like a hacker which is more
important. If you are a normal person who uses a tool you
cannot hack without tools, but if you think like a true smart
hacker, even if you don't have tools, you can hack like a pro.

Let's talk about Barnaby Jack, who discovered vulnerability in

ATMs that can spit out a lot of cash from the machine. Imagine,
if the Black Hats are the first one who discovered that flaw,
what would you think will happen? Of course, expect the worst.
That's why our White Hats just like Barnaby Jack saves the day
by discovering the vulnerability first and make things more
secure before it get attacked by Black Hats. They hack, to
protect and you can choose this path for it makes a lot of
money peacefully and of course, a great deed for humanity.

Going back to Mapuan Files story, I was thinking back on that

day that I can protect the people from the invisible hands who
are controlling them. The solution? No, I will not deface the
website of their organization (the Anonymous way) but I will
shut down the whole Mapuan Files Facebook page and make it
alive again with different administrators. After that, Mapuan
Files Facebook page again will serve the people for freedom
only and never again for profit and corrupted stories. As usual,
hacking a Facebook page is not an easy job so I have to make a
concrete plan. I call my best friends/ hacker buddies Irous,
which I find the greatest Social Engineer in the campus and
Carmelo, which is the most supportive friend and I've ever had
in the campus.

14
In my college days at Mapua Institute of Technology, I created
an underground organization called Cryptors (a start-up
company now started in 2015). That organization, they say, is a
mysterious one. The members are hidden to the public; no one
knows who the mastermind is and who the officers are. The
only certainty in this group is that the masterminds are having a
gathering to train officers in the field of hacking. Those are
the things the campus only know about that organization so
many of them says that we're just an urban legend but here we
go, talking to you in this book to prove that I exist and Cryptors
existed in that campus as an underground organization.

I started this organization for a cause, to teach the people of

this generation to become White Hats before they became

15
Black Hats and also, to raise awareness regarding cyber
security starting at my school, next is this nation and then the
world, one step at a time. However, traditional people
misunderstood me; they say that I am creating monsters. That's
why they want to find my real identity to teach me some hard
lessons and that is to punish me. The reason? First, my
underground organization is literally underground. We meet like
an organized syndicate, we have a secret handshake, secret
hideouts, code names, and lastly, we are not an accredited
organization because I want to keep the darkness and
mysteriousness of the organization which makes it unique to all
of the other organizations in the campus. Lastly, they found my
cause as extremely evil, teaching the students to become
criminals they say.

They say that I create monsters. They don't know that all of us
have a monster within us. Someone who is ready to eat people
alive just to profit from their business selfishly, lie publicly to
steal money from the people, make a device that can kill a lot
of people just to make money, make a food that can slowly kill
people just to make a living, all of us have their own monsters,
own selfish interests, own secret dark sides and no one have
the rights to say that they don't have monsters inside them.
And what I'm doing that day is training them to become good
monsters before anyone like me turn them into an evil one. I
made them a monster that has a power to destroy everything
but will choose to become good for the betterment of humanity.
They will be monsters that can have a greater power and
strength to defeat those evil monsters.

Do you know Hulk? Hes a human that can change into a huge
green monster with great strength to smash all, even you in just
one hit. He is a monster, but trained to become a hero of
humanity. At first, people try to kill him because he is a
monster, but there are some people who believe in him that he

16
can be a good monster and become a benefit to humanity.

That's the same with humans. All of us can be a monster

someday that can have the ability to smash or destroy
something very big. I am not telling you that you will change
into a huge green monster like Hulk and have that kind of
strength too. What I am telling you now is that you will have the
power someday to control something and destroy something
and one of those powers is hacking. The power of hacking can
destroy the lives of people, a whole nation or worse the whole
world.

And I am one of the people who believe that they can be

changed into a good monster. So what I do in that underground
organization is to turn them into a monster and later, teach
them how they will become a benefit to humanity using those
monsters inside them. It's good to expose them earlier on
hacking and train them to have a strong foundation of being a
White Hat (good hacker) before they discover it with a wrong
intention and use it in evil. It is because in this generation,
there are no teachers or mentors who will spend much of their
time to train our young hackers to have a strong foundation of
thinking like a White Hat. They just go to the hacking tutorials
very quick and just say, We are not responsible in anything you
will do with this knowledge or something like, Use this for
educational purposes only and to be honest? You cannot build
a strong foundation in their minds by just saying those things.
Chances are they will just use it on anything they want whether
they broke a law or not.

Going back to Mapuan Files story, my great cause in shutting

down the Facebook page is to reset it back into a freedom page
where anyone can rant about the truth of what is really going
on in the campus whether it's about the system or the people.
No more corrupted stories, no more humiliation of named

17
people and no more people who will play god. That will be the
rule in the new world I'll create inside the most popular
entertainment platform in our college where freedom reigns.
However, Irous, Carmelo and I plan this very well that it takes
months for us to finalize and execute the plan.

2.4 Using the Power for Personal Gain

Unexpectedly, there is someone who hacked first the Mapuan

Files Facebook page. They call themselves Anti-Cryptors.
When I heard that name, I thought, Oh, really? We have a
hater? Ha-ha-ha and we have to adjust the plans we created
for that matter. However, what I don't like with these hackers
are they exposed my identity to the public as the Cryptor's
founder saying something like this, If there is someone who
have evidence that Alexis is the founder of Cryptors a.k.a.
Cryptor001 then message us here. We have to punish this
founder to death. Cryptors, I think this time is not anymore a
mysterious one because the founder was exposed indirectly to
20,000+ audiences on that page.

Worst, they posted a picture of me on Mapuan Files Facebook

page and say stupid things to me. In my mind, I said things like
these,Are they blocking my plans? Do they know my plans?
Are they playing with me? Who is this hacker? Are they just the
original admins? Do they want to piss me off? . Then another
day came by and this time, Anti-Cryptors, using the Mapuan
Files Facebook page, are posting something like this, Alexis, if
Cryptors is a legit HACKER group then hacked back Mapuan
Files in one week. If not, then you just show the world how
much of a loser you are. Of course, I know it's a bait and I
won't play with them.

18
Irous, Carmelo and I talked about this event. Adrian Once and
Neyo Ibarra, the other co-founders of Cryptors also joined me in
thinking a plan. The other 9 officers of Cryptors (Emman,
Reggie, Gilbert, Kent, Claudette, Alyssa, Rufter, Karl, and Ace)
cheered me up in what's happening. I am so blessed that I
created this organization for I have this wonderful friend of
mine who will support me in times like this. Now, I can think of
a plan clearly.

Irous and Carmelo joined me in planning, and we have an

assumption that if ever I hacked back Mapuan Files Facebook
page from the Anti-Cryptors then there's a huge possibility
that I would be the one also to point who hacked Mapuan Files
which is the Anti-Cryptors. We also think that these hackers
wannabe playing behind the Mapuan Files Facebook page as
Anti-Cryptors can be the Evil Org who has control in the said
page. But in my mind, I said something like this, How did they
know our plans? Do they want to bring down my whole
underground organization? Why? Because we are starting to get
the spotlight? Is this how they really play? A dirty trick? It's
starting to make sense for us. I called Geff, the creator of
Mapuan Files and asked him, Who is running the page?. He
answered, My Facebook account was hacked. Evil Org just
bought the Mapuan Files Facebook page so you can ask them. I
really don't have access now in it. I'm sorry for what's
happening to you. and I went to the Intramuros walls, 5pm in
the afternoon, while thinking that what I am facing right now
can be the Evil Org itself and I have to take things seriously
right now.

They just used the Mapuan Files Facebook page's power for
personal gain. It's getting worse and I have to stop them as
soon as possible. However, something unexpected happened.
The Mapuan Files Facebook page acting as Anti-Cryptors just
posted a status about the plan of the Evil Org to make a new

19
world order like system in the campus where they are in control
of everything and one step of that is to buy the Mapuan Files
Facebook page. Another post is a picture about the Evil Org
founder's conversation with Anti-Cryptors Facebook page saying
like this, Hey, I have evidence that Lingad is the founder of
Cryptors but please don't put my org's name on Mapuan Files
page. Then the Anti-Cryptors answered, Show me that you
are not in the side of Lingad and the founder of Evil Org
replied, He is a liar and a loser. The founder of Evil Org is
acting as my friend in the campus since I was in 1 st year, but he
just showed you his true color in this thing.

I am starting to go crazy and talk to myself, What the heck is

going on?! Is Evil Org and Anti-Cryptors a different person? Is
this how they play the game of confusion? Are they playing with
my mind? I am tired of this. I'll going to do the hack since I have
a few hours and 6 days left. That time, I didnt know why I am
thinking like that. However, one thing is for sure, we will do the
hack.

20
2.5 Using the Power out of Curiosity

In my second day before the seven day-deadline ends, there is

some dummy Facebook account that messaged me every hour
that he is the Anti-Cryptors who hacked the Mapuan Files
Facebook page. I didn't reply, but I went to Irous and Carmelo to
tell my plans to them. I said, I know what to do now. I will hack
the Facebook account of that dummy account that messaged
me earlier, claiming that he is the Anti-Cryptors. Then, if that's
the admin then we just hack back Mapuan Files. However,
Irous exclaimed to me, It's risky! I won't allow you to do that.
After you hack back Mapuan Files, the side of the Evil Org will
point at you that you are also that Anti-Cryptors and they will
say that you did that to gain popularity and for the
advertisement of our organization!. Carmelo added, There's a
possibility that Evil Org is not the Anti-Cryptors. There could be
someone who is above us who's in control with this Evil Org and
Cryptors event. I replied, Yeah, that's why I'll hack it. I am
tired of these questions. My curiosity is killing me here. I want

21
answers. Maybe this mystery man who controls these things is
leading me into something.

I can feel that Irous and Carmelo are very afraid of what will
happen to me if I hack back the Mapuan Files. I understand
them, since the very beginning of this organization they are
with me, together with Neyo and Adrian, to build something
that can make a difference in this world. Just one wrong move in
this situation, those things we've built so far will be useless.
Neyo called me to be careful and Adrian joined me to eat dinner
and talk about my plans. I am starting to feel uncomfortable
because they all treating me like this is my last day with them.

The third day, I started to hack the dummy account who claims
to be the Anti-Cryptors. I know this is kinda scary because I
don't know who is playing with me, but I started a brute-force
dictionary attack (A password attack that can find every
combination of words, numbers and symbols in your word list of
possible passwords). I was shocked, that in just a minute,
because of the simplicity of his password I gained access to his
account and the password is kinda scary, boobytrap (To those
who don't know what a booby trap is, it is a hidden bomb that
explodes when the object connected to it is touched or moved).
And it is true, he is the admin and the only administrator of the
hacked Mapuan Files Facebook page, no Evil Org.

By this time, I can now post on Mapuan Files Facebook page

that Cryptors just hacked back the page from the Anti-Cryptors.
However, there is something bugging me that time. If I posted
using the Mapuan Files page that I already hacked back Mapuan
Files, then Evil Org will do all the things desperately just to
blame me that I am just the Anti-Cryptors to humiliate me and
my organization and play like a god that punishing an innocent
like me is the right thing to do because they don't have any
clue who could be that Anti-Cryptors. Of course, in my mind, I

22
said that the possible way that they will show that punishment
is through their social media accounts and pages and to their
website.

After that, I proceed with the plan we made for months. I won't
show you the whole idea of the plan yet, but I will reveal it,
soon in this chapter. The Mapuan Files community is asking the
Cryptors to hack it back already. Well, I just did it, but I will let
them know soon.

23
 (The picture used in the operation with a great speech)

2.6 Becoming the Modern-Day Superhero

When the signal came from Irous, I posted the picture of mine
with a great speech in Mapuan Files Facebook page. We entitled
the post as Mapuan Files Retrieval Operation. The people of
Mapuan Files community were shocked because they thought
that hacking Facebook is impossible. The people thought they
were watching a real life hacking movie and they were so
amazed.

In that day, I got a lot of friend requests in my Facebook

account. I became popular and of course, Cryptors organization
too became popular in the campus. I just showed my identity
into the 20,000+ people but, still, I hide the identity of my
colleagues in Cryptors that time and you'll know why. Cryptors,
in representation of me became the superhero of the
entertainment platform of the campus from the villain they

24
know called Anti-Cryptors.

However, I'm thinking on that day, How Evil Org will kick me
out in the picture?. Yes, we are expecting that Evil Org will
make a move to humiliate me and punish me like a god. That's
we are waiting for, we want to show it to the people how evil
they are. And as usual, they think that I took their bait, well,
yes, I took their bait to make my best move possible.

Cryptors shut down the Mapuan Files Facebook page as we

planned and bring back the original administrators of Mapuan
Files. We also bring back the creator of Mapuan Files, Geff, as an
administrator of the page which is the new adjustment in our
plans. We need him to be an admin so that Evil Org will have a
way to get the Mapuan Files back into their hands. By that
process, Evil Org can humiliate me to the 20,000+ audiences
like they always did to their victims.

Why Geff? Geff is known as the creator of the Mapuan Files. In

short, when you say Mapuan Files, it's Geff, almost everyone
knows he is the creator of that page. Anyone with any concern
in Mapuan Files will go to Geff but the rest of the administrators
are hidden. Evil Org can control Geff because Geff owes them a
lot, so we are assuming that the next move of Evil Org is to
control Geff in giving the Mapuan Files Facebook page to them.

After 2 days, my popularity went down and my dignity was

destroyed. Evil Org just do what we are expecting. I thought it
would be just a small punch in my heart but it's not. I was
humiliated to the 20,000+ people of the Mapuan Files Facebook
page saying stupid things to me like, Lingad is also the Anti-
Cryptors, the impostor and fixer and so on. Well, I carried all of
the heartache and the weight of the situation. The important
thing is I know now how their victim feels when they play god
using that damn social media.

25
The plan is not yet over, we called Geff and asked him if he's
still an administrator of the page and he replied, Not anymore,
Evil Org just owned it, but he will make me an admin soon as a
show of respect of being the founder of this page. Then I told
him these things, Geff, we want to have screenshots of the
administrators on the page. We want to know who used the
Facebook page on humiliating people. We also want to remove
them as the administrator of that freedom page for it will not be
longer a freedom page if they are the admins. And by doing
that, you just made a difference, you made history. and Geff
replied, It's the founder of the Evil Org who posted things like
that to you. I'll make you an admin once I get access to it, but I
have nothing to do with these. Just act that you hack the page
again and I'm done. Gotcha! I didn't have to hack Geff's
Facebook account technically to have access to the page. That's
what you called reward social engineering. By telling him the
reward and by tickling his emotions, there is a huge possibility
that they will let you control them and you have to know that if
you are a hacker, you have to hack also a mind, not just
computers.

After an hour I became the admin of the page and screenshot

the administrators of the page. As usual, all of the main people
of the Evil Org are there. I removed them as admin and made
the cycle again. Make Geff as the administrator and let the Evil
Org control Mapuan Files. I posted the screenshots of the
administrators of the Mapuan Files and let the people know
who's behind the posting of those humiliations. Many of the
people who saw that picture conclude that Evil Org is Anti-
Cryptors just to frame me up and bring down the whole
organization. My parents were forced to transfer me to another
college for they are worried in me, eating death threats for
breakfast.

26
I know some of you is asking, Why you didn't just owned
Mapuan Files and never give it back to them?. When we
retrieved the Mapuan Files Facebook page, we gained
thousands of solid supporters in our goal. When Evil Org
humiliated me, those solid supporters saw how evil the org is.
Thousands of people were awakened to what is really going on
about the Evil Org. They start to spread the idea about that org.
They can destroy me, but not the idea.

When we started to spread the pictures of the administrators of

Mapuan Files, the Evil Org threatened me by calling lawyers and
posted some embarrassing screenshots of my chats with other
people I made in the past (they managed to control those
people and reveal our private messages), they are unstoppable
of humiliating me to thousands of people just to stop me in
spreading the truth. However, I didn't stop and the people who
believe in me never stop spreading the idea. I got a lot of
threats, but it's worth it.

The master plan is not finished. After I leave, Evil Org will be
comfortable and at ease in using the Mapuan Files Facebook
page. They didn't know that the real trick in our plan is to let
them use the page. Why? The idea is like a virus and it is
spreading around the campus- the idea that Evil Org is using
the power of that page to play like a god in the campus. After
this event, the humiliation and advertisement in the page
continues. We are just waiting now if who will push the button
to explode the bomb in the face of Evil Org.

After 6 months, there are a lot of people who supported Sir

Edward, who filed a case against the Evil Org. The org was
humiliated like what they did to their victims. They suffered
from what they did and justice was served to the victims.

Hackers have the power to control anything. And for you to be

27
in good terms, just use that power to help people who are in
need. Use the power for the benefit of the many. Use that
power to make a difference.

Before we finish up this chapter, I know you are asking in your

mind like this, Then who is the real ANTI-CRYPTORS?. By this
time, we don't have any idea who it is but will reveal
somewhere in this book. They say that it is the Evil Org just to
frame me up and bring down my whole organization. However, I
know how Evil Org plays the pieces and for me, Evil Org does
not qualify to be the Anti-Cryptors. Maybe Carmelo is right in his
statement, There's a possibility that Evil Org is not the Anti-
Cryptors. There could be someone who is above us who's in
control with this Evil Org and Cryptors event.

28
~ Things to Remember

Hacking is not just a trick, but a power that everyone can

use for good.
Hacking was used to protect, for a cause, for personal
gain, and for curiosity. However, as a White Hat hacker,
you must use it primarily to protect.
Hacker is the modern day superhero.

29
 003
Misconceptions About
Hackers
___________________________________________________________

When I was a 13 year-old kid, my ultimate dream is to become

the greatest hacker in the world. It sounds stupid, but I
managed to tell it to my family at that young age. All of their
foreheads wrinkled, not because the idea of being the greatest
hacker is stupid, but because for them the idea of being a
hacker is stupid and my mom shouted, Stop dreaming like
that! Hackers are ridiculous! You should not become one of
them. Starting that day, I observe and explore why people
think that way about hackers and here it is.
___________________________________________________________

30
3.1 All Hackers are Evil?

I was once invited to the Philippine Army by my friend named

Joey. He is one of the bosses in Philippine Army's Technology
field. Fortunately, he wants me to become one of his security
researchers and a partner in exploring ethical hacking. Then I
went to his office and I had fun talking with him about ethical
hacking because he really understands what is really going on
in the cyberspace.

When the lunch came, we ate with the other soldiers and Sir
Joey introduced me as a hacker. When the soldiers heard the
word hacker they started staring at me for a second with
scary eyes. However, they started smiling after more or less 3
seconds and started asking me questions like, Do you hack
bank accounts? Deface websites of the government like
Anonymous? Are you an activist who hack for political
reasons?. That was one of the scariest time of my life being a
hacker- soldiers, who think hackers are mostly bad guys, asking
me about sensitive topics. Just one wrong move will get me

31
imprisoned.

Fortunately, I managed to be calm and think of an answer and

said, I hack ethically, with permission. Luckily, they stopped
asking questions and just eat. I breathe heavily and told myself,
At last, no more questions! Ha-ha-ha

In this generation, the population of Black Hats is increasing

much more than the White Hats. That's why the media and a lot
of people in this world think that hackers are ridiculous and evil.
They tend to think that when I say hacker, it means stealing
credit cards credentials, modifying the numbers in a lottery, and
so on. These things happened because of Black Hats with the
help of the media and influential people who think hackers are
evil.

In an interview, one of the journalist of a known college in

Manila asked me, How can we change their perceptions about
the idea that hackers are evil?. I replied, We must create
more White Hats. Simple as that, because the White Hats
expose the tricks used by Black Hats to the normal internet
users. The more White Hats, the more tricks will be exposed to
save billions of lives, and more Black Hats will be discouraged
since there will be so many White Hats who will secure our
cyberspace.

Therefore, not all of the hackers are evil. Just to give you an
example, let's talk about Barnaby Jack. In Black Hat 2010
hacking conference, he showed how to reprogram some ATMs
to spit out cash by just using his laptop. By discovering this kind
of vulnerability, he worked with some ATM manufacturers to
make a software update and stronger safeguard to counter this
kind of hacks.

32
3.2 All Hackers Know Everything About
Technology

When I was in college, my professor in Mapua Institute of

Technology joined me as one of the participants in the Inter
University Programming Contest. Our competitors here are
some great schools in Metro Manila like University of the
Philippines, Ateneo de Manila University, and so on. At this age,
I was just starting my career as a hacker, but most of them
think that I already knew everything about programming. They
think about it for there are some students who said to our
professor that I was invited by the Philippine Army as a security
researcher. Just because I am a hacker they expect me to
become a programing genius, although that time I am just in
the middle of learning programming in college (I was 17 years
old).

When the contest started, we were no match to our

competitors. I was defeated, but I learned a lot. The saddest
thing in this competition is that their expectation of me was

33
very high to the point that they thought I will become the
champion. Well, I was just starting in my career as a hacker
back then so don't expect me to become genius already who
knows everything.

In hacking, you just have to learn the basics of programming,

operating systems, networks, etc. You don't have to be genius
in each field. The very important thing is you understand that
certain topic in order for you to modify it and do what you want.
It is good to be great with these subjects, but it is not required
for you to be a genius and super expert in this field, just know
the basics and how it works.

When I was 18 years old, I joined a hacking competition in What

The Hack: IT Security Summit. The competition is called
Hacker Games where we will hack a certain system with a
corresponding documentation. Some of my competitors already
have PhD., Masters, or even a Bachelor's Degree in technology
courses but I am not. This time, I am just a college student, but
my team ended up being the Hacker Games Champion so what
I am saying now is you don't have to be a super expert like a
holder of a PhD, Masters or even a Bachelor's Degree just to
become a hacker.

Our technology today is very dynamic. It changes from time to

time and its a big challenge to the hackers to cope up with
these changes. Even the expert security researchers are having
a hard time coping up with the new technologies arriving in the
market. The most flexible ones are the winners in the hacking
world and you don't need to be an expert in every field of
technology just to do this. However, let's be honest that being
an expert with multiple topics can really help you but not a
requirement.

34
3.3 All Hackers are Magicians?

When I went to my hometown, one of my neighbors gave her

USB flash drive to me and wanted me to fix it. The problem of
that USB flash drive was that it got washed by water and
suddenly broke into pieces because one of her kids hammered
it badly. And as you all know, most of my neighbors also know
that I am a hacker so they are expecting me to do some magic
and fix that thing. Terrible! I quickly said to her, I am not a
magician. I can't fix this. and she became very disappointed
with me shouting that a Hacker Games champion can't fix her
USB flash drive.

Some of the traditional people in this world think that a hacker

can do everything related to technology. They are expecting us
to do things in a blink of an eye that seems to be impossible.

35
Many of them think that hacking is in just a click of a button you
can hack credit card credentials, power grids, Facebook,
Instagram, Twitter and so on. Not in this world my friend, not in
the hacker world.

Hacking is power. Therefore, we must apply the formula of

power in physics here which is:
Power = Work/time.
Don't worry guys, we will not do math in here just a formula to
express this thing. I just want to emphasize that hacking is not
done by just a snap of your fingers.

As you can see, there is the word called work. In order for you
to hack a certain system you must apply work in it, therefore
you will exert force. Maybe that force is the thinking process. As
usual, during the Hacker Games some of you will imagine us
that we are typing so fast to hack, but the reality is most of the
time, we are thinking of the smartest and the easiest way.

Another word that you can see in the formula is time. Some of
you who frequently watch Hollywood hacker movies tend to
think that in just a matter of seconds, the hacker in the movie
can hack the nuclear weapon of other countries, or shut down
the power grid of the whole nation. All of it happened in the
movies by just typing fast on the computer with black terminal
and green fonts. This kind of hacks is possible, but it takes time
to do this attack, depends on the work needed in the fulfillment
of the hack.

In reality, the time span to hack a certain system goes up to

several weeks or months. The time span depends on how
secure the target system is. The more secure, the more work
you should apply.

Therefore, a hacker is not a magician. Sometimes, there are

36
some similarities like in the art of deception. Hackers and
magicians tend to use this art to gain something. That
something for hackers can be to attain valuable information
and while for magicians, maybe to amaze the audience.
Anyways, I am not a magician so let's go back to the hacker
topic.

37
3.4 All Hacker Groups are Well-Organized?

Have you heard about the popular hacker group that has a
mask? They are one of the well-known hacker groups
internationally. They tend to play god and justice by hacking the
people who commit criminal act or just a terrible act. Well, they
hack illegally so they also commit crime so why not hack
themselves?

In November 3, 2015, it was reported that Yaya Dub's Twitter

account was hacked by this masked hacker group in the
Philippines (Yaya Dub also known as Maine Mendoza who are
well-known internationally together with Alden Richards ). This
hacker group claimed that they did the attack for the upcoming
Million Mask March 2015 and to tell our government to stop

38
corruption. Anyways, this kind of attack was ridiculed by the
hacker group members in other countries, telling that what they
did has nothing to do with the International community of that
hacker group. Also, millions of supporters of Yaya Dub enrage
their feelings to that hacker group telling that what they did has
nothing to do with the government and it's too much personal.

As a result, the NBI helps the Maine Mendoza's side to catch the
hackers because that hacker group just broke a law. Based on
the law of the Philippines, in Republic Act No. 10175 /
Cybercrime Prevention Act of 2012, it aims to address legal
issues concerning online interactions and the Internet in
the Philippines including the cyber offenses like illegal
access to data . However, good luck to NBI if they will catch
those culprits with their technology right now.

As you've read a while ago, the other members of that

international masked hacker group seems like they don't even
know what this hacker group in the Philippines did and take no
responsibility in the said event. This can prove to us that they
are not well-organized. They move if they want to move, no
leaders and no rules. As a whole, after that event, this hacker
group in the Philippines gave a public apology to the Filipinos on
what they did to Maine Mendoza's online account. After all,
don't forget that these hacker groups help us to see the truth
behind our government's anomaly. However, most of their
solutions to stop the problem are unethical and not well
educated.

Aside from this masked hacker group, there are a lot of hacker
groups arise in the cyberspace. Most of the time, to keep their
safety from one another, they won't show their identity to the
other members. This kind of arrangement is hard to manage
because what if that 10 person is just one man or some of the
members are police who wants to catch the group. I hope this

39
will make sense now to you that it's hard to manage this kind of
group who you don't trust or don't know if they really exist.

40
3.5 Having Hacking Tools Can Make You a
Hacker?

Do you know the stethoscope? It is one of the doctor's tools to

hear the internal sound of a human body. What if a kid uses the
stethoscope, does it mean that he is a doctor already? No, it will
not make him a doctor, but the knowledge of what the doctor
does together with his tools can make him one.

That is the same story with hacking tools. When I was a kid, I
have the hacking tool called Dark Comet. It is a remote
access Trojan that can give you a power to control other
computers remotely, take pictures via their webcams, or listen
to their conversations via their microphones connected to their
computer even if you are just sitting in your home. What you
need is just an internet connection and a laptop. This tool can
help you to make a Trojan; this Trojan is a malware that if you
put in the target's computer, you can now have access to the
target's computer in just a matter of seconds via your laptop.

I used this tool in our computer laboratory in high school. It was

a sunny day, and we have a website making class. I use my USB

41
flash drive to make my job easier. What my USB flash drive will
do is that once I plug it into the computer, it will automatically
open and execute the Trojan there. How? Let me show you the
simple trick.

On your laptop, open a notepad and copy paste this lines in it.

[autorun] open=trojan.exe
ACTION=Perform a Virus Scan

And then, save it as autorun.inf then copy paste it inside your

USB flash drive. The trojan.exe there is our Trojan file that we
created using our Dark Comet. Don't forget to copy paste also
inside your USB flash drive the trojan.exe file.

When my teacher went to the restroom. I was shouting inside of

my head, This is my chance! I know you will hate me for
doing this, but I did it. I went to each computer and plugged it
in. My classmates didn't bother to stop me in what I was doing
since they are so busy talking with one another about their love
life, gamer life, weird life and other kinds of life they have. I
managed to execute it in all of the computers in the laboratory
before the teacher came back.

When I came back to my house, I opened my laptop and the

Dark Comet to see how many sessions or computers I've got.
The next day, due to my quite arrogance, I told all of it to my
computer teacher with a proud voice. However, he just laughed
at me. Later, I found out that he asked my other classmates if I
am mentally stable. Yes, he thinks that I am crazy.

Then the story circulated in our school. One of the things that
circulated was the tool that I used. When they found out what
tool I was using, a lot of hacker wannabes in our school
suddenly popped up and used it in the computer laboratory.

42
One of those wannabes was (let's hide him in this name) Adam.
During our class, he plugged in his USB flash drive in my
computer and tried to lure me by talking with me gracefully and
interestingly. When I look at my computer, it was blocked by
Windows Defender (Fail!:D). I forgot to tell them that you should
encrypt your Trojan files because the more you encrypt it, the
more it will be harder for any antivirus to detect it. Well, his
face showed that hes in trouble that time and just walked out
due to embarrassment. He probably thought that I am not the
only one having that kind of power in our school. However,
most of them really think that I am a crazy weird person so
thats good for me because they won't dig too much in my
hacker life.

Moral lesson? It takes time to truly become a hacker. Even the

me that time wasnt fully developed as a hacker yet. You
need to have the hacker's mindset and learn the basics of
technologies such as programming, networks, operating
systems, and much more to understand very well how hacking
works. At that moment, Adam thought that because he has the
hacking tool, he can also be a true hacker which is not true.

43
3.6 All Hackers are in the Same Age
Group?

Do you know the kid named Reuben Paul? He is the CEO of the
Prudent Games and one of the youngest ethical hacker in the
world, having an age of 9 by the time I wrote this book. He
created iPhone applications that will teach people about math,
science and cyber security in the form of a simple game. He
also speaks and demonstrates hacking in some hacking
conference like DerbyCon and 2014 Houston Security
Conference. Some of you might think it is too much for a kid,
but the truth is, anyone can be a hacker once he fully
understands the things he must learn.

In this case, the father of Reuben is a professional ethical

hacker and managed to teach Reuben all of the things he will
need in that field. Reuben also has a burning passion about
cyber security and that's why he managed to utilize all of the

44
learning materials and advice his dad has given to him. For
now, he is developing another application that will help the
world learn while playing. By knowing his story, we can pick up
a lot of lessons that can and will destroy the limitations we are
giving to ourselves.

Let's talk about my story. Being the CEO of Cryptors and a

senior security consultant of iEi Securities at the age of 19 is
very challenging. However, I managed to be on the run by
hacking my mind. Yes, you've read it right, hacking my mind
and what I will tell you right now can make you roll over the
floor for this is a huge revelation for some of you. I'll explain
about how it works and show you how easy it is by explaining
how a computer works.

A computer has input like the keyboard so for example if you

type the letter 'K' in keyboard that will be the input. The
computer also has a process like CPU (central processing unit)
where the data you input to the keyboard will be processed in
it. Lastly, we have the output like monitor that showed us what
we input. That's how a computer works and computer was
designed and patterned from the mind of the humans.

The input of humans is the five senses, which are the sight,
hearing, taste, smell and touch. Let us have an example: If Roy
frequently watches a lot of Dragon Ball Z and any other violent
cartoons, then he is seeing and inputting the violent movement
of the characters in his mind (he is also inputting what he hear).
The process of humans is no other than the brain. All of what he
senses is processed in the brain. Lastly, the output is the result
of what he inputted in his mind. If he inputted the violent
movement of the characters in the Dragon Ball Z in his brain
frequently then you'll see a lot of Roy who has a violent
characteristic like punching and kicking.

45
So if I inputted in my brain things like the hacker's mindset,
coding, networks, Linux, social engineering, ethical hacking
then what will you expect? The technique is, input only what
you understand so that your mind can process it and can make
a result. Input first the things you understand and level up little
by little. Therefore, it is very important for you to know where to
start but don't worry, this book will tell you all the things you
need to start in your journey of becoming a hacker.

So in conclusion, whether you are young or so old if your mind

is running well then you can be a hacker. You just have to love it
and of course, in order for you to learn to love it you must
explore it. It's just like loving a real person; you can learn to
love the person if you managed to know him/her well.
Therefore, explore and know more about hacking!

46
3.7 The Real Definition of Hacking

When the Hacker Games started, I found myself hopeless

because almost all of the participants are professionals and I
am just a student. All of them are grown up and that time, I am
just an 18-year-old kid. They have so many laptops and my
team only has one. In this competition, we should have 5
members in a team, but only 1 of my members came and that's
my cousin, Leizl, a businesswoman. We will be eliminated if we
are just two so I pulled out a friend from the audience, Adrian, a
programmer. The worst thing is I am the only one with a hands-
on experience in hacking. The two of them just know it
theoretically so in my mind I was saying, Okay, let's just enjoy

47
the moment of being in this competition. Lastly, the judge
came to us and asked us if we will still continue because he is
worried for us. I managed to say, Yes, we will.

The name of our team is Cryptors which is also the name of

our company, but to avoid humiliation in the name of our
company we just change it into Creepy. We changed it since
we know that there is a huge chance of being the lowest in the
rank. Different kinds of bad luck us in that competition.
However, we forgot something.

The game is not just about exploitation of the system, but also
about the documentation of the whole process. We assumed
that most of our competitors will focus in hacking the system.
However, our team is focused on hacking the whole game. So
how do we hack the whole game? Here it is.

Thanks to my yesterday self for I bought some premium

automated tools in hacking before the day of the competition
and some of it has a Money Back Guarantee so I am thinking
that I'll just use this money back guarantee to get back my
money if I won't use these tools. These automated tools are just
a last resort weapon in case of emergency. And what I liked to
these chosen tools is that they're proven to be superb and
accurate like humans. So these tools are likely to become my
best last resort weapon in the upcoming Hacker Games.

Going back to the competition, almost all of them are showing

muscles in hacking by doing the manual methods of hacking. I
know, that time, I won't win in showing muscles in hacking for
they are five in their team and I am just one who hack in my
team, the speed of their manual methods can be 5 times faster
than mine. So I am pressured to think of the smartest way in
this scenario. I have to hack the heck out of this bad luck! I
don't want to do this thing, but I was forced to use my last

48
resort weapon, the automated tools I have. These tools can
make my manual methods faster than anyone in the
competition.

By using these tools, some of the referees who go around

looking what we do is, maybe, laughing and thinking that we
are just a script kiddie. Well, that's part of the plan, we use
those automated tools to save our 50% time in the competition,
and these tools make my manual methods up to the shortest
time. The other half of our time is used in beautifying our
documentation with proper illustrations where even the
executives can understand (Thanks to my MBA graduate cousin
and team member, Leizl, who is an expert in doing
documentations). Well, as you all know, because our
competitors are focusing too much on the manual and
traditional methods, some of them have a simple and not-so-
good documentations and worst, some of them don't have
documentation due to the intense showing muscles in hacking.
As a result, we just hacked the whole game and ended up being
the champion.

I want you to understand in this story that hacking is not just

about infiltrating a system. Hacking is also done by thinking the
smartest and easiest way to infiltrate the system . In our case,
the system is the whole game consisting of people
(competitors, referees and judges), instructions (game is about
exploitation and documentation) and tools (superb automated
tools). By hacking the whole game, we just made it to be the
one in control in the competition. That's why one of the referees
named Gil, a cyber soldier, asked us, Why you are just relaxing
and eating chocolates? The last round had started! Start
hacking! and as you all know, that's the perks of being in
control, you know what is really happening in the background so
you can relax and have some chocolates but the one who was
hacked won't see it.

49
~ Things to Remember

Not all hackers are evil. Some of them are making our
cyberspace more secure.
Hackers don't know everything about technology. They
have expertise maybe one or two, but not all.
Hackers are not magicians. You can't ask hackers to do
an illogical or impossible thing in just a snap of a finger. It
needs time and work.
If you have hacking tools, it doesn't mean that you are a
hacker. You must have a hacker's mindset to be a real
hacker.
Hackers can be anyone, no age limit.
Hacking is about finding the smartest and easiest
strategy in exploiting the system, not just to exploit the
system.

50
.

004
Be-Do-Re Hacking

_____________________________________________________

When I met Mr. K, one of my professors in Mapua who knows

hacking, I learned that hacking is not just all about doing the
tricks. He said, Hacking's major component is thinking like a
hacker, a Be-Do-Re hacker. This statement really intrigued me
until I found the answer.
________________________________________________________________

51
4.1 The Be-Do-Re Hacker

The world of hacking I know you are thinking is too dark,

mysterious and adventurous. Well, the truth is, the world of
hacking is full of liars. It is full of technology experts who know
how to use hacking tools, but lie to themselves that they are
hackers. It's just like the kids who knows how to use a
stethoscope (a doctor's tool) and claims to be a doctor, a man
who discover how cars was built and claim to be a mechanical
engineer, an employee sitting in the CEO's chair when the CEO
is not around just to claim the ego of being a CEO. The world of
hacking is full of lies and I will give you a power that has given
to me in this chapter to distinguish who's the real one.

Mr. K, one of my mentors in hacking just showed this kind of

world to me. Anyways, let me tell you first the epic story of how

52
I met him in Mapua, the college where I studied computer
engineering until the Mapuan Files came into the story. This
happening is one of my unforgettable moments that made the
Alexis, who is writing this book, a white hat hacker.

In my first year in college, I was eager to find people who are

like me who are interested in hacking. However, almost all of
what I encountered is interested in computer games, full
academics, love life, night life, and passing their subjects no
matter what. Well, I also value my academics and passing my
subject, but life is bigger than that to just put my whole life on
it. Even if I study hard in college, I always give time to explore
what I love because it will lead me faster to success than
imprisoning myself in school stuff.

Until one day, I've got to talk with some of the second year
students and they told me that there is one professor who
teach about hacking in his classes if there's an excess time.
They named it Mr. K and they say that he is in programming
classes. Then I said in my mind, I want to meet that person
and know what he is capable of doing in terms of hacking. So I
hack the way out just to meet him in person.

I went to his department and look at his schedule. I made a

letter saying that I want to learn from his experience in hacking
and I will share my thoughts too in the same topic and many
more. That letter will be given to him by my friend Neyo in his
programming class. Lastly, I didn't put any name in the letter
and tell Neyo not to expose me because I just want to know
how he will react in the letter to know what kind of person he is.

I know some of you will just say that I can meet him after the
class and just show person to person in him. However, I am not
that kind of person. I always want a thrill and mystery in most
of my work so I did it. The day goes by and Neyo already gave

53
the letter to Mr. K.

I talked to Neyo about what happened when he gave the letter.

Neyo said, He read it out loud in the class. Being proud that he
has a fan and a wannabe apprentice. Okay, in this detail I can
assume that he is too proud of how great he is. Let us see if he
is also great in the hands-on hacking. Neyo added, He wants to
meet you. He said that you can attend some of his classes so
that he can talk to you afterward. So I will meet him, it's show
time.

When I went inside of his class, I saw him on the professor's

desk. Do you know the appearance of a rock star? That's my
first impression to him, long hair, good posture, humor,
charisma, he has it all. I'm thinking if he's really into hacking so
after his class I talked to him politely and told him that I was the
one who wrote the letter.

I saw in his eyes that he was shocked. In my mind I'm saying

things like this, Okay, maybe he is expecting a hot girl? Or a
super geeky nerd? What is he thinking? Oh wait, I am a long
haired too, maybe because of that? After a few seconds, he
started offering a handshake like we are some kind of partners
in crime.

He started introducing himself and said this line, Can you hack
Facebook accounts? I paused for a while, and said this line,
There are no 100% secure in cyberspace. Therefore, it's a
yes. He smiled at me and he shouted, At last! I found you! I
don't know what he is talking about so I asked, What did you
mean you found me? He said, Let's take a walk.

We walk around the campus while he is telling his horrible

stories of wannabe hackers. He said, I was working with

54
different so called security analyst. They called themselves
ethical hackers because they stop hackers and they counter
hack them. However, I don't label them as true hackers. I
asked, Why? They are doing the hands-on thing! Then he
replied, Not because they know the hands-on, they already
hackers. He added with a smirking smile, I asked them too
what I asked you a while ago if they can hack Facebook
accounts and they answered me terrible things. I asked again,
What did they say? He replied, They said things like these,
It's impossible!, There are no hacking tools for that!, Are you
joking!?, That's bullsh*t! He added, Those things are terrible
answers, a proof that they are not a real hacker.

I was starting to get his point little by little so I ask him again,
What is the exact terrible thing in that answer? He answered
me, Hacking is just like this:

First, choose a valuable target.

Second, study the details about the target.
Third, find a way, not just a way, but the smartest and
easiest way for you to hack it using what you've
gathered in the second step and what you have in
yourself like skills and hacking tools available. This is the
strategy making phase where you will list all of the
possible methods to hack the target.
Lastly, execute all of the possible methods you made in
the third phase. Try first the methods that have high
success rate.

He added, And I want you to see it that you can apply it to

everything you want to hack. For example, the hacking of
Facebook accounts. First, you have to choose a valuable target
and that is your victim. Second, you must study the details of
the platform and in our case the www.facebook.com website

55
like how it processes the forgot password, the retrieval system
and so on. It can help also to study the details about the human
who use the account because a human stupidity can never ever
be patched. It is the Know your Enemy method for you to know
what are the possible methods to hack the target. Third, think
of the smartest and easiest way to hack the account. List all of
the possible methods. To me, one of my possible methods I see
is by answering the security question of the victim. I can just
have a simple walk and talk like this to know what is their
street, what's the name of his first pet and so on in the middle
of chit chat with the victim. After knowing the answer to the
victim's security question, you can now access his account.
Lastly, for you to able to do that, of course, you must execute
the possible methods you just made. That's it! And they say it's
impossible? They say that a hacking tool for that doesn't exist?
Real hackers find ways! Not reasons! I was shocked how he
made hacking so easy to understand with those steps. Starting
that day, the line hackers find ways marked on my mind in
every hacking situation I'm in.

After being amazed of what he said he added these lines

tapping my back and looking to me, I met numerous so called
hackers in the industry but there are only few real hackers in it.
I want you to continue that kind of thinking. When you told me
that there is no 100% secure in cyberspace and you can hack it,
I know you will find a way. That's how a real hacker thinks
because the major component of hacking is thinking like a
hacker, a Be-Do-Re hacker

I was so inspired by what he just told me that day but

something is bugging me in my mind saying, What is a Be-Do-
Re hacker? Why Be-Do-Re? Anyways, he knows I don't know
about the Be-Do-Re hacker so he quickly added, Be-Do-Re
hacker means: Be a real hacker by having a hacker's mindset,
Do the hack which is the execution and get the Reward which is

56
your motivation. All of those steps I gave you is the step used
by a Be-Do-Re hacker. As much as I want to talk with him a lot
more about the Be-Do-Re hacker, I cut the talk for my next class
will start in a few minutes.

.After that walk, my view of the hacker world changed. After

that wonderful day, we continue to meet and share ideas about
hacking and I decided to create Cryptors as an underground
organization together with my friend Neyo, the person who help
me in connecting with Mr. K and also a cyber security
enthusiast.

4.2 Be, The 80% of a Hacker

When I was with Mr. K, I was expecting him to teach me some

hands-on hacking. I want to see the details in hacking some of
the most secure system in the world. I was hoping that we will
use some hacking tools and play with it. I am expecting him to
teach me some scripting techniques, but he didn't for now.

Instead, what he is teaching me is to think different, to be

patient, to be resourceful, to be observant and many more that
I think, no real hacking occurs. I was disappointed until he said
this line, If you have the hacker's mindset then you can hack
even without hacking tools. I asked him, How will you do that?
Hacking is a computer stuff and must be related to computer,
right? He replied, No, hacking is never a computer stuff
but a mindset. Our mind is a better computer than the
computer you see right now. And as you can see, your hacker's
mindset will be with you as long as you live unlike the hacking
tools that can be vanished anytime. This is the Be (be a real
hacker) part in Be-Do-Re Hacking, which consist the 80% of the

57
hacker.

When I heard that thing, I am still confused. I said to him

sarcastically, How can I use my mind to hack the FBI? CIA? And
Pentagon? You will train me to do some telekinesis that can
control machines using my mind? He was patient and laughing
at me, he replied, Ha-ha-ha, as I expected. We will not use
telekinesis. In christian stories, do you know how the man
became a sinner? In my mind I was saying this, Oh, so now
he's teaching me to become a pastor. But I replied to him
politely, Yes, because Satan tempted Eve to eat the forbidden
fruit. Then he said, From the beginning of this world, hacking
is already there. I was just quiet, thinking what he meant by
that.

He started to make the details and said, Satan hacked Eve.

First, he chose Eve as a valuable target. Second, he studied the
humans and we all know that he knew humans more than us.
Third, he finds one of the vulnerabilities of a human that
doesn't die, curiosity. He thinks of a plan and strategy on how
he will talk to Eve to press that curiosity in her mind. The plan
was to take Eve in the knowledge of tree and let her wonder
what was the taste of the forbidden fruit. Then, by his
consistency of giving ideas and rewards Eve may get in eating
this forbidden fruit, eventually, Eve will be hacked
unconsciously. Remember that hacking means gaining control of
something or someone. Lastly, he'll execute the plan. That's
why the history saying that hacking was started in the 19 th
century is not real. It was started from the beginning this world
was created. The plan and strategy in doing that hack with the
hacker's mindset are the Be part which is the most important
then the Do part is the execution itself, where the success is
mostly depends on the Be part's creation and feasibility.

I started to get the meat of was he's saying. Hacking is gaining

58
control of something or someone, but because we are in this
era where technology rules, the instruments we usually use are
the hacking tools and any technology that can help us in
gaining control. By using that story, I understand now that our
mind is the greatest tool we have in hacking. Mr. K added these
lines, You can hack everything or everyone using the greatest
hacking tool and computer you have which is your mind. That's
why I am teaching you to control the power of your mind, to
think like a true hacker because a true hacker believes that his
mind can do impossible things such as hacking everyone or
everything. All of us have that power, but only few know how to
use that power. Luckily, I am teaching you how to use it.

That was a huge revelation in my life. After that scene, I'm

starting to think differently from others. I started to realize that
from the start, I already have the greatest hacking tool already.
However, I was blinded by the traditions of the hackers today
that the greatest hacking tool is in the program they use like
Metasploit, Nmap and many other popular hacking tools today.

This is the most important part of being a hacker because with

this, you can hack everything and everyone easier than those
who only know how to use technical tools. This is also the
longest training of a hacker compare to the Do and Re because
the most difficult to learn is to unlearn what you had learned.
Today, cyber security trainings tend to teach you how to use
tools, and the basics such as the terminologies but no one
focuses on teaching to build a hacker's mind within the
students. The number one reason is most of the hackers today
doesn't have a strong foundation in building a hacker mindset,
they just know how to use tools and it's the end of the story.
Well, I congratulate you for reading this book because this book
will give you a strong foundation of how to think like a true
hacker.

59
Well, the important thing now is you know why the Be part in
Be-Do-Re hacking is the most important. It is the hacker's
mindset creation and planning part in Be-Do-Re hacking where
most of your time will be eaten. However, I chose to make a
whole different chapter for that to emphasize it more here in
this book. In chapter 5 entitled, How to Think Like a Hacker
will tell you the details of how to think like a true hacker and
develop strategies differently from the normal people.

4.3 Do, The 15% of a Hacker

The Do in the Be-Do-Re hacking is doing the hack. This is the

execution while the Be part is the planning stage and
developing the hacker's mindset. To execute things in hacking,
you must be confident with your skills. That is because there
are so many times that the execution part became different
from what you expected.

What I am telling you right now is there are some things that a
pure human cannot control. These are the things that the only
one can control the situation is the God who created us.
Another thing we cannot control sometimes is the human itself
that is not perfect. A human can sometimes make some errors
and it is a nature of humans that we must consider in our plans
and thinking.

Being flexible in the execution is a must. You must have a

second plan, third plan, fourth plan and so on in case the first
one didn't become effective. The execution part really depends
on the plan and strategy you've made on the Be part. If your Be
part is a trash, then don't expect that your Do part will become
effective.

60
In order for you to become confident, you must be
knowledgeable in the things a hacker must know in this era.
That thing is the technology. Hacking is not about technology,
but it can help your job become easier. The things you must
know in order for you to become confident in the field of
hacking are:

1.) Hacker's Mindset

2.) Computer Fundamentals
3.) Linux
4.) Networks
5.) Programming
6.) Social Engineering
7.) Penetration Testing

You don't have to be an expert in all of it. The important thing

here is you know how it works. Remember, hacking is all about
gaining control and these things can be your weapon in this
age. In the old days, the ultimate weapon of hackers was
psychology, but today, its technology.

Having a hard time thinking why you need those 7 things in

hacking? Well, having a hacker's mindset will help you to think
like a hacker so that you can hack even without tools or with
just a few tools. Knowing the computer fundamentals will give
you the details on how computer works, what are the different
parts of it, and many things about the hardware and software of
the computers that will help you give a basic idea on how to
compromise it. Knowing how to program will help you to build
your own hacking tools and automate most of your work in
hacking. Knowing how to operate a Linux can be a great
advantage to a hacker because most of the hackers today use a
Kali Linux operating system to process their technical hacks.
Knowing how the networks work also gives you a great

61
advantage for you will learn here how the computers connect to
each other. Social engineering will help you to hack humans,
which is the most vulnerable since there is no patch in human
stupidity. Lastly, penetration testing, in here you will learn the
actual hacking and you will never understand this thing without
the knowledge of the last 6 topics I just told you to learn.

I want to congratulate you for taking the first step in learning

ethical hacking. We will give it to you little by little since we
want you to fully understand each topic. We want you to have a
solid foundation in each topic so that you won't have a hard
time understanding the penetration testing later. It is better to
study and understand the things you need to know in ethical
hacking than to act like you understand it even if you don't.

4.4 Re, The 5% of a Hacker

Re means get the reward and all of the hackers have this thing
when they successfully hack something. The rewards can be
recognition that you successfully hack something and make it
more secure. Sometimes it's money that they'll give for
discovering vulnerabilities in their system. This is also important
for a hacker because it is the main reason why they are doing
the hack.

I want to ask you these questions: Why you're reading this

book? Why you want to learn ethical hacking? Your answers
to these questions are the things you want to get as a reward.
That reward is your motivation and that motivation will push us
to move and do something. That something is the reason why
our hacking is successful.

62
4.5 Finally

Going back in my conversation with Mr. K I said, So the Be is

the process of building the foundation of your hacker's
mindset?. He replied, Yes!. Then I added, How about the
steps in hacking which is
1. Choose a valuable target.
2. Study the details about the target.
3. Creation of possible methods using the smartest way and
valuable information you've gathered in the second step.
4. Execution of possible methods from high success rate to
the lowest.
Where I will place those steps in Be-Do-Re hacking?. Mr. K
answered, The steps 1 to 3 must be the job of your Be part
then the Do part is the step 4. The Re in the process is only the
motivation that pushes you to do the whole act.. I love asking
questions so I asked again, Sorry if I have so many questions,
but can I really hack everything by just using these steps you
gave me?. He answered, See for yourself and use it
responsibly.

As you all know, I used it in every hack I made in my life. One of

the examples is what we did in Mapuan Files hacking and in the
Hacker Games 2015 where we became champions. You can use
those steps also in everyday life because hacking is not just
about computers. It is about solving a problem and fixing
things, then have a smarter solution, new ideas, new methods
that can make it better. In my case, as a computer hacker, we
find holes in every system and we fix it using the smartest
solution we have to make their system better.

White Hats (good hackers) make our world a better place. They
push everyone to improve and innovate because if they don't,
they'll be hacked by the Black Hats (bad hackers). That's why

63
we created this book, for you to become an additional in the
white hackers who will make our world a better place. That's
why we started this kind of revolution, to create more White Hat
hackers in the next generation and make a more secure world.

~ Things to Remember

Our mind is the greatest hacking tool we have and all

you have to do is to customize it into a hacker's mindset.
Hacking is never a computer stuff but a mindset.
Be is the process of building your hacker mindset which
is the 80% of a hacker.
Do is the process of execution usually by hacking tools
(15% of a hacker).
Re is all about the reward which is the motivation that
makes you move and do something (5% of a hacker).
Steps in hacking are:
Choose a valuable target
Study the details about the target.
Creation of possible methods.
Execution
White Hat hackers make our world a better place so we
are creating more White Hats through this book.

64
 005
How to Think Like a
Hacker?
___________________________________________________________

When Mr. K told me that he wants me to think like a hacker as a

training I asked him, How will I do that?. He told me I need to
think of these:

Think Out of the Box

You Can Achieve Anything
There is NO 100% Secure in Cyberspace
Hackers Dig Deeper
Be P.R.O.
Choose your Environment
___________________________________________________________

65
5.1 Think Out of the Box

When Mr. K told me to Think out of the box in the back of my

mind I was saying, Oh, I always hear that. I knew it already. .
Until he told me the story of the Allegory of the Cave by Plato,
one of the world's best known and most widely read and
studied philosophers.

The Cave

Imagine a cave, in which there are three prisoners. The

prisoners are tied to some rocks, their arms and legs are
bound and their head is tied so that they cannot look at
anything but the stonewall in front of them.

These prisoners have been here since birth and have

never seen outside of the cave.

Behind the prisoners is a fire, and between them is a

raised walkway.

66
 People outside the cave walk along this walkway
carrying things on their head including; animals, plants,
wood and stone.

The Shadows

So, imagine that you are one of the prisoners. You

cannot look at anything behind or to the side of you
you must look at the wall in front of you.

When people walk along the walkway, you can see

shadows of the objects they are carrying cast on to the
wall.

If you had never seen the real objects ever before, you
would believe that the shadows of objects were real.

The Game

Plato suggests that the prisoners would begin a game

of guessing which shadow would appear next.

If one of the prisoners were to correctly guess, the

others would praise him as clever and say that he is a
master of nature.

67
The Escape

One of the prisoners then escapes from their bindings

and leaves the cave.

He is shocked at the world he discovers outside the

cave and does not believe it can be real.

As he became used to his new surroundings, he realizes

that his former view of reality was wrong.

He begins to understand his new world, and sees that

the Sun is the source of life and goes on an intellectual
journey where he discovers beauty and meaning.

He sees that his former life and the guessing game they
played are useless.

The Return

The prisoner returns to the cave, to inform the other

prisoners of his findings.

They do not believe him and threaten to kill him if he

tries to set them free.

When I heard that story from him, I was amused and there's a
lot of things running in my mind. I asked him, What is the
connection of this story in thinking out of the box?. He replied,
I am not a philosophy teacher, but I want to connect this story
with the phrase, think out of the box in hacking. Here's my own
explanation:

The Cave

68
 The cave represents the people who focus on thinking
what is already there. They are the people who imprison
themselves in the traditional things their ancestors gave
them.

It is applied also in our hackers today, most of them tend

to think that hacking is just a computer stuff because the
world told us that it's just a computer stuff. They were
imprisoned in that thinking so they are limited to do the
hack just around the computer stuffs.

The Shadows

The shadows represent the perceptions or the beliefs of

the imprisoned people. It is limited, what they see is only
the shadow of the reality and not the reality itself.

The Game

The game represents how people believe that one

person can be a master when they have knowledge of
the imprisoned world.

This master does not actually know any truth, and it is

ridiculous to admire someone like this. This kind of
master is the newbies and security professionals who
tend to boast that they are a real hacker by just using
tools and scripts they have in imprisoned world.

The Escape

The escaped prisoner represents the person, who seeks

knowledge outside of the traditional arena.

69
 The Sun represents unconventional truth and knowledge

His intellectual journey represents a hacker's journey in

finding truth and unconventional wisdom continuously.

The Return

The other prisoner's reaction to the escapee returning

represents that people or other hackers are scared of
knowing the truth and do not want to think out of the
traditional way. Life is bigger than the traditions and
standards set by humans and we must go beyond those
things

The same thing applied in hacking, not because that's

the way they teach you to do the hack then that's the
best way to do it. You must come up with a better plan,
and you will just do those things by going outside the
cave and explore new things, by letting go of the
traditions and standards created by the humans of this
world. However, some of the people who explore new
things tend to become lazy and unmotivated. People
tend to become negative and all of the new things they
just started to know or explore became nothing to them.
That's why most of them tend to go back to what they
already know and stop exploring the world outside those
traditions and standards.

Now, you have the power to choose if you will continue

imprisoning yourself or be free and explore new things and
think out of the box.

I was devastated. A new revelation was given in front of me.

70
While I was in deep silence, he added, I'm amazed that you're
still here with me wanting to learn for almost a month. I
replied, What do you mean?. He said, You are the only
student of mine who last this long. All of my past students tend
to walk away and never show up when there is no playing of
hacking tool occurs. Only a few people are like you who is not
scared of the truth and always embracing change. You're very
different from other students I had. They want power, but you?
You want something a normal person cannot see, something
extraordinary.. In the back of my mind I was saying, Does he
know? That I am the mastermind behind the underground
hacker org in the campus? The org that posted illegal
recruitment posters in the whole campus? The org that spread
business cards with puzzles in the campus? The org that
recruited hundreds of students to teach them hacking? If he
knew it then it could be risky.

While I was thinking and worrying, he started talking and said,

I know you are that one. I won't tell anyone.. I was shocked. I
didn't know what to say and my heart was beating fast. I was
questioning myself, Can I really trust him? Well, we've become
really good friends for a month. Is that a basis of trust? Is he
playing with me? I must be careful. I said to him, Yes. I am
that person and I built that organization to share the treasure
you are giving me.. He formed his fingers like a gun and
shouted, Bang!.

My eyes grew wider. In my mind I was saying, Oh no, have I

said something wrong!?. He was laughing hard while looking at
me. I asked him, What's wrong?. He replied, At first, I am not
really sure and convinced that you are the mastermind of that
underground org but when I said, I know you are that one. I
won't tell anyone, you just spilled it out. What I did was a social
engineering tactic that can spill out information. I act that I
know you are that one and if you are that one, there is a huge

71
chance that you'll spill it out unconsciously. He added, Don't
think too much about the things that you see. Think also about
the things you cannot see for it is more valuable to become a
great hacker. As we said earlier, THINK OUT OF THE BOX.

5.2 You Can Achieve Anything

The only person you are destined to become is the person you
decide to be.
-Ralph Waldo Emerson

If you choose to become successful then you will become

successful. If you choose to become nothing, then you'll
become nothing. That's how it works; it's just all in your mind.
The power of your mind is your greatest asset.

A typical teenager usually dreams of graduating with a degree,

then get a job in popular company, get married and retire at
age of 60. All of those things are the traditional ways of living in
this world and that world is their comfort zone. However, I am
different and usually go outside my comfort zone because we
all know that life is bigger than that. As a result, I do things
outside their expectations because the important thing for me
at this moment is to learn, enjoy, and explore the mystery of
this world outside the traditional way.

So at age of 17, I was invited in the Philippine Army to become

a security researcher (but I refused to accept) and got a total of
more than 10 awards in some science and technology
competitions, inside and outside my college.

72
At age of 18, I became a known hacker in the issue of Mapuan
Files hacking. My team became the 2015 Hacker Games
Champion in one of the largest IT Security conference in the
Philippines called What The Hack: IT Security Summit. Last
but not the least, I became the founder of the company that
started the revolution in raising cyber security awareness
around the world called Cryptors, Inc. We do this by organizing
a very affordable seminars and conference in different colleges
and companies, creating interactive learning materials about
cyber security and creating a digital game where users can
hack other users virtually and defend themselves for them to
know what really happens in the real hacker world.

At age of 19 (my age while writing this book) , I became one of

the keynote speakers in some seminars and hacking conference
in the Philippines. I was invited to become the CTO (Chief
Technology Officer) of BitShield Security Consulting, a VAPT
(Vulnerability Assessment and Penetration Testing) company in
the Philippines (but I refused to accept because I am creating
my own VAPT company in the Philippines) . I was invited also in
the United States of America to become the senior security
consultant in iEi Securities, LLC., also a VAPT company (which I
accepted to help me learn in creating my own VAPT company)
and lastly, got an award in NCR DOST Science and Technology
Quiz Bee.

The people expect me to sit inside the classroom and focus in

passing my subject. They want me to listen to my professors
who, sometimes, just read their powerpoints in front or just self-
study last night about the topic they want to discuss (maybe
because it doesn't cover their expertise, they forgot already
that topic or it's a new thing) which I can also do without a
degree (both reading the powerpoints and self studying about a
new thing using the Internet). They want me to focus on

73
getting high grades for me to have a flying honors after
graduation, get a decent job, get married and retire at age of 60
because they think that success is something like that.
However, I went to the unconventional way where I made my
own curriculum and study the things I really love to explore
instead of sitting in the classroom and force to learn a thing I
am not interested in.

In schools, they say that the more exams you fail the more
chance you'll become a failure. In the real world, the more
failure you commit, the smarter you became because every
failure is a great lesson to treasure. That is the greatest teacher
of humans and a great thing to make humans smarter.
However, the schools today doesn't want you to experience
failing, if you fail a lot of subjects then probably you'll be
removed to the system of that school or if you fail an exam
then you will be teased by anyone. So what do you think? Is our
school an effective teacher for us to be ready in real world?
That was the question I am asking that day.

So what I did was I studied the things I need to become a

hacker by myself. I self study Linux, programming, networks,
database, social engineering, and of course, penetration
testing. I apply all of those things in real world because studying
them alone is not yet a 100% knowledge. I used Linux as my
primary operating system, I sold my applications I created, I
organized and play with the computer networks in my own
home network, I create database for my websites, I talked with
some random people in some places and apply social
engineering to them and lastly, hack my internal network and
other weak websites in the internet.

As of now, they always wonder how I learn hacking. I just told

them this, self study . They were shocked because some of
the fresh graduates we have didn't know how to create website

74
they can make money of, make application that can help them
automate their work, organize networks that can help them
connect with other devices but me who is not yet a college
graduate knows it already in detailed. Maybe because most of
our students today didn't apply it and use in real world where
100% knowledge occurs because what they want is just to pass
the subject.

I told you these things to show you that you can achieve things
that seem impossible in the eyes of the people in the traditional
world. By the use of self study, you can be anyone you want to
be and you can achieve anything you want to achieve. The
greatest thing about this era is we have now the Internet where
you can learn all of the things you want to learn and all you
have to do now is to just type what you want to learn. So all in
all, if I am capable of doing that then you are capable of doing
that too, and it can be much better than mine.

However, I am not Harry Potter to magic and make you a fully

developed ethical hacker in just a second. It takes time and
effort to fully achieve the things you want to achieve.
Fortunately, by reading this book, you just started to make an
effort to know how to think like a hacker and by applying these
things, you just gained 80% of an ethical hacker. Unfortunately,
majority of the people will give up in the beginning because
beginnings are all about hard work and many people are too
lazy for that.

I will tell you my beginning story. I was 13 years old when I

started exploring the world of hacking. That time I just wanted
to become a spy just like Ethan Hunt of Mission Impossible
(played by Tom Cruise). I was fascinated by what a spy can do
such as lip reading, fighting using hand to hand combat,
shadowing people, disguising and ciphering. I was thrilled by

75
what they do because it seems extraordinary and it has the
ability to save people.

I studied all of those abilities by attending some martial arts

training, reading books about spies, and researching things
about those abilities. That time, my classmates find me weird
and out of this world because I think differently, always
different from them. However, I just prefer myself as unique
and extraordinary for I don't want to be like the most of them
wasting their time on Facebook, spending their whole time in
studying academics, and playing online games forever because
LIFE is much bigger than that. I do it sometimes but I prefer to
explore things I love to do such as exploring extraordinary
things in this world.

I know you will hate me for this, but I got a lot of girlfriends way
back during my high school days (30+ girls from different
schools and cities and most of them are muses of their school
or class). I applied to them one of the skills of a spy called
Social Engineering. This is a skill where you hack humans.
You are gaining control over their mind. I studied it very well in
books and the Internet then applied it in real life in hacking the
girls to like me and become their boyfriend even though I am
not so handsome.

Many of my classmates asked me how I did that and I said I

read a lot of books and then they will start to walk out slowly.
That's the usual reaction of many people today about reading
books. They are afraid of it because they think that it is too
boring. They didn't know that if you know where you will use it
in real life and if you love it, then you will be excited to read it.
Reading, watching, exploring and applying all of those things
are the hard work I am talking about. They didn't want to realize
it for they say that It is too boring.

76
Well, it's like planting a tree. At first, you have to water it day by
day and take care of it very carefully. However, once it starts to
grow bigger, you will just get the fruits of the tree whenever you
need it. It will also give you shade from the sunlight. It will be a
great benefit to you unconsciously.

That's the same in achieving things. First, you have to accept

that you can achieve that thing even if that's impossible for the
ordinary. Then, do the hard work smartly by reading books and
articles on the Internet that is worth it and many more. Lastly,
apply it in real life because there are so many people on this
planet that dream and plan too much but dont put it into action
to make it possible.

So where can we use this in ethical hacking? If you will hack

something big and very secure, thinking that you can hack it
can be very helpful. You just need to do the hard work such as
studying about the target and so on. Then after that, apply it
and execute the methods you created. This is very helpful
because people who think first that they cannot do it already
lose in the battle because they helped themselves to not
achieve it.

For Mr. K, I already passed this test to him when he's training
me. It is because when we first met and he asked me a
question if I can hack Facebook accounts I said yes because
there is no 100% secure in cyberspace. In just one question, he
already knew that most of the trait he is finding in a hacker is in
me. The next trait I just acquired in that question is the phrase I
told him when I first met him, There is NO 100% Secure in
Cyberspace which is the next topic.

77
5.3 There is NO 100% Secure in
Cyberspace

Sadly, humans are not perfect. They always have a flaw.

Humans created the cyberspace. Therefore, cyberspace can
always have a flaw.

So why learn cyber security if anything can be hacked? Kiddo,

cyberspace is just like the meatspace (the human world). We
have numerous police and soldiers in our country but the crime
rate is still high. Every day, there are so many people being
killed, robbed, raped, and many more. Our police and soldiers
have to defend our country and its people from the criminals
and any kind of threat, but they don't destroy criminality and
turn it into 0%. The truth is they just decrease the rate as much
as they can. Why? Because the human flaw is for life, that's the
human nature and no one can stop it.

Accept the fact that there is always a flaw in everything in this

world starting from humans to the things they created, such as
the cyberspace. No matter how secure your systems are, no
matter how much you spend in your security, there will always
be a flaw and that is a fact. So why secure? Well, just like in the
human world, we want to decrease the casualty in cyberspace
because a flaw will always be there and again, no one can fully
stop it.

In ethical hacking, this is an advantage. It just means that even

if they spend billions of dollars in their security, still, they can
be hacked. You just have to be patient and more creative in
finding a vulnerability. This lesson will teach us that anything
is hackable. It just depends on how fast you will find the hole in
their system.

78
Want an example of how easy it is to hack a billion dollar
company who spend millions of money in security? When I am
doing a legal hacking (means there is permission) in some
companies that I know, I sometimes just research and use
telephone in hacking it. I will call some IT guy and act like the
owner of the company shouting that there is some kind of
problem in my company account. I'll threaten him that I will fire
him if he didn't fix it very fast and give me some new username
and password. Well, because of his fear that he will lose a job,
he will give me a new username and password and also the link
where I can access the account externally. Then, using the
company account of the owner of that company, I will contact
the technical team to give me access to their servers and of
course, because it's an order from the highest position, they
won't bother to give it to you. Then I will just hack that
company with some small research and that's how easy it is.
They spend millions of money for their technical security, but
didn't spend a dime in training their employees in some kind of
social engineering skim that can happen to them.

Well, I am not the only hacker who does that skim. Kevin
Mitnick did it also in major companies in America. And by
showing you that, you can now see how important ethical
hackers in the new world we just created, the cyberspace.
Imagine if I am a Black Hat hacker when I did that in that billion
dollar company, terrible right? That's why I want you to be with
me in the revolution of creating more White Hats.

In conclusion, anything can be hacked, that's why we must be

updated on the latest threats in cyberspace for us to be aware.
Being aware can help us to defend ourselves from these things.
Even if you are the most secure system in the world or the
greatest hacker in the world, you can be hacked. The only thing
we can do is to lower the chance of us being hacked.

79
5.4 Hackers Dig Deeper

When there is someone who will ask me to hack someone's

Facebook account or any other account I always shot them with
a machine gun and throw their dead bodies in the river. Well,
that's all in my mind, I am joking. I am pissed off when there's a
ton of messages in my Facebook and email wanting me to hack
someone's account. It's just like giving them a buck of money in
just a matter of seconds for doing nothing.

The only advantage of hackers why they can hack is they dig
deeper. What I mean is they study about their target thoroughly.
They study how it works and every detail of the target because
they believe that every information you will gather about the
target can be used against them. And when I say dig deeper, it
means research deeper than anyone can.

My ex-girlfriend, Michelle, is one of the best examples that you

don't have to be a full time hacker just to hack Facebook
accounts. She is not a full time hacker who studies like you on
how to become a hacker. She just studied the platform of
Facebook and analyzed how it works. Then she lists all of the
possible methods and executes it in each victim and hopefully, I
am not one of her victims.

Wondering what methods she uses? Simple trick here is the

method number 1:

1.) She clicks the Forgot Password in Facebook website

2.) She inserts the username of her target (email and number
can be an alternative).

3.) After the target's profile show up, she clicks the button

80
called No longer have access to these?

4.) After that, a page that's asking for a new email will show up
and shell just put a new email there that is not connected to
other Facebook accounts. (If this doesn't work for you then
proceed to the method number 2)

5.) If successful in step #4, she will end up with a security

question. To gain the answer in this security question, can have
a casual chit-chat with the victim about something connected to
that topic so that they will not become suspicious. (Some of the
accounts today have different security, such as the trusted
account security)

6.) If successful in step #5, as usual, she can now change the
password and go to the victim's Facebook and remove the email
in the settings so that the victim cannot retrieve their account
using their email.

This method above can be changed due to quick change and

updates on their website. The meat of this topic is just for you
to learn that anyone can hack by just digging deeper in the
platform you want to hack. There are a lot of systems there that
wouldnt require too much technicalities for you to understand
how it works.

The method number 2 that can she use is giving a fake

Government ID to Facebook by editing information such as
name, birthday and picture to gain a reset password. If you
will dig deeper in the platform, you will see a lot of methods to
bypass their security. All of it is not magic, it was gained by
allotting time and effort to dig DEEPER into the system. The
deeper you are, the more methods you will gain. That's how it
works in hacking, no magic required, no tools required, just YOU
digging deeper.

81
These days, they say that the youth is more knowledgeable in
technology such as using social media accounts and shopping
online. That's why our grandmothers and grandfathers, who
don't experience technology too much in their age tend to call
us for help in using their online accounts or anything about the
technology. They see the youth as a technology persons who
are more techie. That's because the youth today tend to
spend a lot of time in cyberspace, whether in social networks or
online games.

What I am saying to you is for you to be advantageous too. You

must spend a lot of time into your target's system. If you will
hack a Facebook account, then spend a lot of time on Facebook,
if it's on Twitter then be in Twitter. It's just like your crush; you
won't know him/her well if you don't spend a lot of time with
him/her. Not just to spend a lot of time, but to explore as much
as possible.

Normal people just dive into the things they can see. The
hacker dives into the places where only few can see. That's the
greatest advantage of hackers and anyone can do it. Just be
dedicated and diligent in finding things that can help you in the
long run.

5.5 Be PRO
(Patient, Resourceful, Observant)

Patient

When I am demonstrating a hack in some hacking conferences

some of the newbies are disappointed. It is because they are
expecting that they will see me typing fast, with a lot of black

82
terminal and green fonts all over my screen and in just seconds
the system will be hacked with a note of Access Granted in
the screen. Well, not in this world my friend. Maybe they have
to stop watching Hollywood hacking movies where in just a
second by just doing some typing in the keyboard they can
hack CIA and FBI. I recommend you to watch Mr. Robot by Sam
Esmail rather than the other hacking movies out there because
this show is close to reality and will teach you the word
patience.

Patience is very important in the world of hacking. The more

secure your target is, the more time it will take to hack it.
Sometimes, it will take months or years just to hack one secure
system. Just don't give up and tell yourself always that There is
NO 100% Secure in Cyberspace.

Resourceful

Hackers must know how to utilize what they have. That's why I
am teaching you in this book not to depend too much on
hacking tools. You, yourself, is a great tool and whether you are
imprisoned in a place without computers, you can still hack
your way out or the other systems in there. In this book, we are
making you a living hacking tool that can hack anything
under the sun.

Developing your skills can help you become a resourceful

hacker for you can use those skills in hacking such as the skills
in programming, operating systems, networks, and social
engineering. The most important skill you must develop is the
hacker's mindset. If you have a hacker's mindset then you will
be extraordinary. You will start to see things in a different way
and hack anything without depending too much in tools.

83
In every hacking, there would be different kinds of situation and
you must evaluate what kind of situation you are in. For
some hackers, they tend to panic when the time starts ticking
when hacking some system for a limited time. Pressure can be
a good motivator, but if it's clouding your mind to think of a
solution, then just relax and you can now think of a solution.
Always remember that finding a solution is better than worrying
about the situation.

After knowing what kind of situation you are in, assess what is
available to you. Remember that being resourceful is all about
finding clever and creative use of your current resources. Ask
yourself, Do you have access into something that might
help in the situation?. Always remember that resources
aren't all about hacking tools; consider skills, people, and your
hacker mindset.

After you assess the resources you will use, it's time to use
those things in unconventional ways that can go against
conventional wisdom or societal norms. Traditions and rules
exist for a reason, but sometimes it holds back the progress in
our way. Don't just go along with how things have always been
done.

Improvise strategy in using those resources you already have.

Don't be afraid to try new things because you can come up with
a better solution. Always use your current situation to your
advantage so that you can have a tremendous progress.
Whether the situation is bad or good, always look at the bright
side because who knows, that bad can possibly be your
resources too.

Lastly, don't be afraid if the use of your resources came to a

mistake because again, it is the nature of humans. Just learn
from your mistakes so that it won't happen again. Work on it

84
in multiple angles and see what went wrong and go from there.
This is very useful in developing possible methods in hacking.

Observant

If you know the enemy and know yourself, you need not fear
the result of a hundred battles. If you know yourself but not the
enemy, for every victory gained you will also suffer a defeat. If
you know neither the enemy nor yourself, you will succumb in
every battle.
-Sun Tzu, The Art of War

Adjust your mindset from a normal way of thinking to a

hacker's perspective. If you are an observant then you must be
aware of what your body is telling you. This can't always be
described in a logical manner but just listening to your gut.
Many people are not observant because they are ignoring
things that they can't clearly explain, see or prove.

Always ask questions in your head or should I say question

the situation you are in. Do this while having complete attention
to the current situation so that you can assess what is really
going on in your environment. By doing this, you can come up
with a greater plan and strategy. At first, it's a bit challenging
but keep practicing doing this and you'll feel that youre in
control of the environment you are in.

Take the time to really listen. For example you are having
some talk with the target. Be a good listener. Pay attention to
the person's words, emotions, body language, and gestures to
get the full picture of what is really going on. Don't interrupt the
person who are talking, just nod when it's necessary, make
comments when the conversation ask for it, however, don't say

85
Yes! That's so true every 5 to 10 seconds because the person
will get distracted and the information he is giving you will be
interrupted.

You can also use the person's appearance in knowing what is

really going on. For example, your friend got a low score in an
exam and he told you that he is okay but his eyes are red and
puffy. In that case, he is saying to you what he wants you to see
but by observing his appearance you will know what is really
going on.

You must use your senses. Use your sense of sight to observe
and scan your surroundings and people's behavior wherever
you are. Use your sense of hearing to pay attention to all the
different voices. You should be able to distinguish voices from a
lot of noise. Use your sense of touch to know the mood of
people. For example, if someone shakes hands with you and
you find the person's hands sweaty, then the person may be
nervous. Use your sense of smell to detect any smell that is out
of the ordinary, like a sudden change in aroma of the area.

Notice what is not being said. What a person tells you is just
as important as what he or she doesnt say, so pay attention for
whats absent as well as whats present. For example, if your
friend is always gushing about how amazing his girlfriend is,
and suddenly, she doesnt come up at all in the course of a long
conversation, then maybe something is up. If your father has
been really excited about a big promotion at work, and then he
comes home and only wants to talk about your schoolwork,
then maybe things didnt work out. People often dont want to
mention the disappointments in their lives or the things that
they want to keep private. Be observant to see whats missing
in a conversation.

Pay attention to the body language. Body language can be

86
another strong indicator of what a person is really thinking and
feeling. If a person is standing up straight, looking straight
ahead or like hes ready for the next big thing, then chances
are, hes in a good mood and ready for success. If someone is
slouching, hunched over, fidgeting with his hands or looking at
the floor, then maybe things didnt go so well for that person
today. However, if thats how the person always looks, then the
body language may not mean as much but if you notice
something out of the ordinary, then it may indicate a change in
mood or emotion.

Notice your surroundings. Don't just pay attention to people.

Notice how many cars are in the parking lot along with yours.
Notice what kind of birds are flying around the beach that day.
See which fruits are being sold in the grocery stores, and notice
whether the prices have gone up or down since the last time.
Keep your eyes and ears open at all times, and look for
anything out of the ordinary, even if you're just walking down
the street.

Well, all of those things were taught to me by Mr. K. There will

be times that we will go outside the campus and he will call a
friend to be with us. After that, he will introduce me and let me
talk to his friends. We hang out in eating places and fortunately,
I won't spend any money for that because Mr. K will pay for me.

The first friend of him that we met around the Intramuros walls
was very boastful. He is the most boastful guy I've ever met. He
just talks about only himself and his unbelievable
achievements. He wants our topic to be just about him and if
you turn the topic to a different thing he will turn it back to him

87
no matter what topic you set. His voice is very annoying and
the odor of his breath is very disgusting.

I was pissed off when that guy started to belittle me and say
things that I don't like. I walked out that time for I am about to
lose my temper/for my temper is rising but Mr. K stopped me
and whispered, Its a part of your training. Becoming a PRO,
patient, resourceful and observant.. In my mind I was saying,
What the heck? What kind of training is this!? . Maybe my
temper was too high that time that's why I can't see the
significance of the training we are doing in that moment.

We met Mr. Ks other friends and I made sure to myself that I

will be more patient. While talking with his friends, I observed
very well so that I will know how I will turn the conversation.
Lastly, to make our conversation more lively, I use the trait of
becoming resourceful by using my experiences, skills and
interests. By being a P.R.O., I can now gain control of any
situation I'm in.

Where can we apply these things in hacking? By using these,

you can able to find more vulnerabilities in the system by being
patient. Being observant will help you to see the vulnerability
that a normal person cannot easily see. And by being
resourceful, you can create the smartest unconventional
method to hack the target. Well, if you have these then you are
truly thinking like a hacker.

To be honest, that time when I am in that situation, I don't really

know how will I apply it in hacking. I enjoyed our interactive
training and I didnt felt like I'm in the middle of a training. I
thought that after all those hacker mindset things we will
proceed into technical and hands-on hacking. However, I was
wrong. Something happened that I didn't expect and really

88
shocked my whole life.

5.6 Choose Your Environment

Always surround yourself with people who bring out the best in
you, not the people who bring out the stress in you.

I had a chance to talk to sir Meric Mara, the man behind the
first Linux distribution in the Philippines called KahelOS and the
CEO and CTO of the 8layer Technologies. He is one of the
mentors I encounter while making this book. He always tells me
the things that I should do so I will be on the right path. What I
am saying right now is you must surround yourself with the
people who will inspire you, teach you and support you to grow
as an individual.

Aside from him, I talked and surrounded myself with other

people in the cyber security industry that can help me to grow
as an ethical hacker. You as an individual must choose your
mentors wisely. So how we can make sure that they are the
right mentor? It is simple, you can see the proof of their
greatness through their works and actions that is visible and
tangible so focus on those things.

We must connect to a group of people that inspire us not

destroy us. There will be people that will try to destroy you
because of jealousy or insecurity and the greatest thing to do
with them is to just ignore. It comes from the saying,
Weak people revenge. Strong people forgive. Intelligent
people ignore.. However, there will be times that someone
will tell you your mistakes, not because they want to destroy
you but they want you to learn from that mistake so be careful
in distinguishing the people who wants to make you better and

89
the people who just want to destroy you.

When I went to college, the people I find first are the people
who are actually interested in hacking. That's why I met Mr. K
and the rest of the members of our underground hacking
organization. If I surrounded myself with gay people that time,
then what do you think will happen? Of course, there is a huge
possibility that I will became a gay too in words, acts or thinking
and this book will not exist. Fortunately, I chose the path of a
hacker and create my best move to make a difference in this
world..

~ Things to Remember

Hackers always think out of the box, which means

unconventional or out of the traditional.
Hackers can achieve anything because it's all in our
mind.
Hackers can hack anything. It is because like humans,
every system has its flaws.
Hackers are patient and do not give up easily.
Hackers must be resourceful and know how to utilize the
things they already have.
Hackers are observant so they can find an easy way to
hack things around them.
Hackers choose their environment carefully for this is a
huge factor on what they'll become in the future.

90
 006
Mr. K's Steps in Hacking

___________________________________________________________

STEP #1: Choose a valuable target.

STEP #2: Study the details about the target.
STEP #3: Create possible methods the smartest way using the
valuable information you've gathered in the second step.
STEP #4: Execute those possible methods starting from the one
with the highest success rate to the lowest.
___________________________________________________________

91
6.1 Let's Do the Hack!

Mr. K was so eager to teach me the real hack so this time we

proceeded with hacking a real system. The only thing I was
allowed to use is the things he taught. I was so confused that
day that I said, How will I hack a system using what he taught?
He just taught me the hacker's mindset!. Maybe you are
confused too, arent you? Well, you are not alone. He just called
me on the phone that day that I have to hack the database of
his startup company in three days.

Here is another thrill: he won't be teaching me anymore if I fail

to do the hack. He said that I have to be successful in this hack
because this is the easiest test he will give me. Then after
saying that, he put down the phone without letting me talk.
That was so frustrating and I didnt know if he was serious or
joking.

Now, what will you do if you are in my situation? I am not

allowed to use any hacking tool or programs. I am only allowed
to use the things he taught. And for you to understand, the only
thing he taught me for one month is chapters 3 to 5 of this
book. Now I know most of you are smarter than me so I will ask
you now: What will you do to hack their database using just
a hacker's mindset?

Maybe some of you will just hire someone who can do the hack
so that Mr. K will proceed on teaching you the technicalities and
hands-on hacking. Maybe some of you will just use hacking
tools and scripts that can help you in hacking the database.
Maybe some of you will be angry, tell Mr. K that it is impossible
and mark him as fake hacker. Well, all of those things crossed
my mind. However, I don't want to be controlled by my
emotions so I started to think while biking around the

92
Intramuros by 5:00am in the morning.

For you who don't know what Intramuros is, its a wonderful
place located in Manila, Philippines that is also called Walled
City because it is surrounded by huge walls used in past wars.
My college and dormitory was located inside Intramuros but my
permanent address that time was too far from this place. I lived
there alone, away from my parents just for me to feel
comfortable in my studies. The surroundings there at 5:00am in
the morning is very peaceful. I biked around the Intramuros
every morning like I am the king of the road because only a few
vehicles are entering that place by 5:00am to 6:00am.

Whenever I ride my bike, I feel like the air is embracing me

tightly. It was peaceful. It makes me feel that I can think of
anything clearly and solve any problems I have. My realization
in this moment is very clear. I never expected that I'll realize
something very important that will solve my problem.

I realized the phrase You Can Achieve Anything from his

teachings back then. I was wrong of thinking about this
situation as impossible. I don't know how can I hack it for now,
but I will make a way to hack it. Most hackers will think it is very
hard and impossible to do it in three days, that's why most of
them failed already by giving up. I only have more or less 66
hours since that realization because it's 6am already and that is
the first day of the challenge.

6.2 STEP 1: Choosing a Valuable Target

Now I have to choose a valuable target. The first thing I did is to

search in the Google about their company. I have to Dig
Deeper like what he is always teaching me to gain an

93
advantage. I have to know what or who can be a valuable target
that will give me an access to the database. I need to find a
target that once I exploit will give me an access to the
database.

The first valuable target that came into my mind was the
employees of the company. Their emails were posted on their
website and their full name. Therefore, I can search them in
Facebook or LinkedIn to dig more about their personal life, what
they like and what they don't. Then, eventually, I will find a
vulnerability in their emotions that will let me access their
database.

The second target is Mr. K. Once I gain control of his phone, I

can text their employees to just listen to what I want like a boss
because he is the owner of that startup. Well, there are so
many ways to exploit Mr. K just to access their database so I
picked him as one of my valuable targets. Once I exploit him,
exploiting the employees can be much easier.

Third target is their website. I am sure that it is connected to

their database. If I play with it in a matter of long hours, then
maybe I can find something. The problem here is that I am not
allowed to use any tools, scripts or any kind of hacking tools,
just my hacker's mindset. Well, cross fingers I hope I can exploit
it.

All in all, my targets are three, the employees, the owner (Mr. K)
and the website. The valuable targets can be changed in the
middle of the hacking phase since we can discover a much
more valuable target. However, as of the moment, I only see
these three valuable targets as my top priority to study for me
to discover useful information that can help in exploiting the
database.

94
The first step was done in just a minute and I have to proceed
this time with the study about the targets. I will do that step
after my class in the afternoon. Well, I am still a college student
this time, so I have to go study and act like a normal student.

6.3 STEP 2: Study the Details About the

Target

It's 3:00pm in the afternoon and my class was done. I have to

go back really fast to my dorm room to start the Step 2 which is
studying the details about the targets. This step is the most
time consuming of all the steps we have because this is the
most important, without these you cannot be successful in Step
3 and Step 4. This time, I have approximately 57 hours to finish
the challenge.

Do you know what I thinking about this time? I'm walking back
to my dorm while talking to myself in my mind like this: Am I a
moron to do the challenge? Is it really possible? What if I cant
find anything in this step? What if I fail? Hacking without
technical things is very ridiculous! Maybe he is a fake! No! I
need to do this and prove to him that I can hack it! Well, it's so
easy! very very easy. Wait, am I lying to myself? No!, It's true!
It's EASY, EASY, EASY! After all, he said to me that this is the
easiest test he'll give. Oh, I'm getting crazy. My mind is
exploding. I need to calm. I need to be at peace.. Are you
getting crazy too by reading what I'm thinking that time? Well,
get used to it because I'm kind of person who analyze things by
talking, arguing, and asking myself.

Well, talking to yourself can be an advantage to you to become

more of an OBSERVANT. You can think of the consequences

95
very clear. In that case, you can able to make decisions for the
improvement of the situation. You can be on the right path by
talking to yourself so don't be afraid in doing that thing, it
doesn't make you crazy, it makes you a well decisive man.

My decision is to call my partners in crime, Stacey. When I was

a kid, she used to be my partner in solving mysteries in our
schools, investigating simple crimes in our area and doing
adventurous things that a kid may do. It makes me at peace
and happy when I am talking to her. Fortunately, her college is
just inside the Intramuros too, so I can talk to her personally
about what's happening to me. She was my first and one and
only partner in crime who is very smart that just by knowing
things around, she can formulate the best strategy to solve the
problem. She's not only smart, but also beautiful, and that's
how bad-ass she is.

We met above the walls of Intramuros. It's a windy day and

talking to her about the past and what's going on to me is very
relieving. While enjoying the afternoon with her, she realized
and told me to just formulate things like how I usually do back
when we were in high school. I use fear, rewards, reciprocation,
revenge, likability and every matter that can influence people
to do something I want without them knowing that I am the one
above who controls them. However, most of you are thinking
that these kinds of ability are evil, but believe it or not, we use
this thing for the betterment of our surroundings.

Psychologists use this technique to medicate their patient.

Lawyers use this technique to persuade the people that what
they are saying is the truth. The government use this technique
sometimes by injecting fear to the people just for them to obey
to the laws and have a peace and order. The same story goes
for me; I use that ability of mine to help people around me.

96
Stacey describes me as a chess player. The board is the world,
my chess pieces are the humans and the enemy player and his
chess pieces are the odds that can come against my ability to
control the game. However, because of my proper creation of
strategy, I can control the game. Knowing more about the
details of the odds that is stopping me can increase the chance
of me being in control. And you all know that hacking is a game
of who is in control.

So there it is. I can formulate a better strategy if I can know

more about the odds that stopping me. In my case this time,
the one that stopping me is myself. I keep on doubting myself
whether I can do this or not. Sometimes the greatest enemy
you have to encounter is yourself. If you encounter all of your
negativity and change it into a positive one, then you can be in
control.

I told her about the teachings of Mr. K about the You Can
Achieve Anything principle. I told her that if you want to be
something in this world then you can be that one. If you don't
want to be that something, then you won't become that one. It
is all in your mind and if you keep telling your mind that you
can achieve that impossible thing then probably you can have
it. Then she said You already have answers to your problem,
and she added The answer is within you, but your negative self
is stopping you from finding it..

After a long talk with her, I managed to be back to my true self

again. I managed to bring back the Alexis that makes the
impossible thing a possible one. I managed to get rid of my
negativity. Then, I went to my room and fix the things on the
table to begin the most time consuming step in hacking which is
gathering information or in layman's term, studying the details

97
about the targets.

The first target to dig in is the workers of that startup company.

All of their names are on their website so I search them one by
one in www.pipl.com which is the most comprehensive people
search engine on the web. It will give you all of the data they
put in the Internet, like videos in Youtube, pictures in different
websites or even their personal social media account links.

Some of you will think that I am cheating because I am using a

tool. Well, it's not a hacking tool because it is primarily made
and used by businesses to research about their candidate
employees for this tool can show if they have a criminal record
or any other interesting information. So in my mind I was
saying, My conscience is clear! I am not cheating.

I started to insert the names of the employees. I got interested

with a guy named Carlos, 38 years old, which is the technology
head of the startup. He has a multiple Facebook accounts.
When I checked the photos of the first account, I saw a picture
of him with a girl named Christine kissing him in his cheeks in a
night club. Christine was also with him in out of town tours like
Boracay Island and so on, maybe it's his wife. However, in the
second account, there is another photo I saw of him posted by a
woman named Mary. In that photo, Mary is kissing him lips to
lips in a wedding ceremony and that photo is in the same
month and year from the photo in his first account. Obviously,
these are two different girls so I was thinking that there is
something fishy going on.

I created a new Facebook account with a beautiful woman in

the profile picture. I added several accounts to make this
account credible. In just a minute there are so many guys who
want to add my account so I accepted them to add them in my
friend list in this account. Then I sent a friend request to Carlos

98
Facebook account.

I was surprised when after just a minute, Carlos accepted my

friend request. Then, that's not the end of the story. He
messaged me in my female Facebook account asking me if I
have a boyfriend. Then I told him using the female account that
I don't have one yet. I was shocked in his reply, he said, I can
be your boyfriend.

This is the power of impersonating someone using a Facebook

account. Carlos was so pumped up to be my boyfriend, but he
doesn't know that the one who's controlling the female
Facebook account he's chatting with is a BOY (me). Maybe,
Christine is not the only girl he's been with while being married
to Mary. So I have to check for myself what what the truth is.

I went to Carlos Facebook account (his account that he is using

in connecting to Christine) using my female Facebook account.
Since he is my Facebook friend now, I can see a lot of deeper
things in his wall. I saw a lot of wild pictures of him with
Christine and a love status that they will love each other forever
and so on. That's very ridiculous since he is married.

In my mind, I was thinking that Carlos is married to Mary but

going out wild with Christine. So because I was curious, I input
the full name of Mary and I saw a lot of terrible things. Mary
thinks she is happily married to an honest man. She posted a
lot of pictures with her husband, Carlos, of their beautiful and
lovely moments especially their wedding. The photo I've seen in
Carlos' second Facebook profile from Mary's post is a throwback
picture of their wedding because it's their wedding anniversary.
However, in the other account of Carlos, he is posting a lot of
wild pictures with Christine.

What I am thinking about this happening was confirmed. Carlos

99
has a deep relationship with Christine while being married to
Mary. And lets add the fact that Christine is not the only other
woman of Carlos because he's also hitting on my female
Facebook account (wanting to be the boyfriend of my female
Facebook account) which is so ridiculous. Maybe Carlos'
account for Christine blocked Mary's account to become
invisible to Mary, ridiculous isn't it? That's why I didn't mention
the real name of Mr. K in this book because you'll find out who
is Carlos and as you can see, I don't want to degrade and
humiliate people.

I imagined if Mary was Stacey, who married a playboy guy like

Carlos then probably will end up being hurt so much. I treated
Stacey as my sister and I don't want this kind of cheating
happen to her. This time, as a mature man, I am starting to
realize that what I did in high school (having so many girlfriends
at the same time) is somewhat similar to what Carlos did to
Mary and I feel very bad about myself. Maybe, that's my
vulnerability that time, but this time when I wrote this book, I
already fixed that vulnerability of mine.

However, I don't have time to waste so I have to set aside my

emotion this time and become rational to finish this step
already. I tried to research and dig more about the other
employees of the company and I come up with ordinary things
like they like Harry Potter movies, they are addicted to some
television drama, and other ordinary vulnerability in emotion.
Always remember that the things you posted in internet
whether you like or dislike it can be used against you and it can
be your greatest vulnerability. Those things you posted can be
used to exploit you and gain control over you so better not to
post too much in your social media because it is not your
responsibility to post, you are just giving the hackers a way to
find more how to hack you.

100
Now I have to proceed to the next target which is Mr. K. Since
I've been with him frequently then definitely I can find
something that can allow me to exploit him. After all, from his
teachings he is always telling me that, There is NO 100%
Secure in Cyberspace and Meatspace so probably I can find
something. I know some of the characteristics of Mr. K, his class
schedule, his family, his other jobs, other friends and many
more so I am thinking what I have to know about him more.

Mr. K is a very charismatic person that once he starts to talk,

everyone will start to listen. He is also very knowledgeable in
technology, especially in security. He is slightly arrogant and
over-confident, but he is friendly and kind to everyone,
especially to beautiful girls. He is pertaining himself to be in
some kind of a hacker group, but he didn't say too much detail.
He is also teaching hands-on hacking to his class when there's
extra time and when there is a chance to relate his topic into
hacking for he believes that everyone must know how to hack
and secure themselves just like everyone must know how to
punch, kick and defend themselves from the bad people.

He also believes that the greatest advantage of the hacker is

SELF-STUDY. They do not depend on what the teacher is
teaching. Especially in hacking, there are only few colleges that
teach ethical hacking in the world because our traditional
system still does not accept it. That's why all of the hackers in
this generation must study on their own. Fortunately, we have
the internet where we can find all of the things we have to
learn in ethical hacking. Mr. K said that he is a product of self-
study and that's what makes him one of the greatest security
professional in the industry.

Enough about Mr. K I have to move on to the website. Their

website tells everything about what company they are and
what they offer. The good thing here is there are names of the

101
employees here and the email where I can contact them.
However, the only name and email I picked was Carlos' since he
is my point of interest in this situation.

It's already 7:30pm and I have to take my dinner before 10pm

came because 10pm is the curfew of our dormitory. I got out of
my room and went to the nearest eatery I know. The night was
cold and windy and it was very peaceful. I ate so much for this
night because it is a big night for me since I will have to finish
Step 3 which is the creation of strategy and will have to do Step
4 tomorrow which is the execution.

6.4 STEP 3: Creation of Possible Methods

It's 8:30pm now and the only time left for me is 51 hours and
30 minutes. I am now in my room to create possible methods to
hack the database of their company. On my table, I ready have
two big bottles of water. It is because when you are thinking too
much and you feel like drowned with information in your head
drinking water can help you refresh your mind. Well, I am not
taking up medicine but I just feel comfortable doing that for it
boost my productivity.

The first thing that comes in my mind is the power of a letter

with a signature. When someone receives a letter from a sender
with a signature, they always believe that the person who
signed that letter is the real one who created the letter. My
question is, what if the sender they know is not the one who
really created that letter? What if someone just copied the
signature of the sender so that you will believe that the letter
was created by that sender? This makes sense to me; all I have
to do now is to have a copy of Mr. K's signature to have that
kind of power to become that person. However, I know it's

102
wrong because we have laws about signatures so if you are a
law enforcement who's reading this, go read the next chapter
and you'll know why you can't put me in jail.

Here is my first method:

I will make an excuse letter and the name there will be
blank.
I will talk to one of my friends in his class to act like they
will be absent in the next class and give the excuse letter
as his excuse letter.
Of course, Mr. K will sign the excuse letter.
After that, I will scan the excuse letter and crop his
signature.
I will make a letter to the programmer of Mr. K's
company that Mr. K is giving me permission to customize
their website into a more secure one.
To make my letter credible, I will put his name there and
of course, signature.
In the letter, the programmer will have to give me the
credentials for me to access their database and my job is
finished.

One of the vulnerabilities of Mr. K is he like beautiful girls so

much. He spends time talking to hot girls in our campus or even
eat with them if there's time. If I can use a girl in the second
method then probably he'll be in my control. What I have to
think right now is how I will use that vulnerability to my
advantage.

Here is my second method if the first method fails:

Go talk to my girl friend in his class to borrow Mr. K's
phone to act that she just want to text her dad to pick
her up after the class because she is not very well and
doesn't have a load.

103
 I will give to that friend the number of the programmer in
Mr. K's company and the message she has to text in Mr.
K's phone containing, Hey, this is Mr. K, give me the
credentials in our database. A.S.A.P. or else you'll be
fired. Send it to (insert my number) and not here. Do not
reply to this message.
After that friend go to Mr. K, borrow his phone, and send
the message, she must delete her text in the sent
messages.
Then, after a few minutes, the credentials will be sent to
my phone and it's game over, I win.

They say that you have to save the best for last. One of the
great vulnerabilities I found in the employee is the story of
Carlos. Since I know his dirty little secret I have the power over
him by using the word FEAR. I can control him by just saying
the magic words and I know you know it. I don't really want to
do this thing because it's too personal that's why I made this
my last option.

Here is the third method if the first and second didn't work out:
Gather all the evidence that will prove that Carlos has a
deep relationship with Christine while being married to
Mary.
Email Carlos that if he didn't give the correct credentials
in their database, then all of the evidence that he is
cheating on his wife will be exposed to: first, to his own
wife and second, to all of the internet users around the
world including his family, co-worker, friends and many
more.
To make sure that he will read the message in his email
I will call him from his phone using a payphone to tell
him this thing, You have 1 hour to check your email
and read my message. If the time is out and you didn't

104
 give what I want, then your dirty secrets with Christine
will be exposed to the whole world, including your wife.
Then I will put down the phone immediately.
Since Carlos is the head of the technology in that
company, I assume he can give me the credentials I
want to be in their database.

It took me almost 3 hours to clean the details of the strategy I

will do for the second day. All of the things I need are ready for
tomorrow. All I have to do now is to rest and hope that all of the
things I plan will go in order. It's almost 12 midnight when I
sleep so definitely I only have 48 hours to finish the game I
started.

6.5 STEP 4: Execution

During the second day, I sit-in (attend the class even though
youre not in the class list) on Mr. K's class. I talked to Ben, who
is sitting in the back, about my plan which is the first method. I
said to him, Put your name here in the letter and act like you
will absent next meeting. Then you will give this excuse letter to
Mr. K. I'll give you 100 pesos if you did this perfectly. Ben is a
big guy and he became my classmate in some minor subjects
like English and Filipino class and he is also my friend, I assume.
Ben started to write his name in the letter.

When Mr. K came in the classroom, he went to Mr. K in front and

give his excuse letter. Well, unexpectedly there was something
wrong. Mr. K told him this, Didn't you forget that your report is
next meeting? Choose, absent next meeting and report now or
you'll just be present next meeting and you'll report next
meeting?. Unfortunately, due to unpreparedness of Ben, he

105
chose to be present next meeting so he can report next
meeting and not this day. So Mr. K didn't sign the excuse letter
and Ben came back to his seat.

I was so disappointed and this is also the reason why you can't
jail me in copying a signature for it is not successfully done but I
attempted. I didn't see it will come that way. I have to move on
very fast so I can proceed to the second method. I have to find
a beautiful girl in the class and it can help if she had already
become my classmate in other subjects. I started to look at
every student in the class.

Then, I found Valerie! She became my classmate in one of my

major subjects. I remembered that I ate breakfast with her in
canteen that time because we are so early for our next class.
So maybe, she will still remember me even if it's 6 months ago.
I started to sit beside her and as usual, like the old Valerie, she
doesn't like to listen to the student who reports like just reading
what is on the PowerPoint presentation. This is my chance to
explain to her my second method.

A good thing about Valerie is she knows that I'm into hacking
and she's very supportive about that. She categorized my
hobby as cool and mysterious. So I told her what is really going
on between Mr. K and me and explained to her how she can
help me in my second method. She was laughing and said, So I
will be your hacking partner? then she quite raise her hands
and form a quotation in her fingers and said, In this hacking
operation?. She is smiling and said this is so cool. She said that
she feels like she's a spy.

For me, Mr. K will be out of control if Valerie approaches her. It is

because Valerie is a beautiful woman that every guy will dream
of; but not me. Why not me? Because Ana (my first love) is
much more beautiful than Valerie inside and out and lets add

106
the fact that Ana is much more intelligent than Valerie, enough
said. So here it is. We have to hack Mr. K immediately.

When the class was finished, Valerie quickly came near to Mr. K
and started to make a cute puppy face. I am just watching them
from the back seat of the class and I can't hear anything from
them for it is too noisy. Mr. K's expression was very surprised
and happy. I can see the two of them enjoying the talk and I'm
impressed that Valerie is so confident in doing the job. That
time, I feel that she really has a future in becoming a spy, I
think.

After that, Mr. K started to look at me. He caught me looking at

them. I can feel that Mr. K is now becoming suspicious, so I just
look at the other side of the class. Then Valerie came to me and
said, The conversation is good. Until the time when I want to
borrow his phone, he asked if it's your command. I told him it
wasnt your command. Then he said that he passed a load to
you, so I must go to you instead to do my favor. In my mind I
was saying, Very clever Mr. K, very clever. I was disappointed
that my second method failed.

Valerie feels so sorry about what happened so I just moved on.

We ate lunch together and part ways after since she has
another class and I don't have yet. I went to SM Manila's
Starbucks and open my laptop there and of course, I used my
own pocket Wi-Fi even if SM Manila has free Wi-Fi for using a
public Wi-Fi is so insecure. I started emailing Carlos.

First, I created a dummy email so that he won't know who I am.

I told him in the email, Give me all of the credentials I need to
access your database. Or else your dirty little secrets with
Christine and your disgusting chats with Nelly (The name of the
female Facebook account I created) will be exposed to your
wife, all of your relatives, friends and all of the internet users.

107
Then I went to payphone and call his phone. I told him, Open
your email. Find my instructions there and no one will know
about your dirty little secrets. You have 1 hour to do that. He
shouted into the phone while I am talking, Who are you!?. I
put down the phone and wait if he will take the bait.

While waiting, I am organizing all of the evidence about Carlos'

secret such as wild pictures of him with Christine, screenshots
of their love statuses and his chat with my female Facebook
account he tried to hit. In case he missed the 1 hour deadline, I
have no choice but to send it all to her wife and make it trend in
different social media. After that, I am still thinking of a fourth
method in case this plan didn't work out. It is because it's 30
minutes since I called him but no response.

Fortunately, after 45 minutes, he emailed me in my dummy

account. He said, I will kill you if you didn't comply with our
deal. I'm honest. I am going to kill you and your family. Well,
he is a coward and it does not sound scary enough. Then I
continued reading it and at the bottom of the letter is the link
where I can access the database and its username and
password. I won.

I immediately changed the password of their database so I am

the only one who can access it. I called Mr. K and said this, I
won. I hacked your database. The old username was 'SuperX08'
and the old password is 'kangaroo_04081122'. I changed the
username into 'iHack' and the password into
'yourDatabase1234567890'. Go, log in using my new
credentials for you to see it. He replied, OK, wait a minute.
Then after a few minutes he shouted, Nice! How did you do
that? I hope you didn't use tools for now because if you did this
by just using your hacker's mindset then probably we can now
proceed to using hacking tools. You know that I want you to
learn the technicalities in hacking, but I want you to have a

108
strong foundation in hacker's mindset first. It is because, again,
you can hack everything by just using your hacker's
mindset and the hacking tools we are using now are just
subordinates.

I told him all of the details from start to bottom from the first
method to the last method I used. He was so amazed and he
said, That's what a Black Hat do. However, you are now
thinking like a true hacker, but you must be careful with your
steps and make sure it is always ETHICAL. Do you know that
we spend thousands for the security of those things you just
hacked? We spend a lot of money and time to make it secure.
We even worked with information security firms to make our
technology more secured. However, you just hacked it by just
using your hacker's mindset so still I'm proud of you, but the
only thing you fail in this test is to make your hack ETHICAL
and that's what we have to work on you.

I started to realize what I've done. I am so lucky to be trained

like this. Most of the hackers in this world depend too much in
hacking tools and technicalities to hack something. However, I
just hacked it with just using my hacker mindset. The
importance of having a hacker's mindset was implanted to my
brain since this thing happened and of course, to make my
steps ETHICAL. This scene is like I successfully dropped a bomb
to the base of the enemy but still there are few civilians in the
area. (The unethical use of signatures and the law about this is
the civilian here, blackmailing Carlos is the civilian here)
Well, don't expect that I can grasp the whole idea of being
ethical in the first test, but expect that I can grasp the whole
idea by applying it in every strategy and test I can have in his
training.

Many hackers or wannabe hackers see the power in hacking

109
tools and technology, but they didn't know that the real power
is already in them: their mind. They just have to customize and
setup their mind to a hacker's mind so that they can use the
real power of hacking. Always remember this: the power of
hacking will not be found in the technology, it will be found
in your mind. So my first phase of training which is building
the hacker's mindset is the most important phase of our
training and without this, I am not a true hacker.

~ Things to Remember

Being resourceful can help you formulate a creative

strategy and reconnaissance.
Knowing the principle of You Can Achieve Anything can
make you an invincible hacker that can do the
impossible things.
When finding vulnerabilities in your target, always put in
your mind that There is NO 100% Secure in
Cyberspace.
You can hack anything much easier with just a hacker's
mindset.
The power of hacking will not be found in the technology,
it will be found in your mind.
In every strategy you'll create, make sure that it is
ethical.

110
 007
Hacking Humans

___________________________________________________________

Companies spend millions of dollars on firewalls, encryption,

and secure access devices and it's money wasted because none
of these measures address the weakest link in the security
chain: the PEOPLE who use, administer, operate and account
for computer systems that contain protected information.
-Kevin Mitnick
___________________________________________________________

111
7.1 Social Engineering

Social engineering is an act that influences a person to take an

action that may or may not be in their best interest. If you
want an administrator to give you a piece of valuable
information such as password and username then you can do it
without him knowing. If you want your boss to become kind to
you and do whatever you say then you can do it without him
knowing. If you want to gain control of everything in your
interest, then you can do it without everyone knowing. That is
the power of social engineering.

I used social engineering when I want to hack the Gmail

account and any other social media accounts connected to the
Gmail of my cousin, Joseph, for fun. Since I know the Facebook
password of my brother, I used it to talk to Joseph and here is
our conversation:

(Again, I am the one who is using my brother's account. We just

didn't give here in the conversation the real credentials such as
email for the safety of my cousin)

Brother: Hello Joseph! I want to send a valuable PDF to you in

your email. May I know what's your email?

Joseph: Hi! Nice! What kind of valuable information is that?

Send it here: enteremailhere@gmail.com

Brother: Wow, nice email. When did you create that email? It
seems it is so old. Mine was just created a year ago. The PDF I
want to give you is an eBook that you are waiting for all of your
life.

112
Joseph: Yeah, it is too old. I created that in summer 3 years
ago. Wait, what's the title of that e-book? I'm kinda interested.

Brother: Just check your email now. Did you see it?

Joseph: Yes! Thank you!

Brother: May I know your other frequent emailed contacts? I

want to share that PDF with them.

Joseph: numberone@gmail.com,
numbertwo@gmail.com, numberthree@gmail.com,
numberfour@gmail.com and numberfive@gmail.com. I am
sure they will like what you've sent to me.

Brother: Of course, they will. Thank you!

Now, I know some of you are wondering, Where is the hacking

there?. I will show you the hack there:

Step 1: Go to www.gmail.com

Step 2: If you are logged in then sign it out. Then click the Add
an account button and then Need Help button.

Step 3: Click the I don't know the password and enter the
email address of your target. Then, click Continue.

Step 4: If it prompts you to enter the last password you

remember then just click the button I don't know.

Step 5: If it prompts you to use your phone to access your

phone just click the button I can't access my phone.

113
Step 6: If it prompts you to get a verification code via a text
message, then just click the button I can't access my phone.

Step 7: If it prompts you to confirm your access through you

recovery email address, then just click Verify your identity
which is in color blue.

Step 8: Gmail will prompt you to enter another email where

they can contact you for the new password. You can enter any
existing email you want that you have access. After that click
Continue.

Step 9: It will prompt you to enter the exact date when was the
last time you open your Gmail account and when did you
created your Gmail account. In my case here, Joseph just said
to me flawlessly that he created his Gmail account 3 years ago
in summer (which means April or May). And by telling him to
open his account that time, I can have the exact date of when
was the last time he opened his Gmail account. After all of
these, just click Continue.

Step 10: It will prompt you to give at least four frequently

emailed contacts and a recovery email you remember. In this
case, you can skip the recovery email part and just fill up the
frequently emailed contacts. In hacking Joseph's account, I
managed him to give me not just four, but five emails he
frequently contact because he believed that I will pass the PDF I
gave him to those emails. After all of that just click Continue.

Step 11: After all of those things, Gmail will tell you to open the
email you use in Step 8 to access the reset password link. Then
in my case, I just hacked Joseph's Gmail account by just
interacting with him and using these steps. I hacked not just his
Gmail account, but also the Facebook, Twitter, and Instagram
that is connected to his Gmail account.

114
(By the time I wrote this book, this step worked. However,
Google may change their security in Gmail as the time goes by.)

That's how powerful social engineering is in hacking. With just a

simple magic word you can hack a lot of accounts. However,
social engineering is not just to harm people. It can also be
used in a much different way.

Social engineering has been used by psychologists to know

more about their patients and to medicate them. It is also used
by lawyers to persuade the judge that what they are saying is
the truth. It is also being used by the government by injecting
fear to the people for them to obey the laws and have a peace
and order. Mostly all of us used this kind of hack without us
knowing and today, you must know how to use it and apply it in
hacking.

This kind of power is just under the hacker's mindset. It has a

power to influence the target to do something for you even if it
doesn't suit their interest and without them knowing. Imagine if
you can control your target and you can make them do
whatever you want, isn't it powerful? This thing is one of the
things I treasured in Mr. K's teachings.

Social engineering is less technical so Mr. K taught me this

before proceeding to the technical. Everyone who's reading this
book can understand the terminologies which will be used here.
Also the process, you can do it without much technicality in
your mind so whether you are a businessman, a teacher, a
policeman, a student, a housewife, architect, or whatever
profession you are in, you can understand what social
engineering is.

115
7.2 Social Engineering Methods

1.) Tailgating

This method is effective for those who have a security gate that
doesn't have a guard and the only thing you need is an ID to
enter. That ID will be scanned by the gate system and the door
will open. In this case, tailgating from the word tail, you have to
tail an employee or a person that has an access and can open
the door. Then you just have to be behind that target and
quickly enter into the facility with the target in front of you.

Some of the beautiful women have an advantage in this

situation. Why? Because some of the employees who's a
gentleman do terrible things in this scenario. Gentlemen,
amazingly, use their ID and let the beautiful lady enter first in
most situations. So if you are a beautiful hacker then this
method must be a gift to you.

This method is commonly used to bypass security gates in your

target. You can do this with interaction with the person in front
of you. For example, have some small talk about the weather
while entering the security gate. However, you can also do this
without interaction and purely stealthy behind the person that
have access.

2.) Shoulder Surfing

This method is the most favorite of younger generations today.

It is because by just watching over the victim's shoulder what
they are typing, especially if they are typing their password
slowly (which is a doing of some older generations today), then

116
definitely you can open their account.

You can do this method by just purely watching what the victim
is typing. However, if the victim is fast in typing, then probably
you must use some tools like a video camera in your phone. So
that, you can play the video later in slow motion to see what
does the victim types. Pretty easy, right?

3.) Rewards

Do you ever see a wanted person in some posts and have a

reward maybe a hundred thousand if you have information that
can lead them to that person? Well, what if the reward you see
is millions? Or billions? Is your mind whispering to you to find
that person? Will you move to find that person? Maybe some of
you will.

The reward is the primary motivation. Motivation makes a

person move. And by moving, they can do something. In short,
the reward can also influence people to do something for you.

If a web administrator in xyz company is addicted to

strawberries, then you can bribe him with strawberries to do
something for you. You can offer him a reward if you want
something like confidential data on the company's website. A
reward like a basket of strawberries can push him to move
because he wants to get the reward. You just controlled him.

4.) Disgruntled Employees

Disgruntled employee means an employee that has a grunt with

dissatisfaction and anger with the previous company they
worked in. Maybe their boss swipes all of their best ideas, but

117
didn't give them credit? Maybe the company didn't treat them
well? Whatever the reason why they are dissatisfied and angry,
this employee is a hacker's treasure.

For example, there is a web developer who worked on xyz

company but was terminated because of his incompetence.
This web developer is now filled with anger and dissatisfaction
to his previous company because of how they treated him. Now,
you can take advantage of it by talking with this web developer.
Some bad hackers may use this web developer for revenge so
this web developer will help you with the information you
needed to hack the target company. However, good hackers use
this also and they will say to the web developer that this is for
revenge just for him to spill information, but the true motive of
the good hacker here is just to make the target company more
secure.

This is a treasure for you'll never know that maybe some of this
disgruntled employees know the password in the target
companies' computers. These previous employees can give you
an idea how you will hack their system. This employee has
been there inside the company you want to hack so they can
give you a lot of information better than the information a tool
can give you. They can also reveal a secret code of employees
so that if you do social engineering, you can impersonate as an
employee also because you know how their system of
communication or code works.

5.) Social Media

Do you have stalkers in Facebook or Twitter? Maybe that guy or

girl who likes every picture of yours? Or that person who silently
stalks your profile without you knowing? Well, all of those
people can be a stalker and a social engineer who wants to dig

118
deeper about you so that they will know your vulnerability.

Every time you post on social media about yourself or

something else, it will reflect in your personality. If you post a
picture of chocolate cakes with a heart as a caption, then
definitely that person likes that kind of food. If someone is
always posting a status about break-up quotes, then definitely
there is something going on about their relationship with their
lovers and you can dig more to know the details. You can
picture the details of their lives or whatever they like in social
media like Facebook and Twitter that's why for hackers, social
media is a treasure for hackers because it easily helps to get
their job done.

6.) Dumpster Diving

This is one of the common problems of the companies today.

This is the process of looking in the trash for sensitive
information such as passwords, emails, secret strategies and
many more that has not been properly disposed.

Hacker's another treasure is trash. You've read it right, trash.

For some people it is only trash, but for hackers, it is a treasure.
It is because some of the valuable information of their target
company may be inside that trash like documents for their
secret strategies, passwords, and any valuable information that
can help them hack the target company.

7.) Company Tour

Another hacker's treasure is the company tour. They can see

the inside facility of their target company. They can see what

119
routers, operating systems, and any other technologies they are
using inside the company. Knowing the inside of the company
can also help you determine how you will hack the company.

This also helps a social engineer to know how he will

impersonate as an employee or as a simple technician in the
company. For in this tour, he will see and hear how the
company works, where the CCTV cameras are, what time is
their lunch break, and many other routines that can help him
become one of the employees. Lastly, the hacker can capture
the image of the employee's ID so that he can be really one of
them and he can have an employee to dig in for vulnerabilities
that, again, can lead him to hack the target company.

7.3 Psychological Factors

1.) Fear

In the previous chapter, I mentioned that I tested a company's

security with permission. The first thing I did was social
engineering. After a long research about the company and its
employees, I made a strategy that can lead me into hacking
their data. What I need for the operation is just a telephone and
a great confidence.

I started to contact the IT guy who, according to my research,

have many dependents. He is the only man that has work in his
family so his family needs him very bad. So what if he was
terminated? Maybe, being terminated is his FEAR for he needs
his job badly.

So what I did, in the telephone was I acted and introduced

120
myself as the CEO of that company and there is some problem
in my company account so he must fix it and give me another
username and password or else, I'll fire him. When he heard the
word fire, he became quick in doing things hearing him typing
very fast and always saying this line, Wait sir! Wait sir! I can fix
it! Wait! I'll give you a new username and password!. Then I
just pushed him to give me an access to the CEO's company
account. By doing that, you knew what happened. By having
the CEO's account, I can have and do whatever I want with their
data.

Fear is a big force that pushes many of us to do something we

never intend to do. Some of the people today do terrible things
like stealing and killing for the fear that their family will starve
to death. Some of them have fear to fail an exam so they
cheated no matter what it takes. Some of them have fear of
losing someone they really love so they will do anything that
love one will say. Some of them are being blackmailed and
being told to do the things they never intend to do.

2.) Revenge

If someone wants revenge in a company or in any of your target

then that someone can be a lot of help to you. That someone
will do anything just to harm the target. You can use that
advantage for someone that can spill all of the information
about that company. Then, your hack will be much easier
because the more information you can have, the more chance
you can hack the target much easier.

This psychological factor is connected to what we called

Disgruntled Employee that hackers see as a treasure.
Because of their revenge, even if what you are asking is
confidential information then there's a huge chance that he will

121
give it to you just to harm the company. However, as a White
Hat, always remember that you are using this kind of advantage
to make the company more secure and not the other way
around.

Do you know Joker? The mortal enemy of Batman? If Joker

wants to kill a person then he'll use a person that seeks
revenge. He will just annoy the person or convince him/her to
seek revenge on that person Joker wants to kill. Then, later on,
the person he annoyed already killed that person. He just killed
someone with clean hands because somebody has to do the job
for him. The person who did the job of killing was controlled by
the so called revenge.

3.) Reciprocation

You can use this psychological factor in the people that owe you
or anyone that has an obligation to repay you for something
good you did to them. Most of the people tend to do everything
to the people they owe. For example, if someone saves your
life, will you do anything for him? Maybe you will for you owe
them your life.

What if someone gave you a work in a major company? Will you

give that someone an access to that major company? Some of
you will for you owe that very kind person and you believe that
person won't do anything bad to that major company. Well, if
that someone you owe is a Black Hat hacker then it's a terrible
thing, but if it's a White Hat hacker then it is also a terrible thing
that will turn into a good thing because White Hat hackers tend
to fix all of the vulnerabilities in cyberspace.

122
4.) Good Samaritan

Have you ever met a person that is so kind? Because of his

kindness, you can't say 'NO' to him? Well, there are a lot of
people that are so kind to you that you can't take it to see them
suffer or see them in a bad situation so you will help. Your
conscience is eating you up for this kind person is very nice to
you.

This is somehow connected to reciprocation but this is more

focused on being nice and kind to the target. The person you
want to hack will mostly say yes to your request for again, you
are kind and nice to them. Many people fall for this trap for
most of the people in this world base their judgment on the
person by what they see and not by what they cannot see.

5.) Likable

If the campus crush went to you and asked for a favor, would
you do the favor? Many of the people will do the favor because
sometimes they are in love with that person or they like that
person too much. The saying Love is blind goes true in this
psychological factor. Love can make you blind because there is
a tendency that you will do any favor that person will ask you
even if it is not your intention to do it. And yes, some hackers
use this kind of factor to hack someone or to control someone.

Likable person are those who are popular, or simply

gorgeous/handsome. I remembered when I created a fake
Facebook account with a girl name and with a profile picture of
a beautiful woman. In just one day, I received a thousand of
friend requests. And every man I chatted said that theyll do
anything I ask them like giving me confidential information in

123
their company and more that I can use in my hacks. You can
prettily ask anything to the person who likes you too much or
simply make yourself a likable person for you to control anyone.

7.4 Countermeasures

1.) Applicant Background Check

Have a deep background check in each applicant who wants to

join your company. You'll never know, maybe they are the
wanted hacker the police are chasing. It can also be a person
that came from your competitor so in order to be clear if which
side this applicant is, you must do this background check. It is
better to have a reconnaissance or an investigation team in
your company to do this job properly for this can be the number
one flaw of one company.

2.) Physical Security (Dumps)

Your company must establish a disposal policy where all paper,

including printouts, is shredded in a cross-out shredder before
being recycled. All storage media must be erased and all staff
must be educated about the danger of untracked trash.

3.) Have a Clear Company Policy

To avoid the impersonation and any other social engineering

tactics in your company, you must have clear company policy
of what will be the code if someone calls and so on. Have a
unique policy so that it will be hard for a hacker to create a

124
social engineering strategy for your company.

4.) Education About Cyber Security

All of the people must be aware of these kinds of tricks for them
to be more secure. Raising cyber security awareness can lessen
the increasing number of hacking victims around the world so
help us raise cyber security awareness by sharing the ideas this
book have.

~ Things to Remember

Social engineering is under the scope of the hacker's

mindset.
By just using social engineering, you can control
everything around you.
You can use social engineering not just in hacking, but
also to keep a harmonious relationship with your love
ones.
Social engineering was used also by professionals.
Humans are the weakest link in the cyberspace that we
must secure first.

125
 008
The Beginning

___________________________________________________________

More revelations, in front of me. However, this is only the

beginning and the journey is just about to start.
________________________________________________________________

126
8.1 Ethical Training

Batman is a superhero most of us knew. As you observed in his

every fight, he doesn't kill. Even if he has a chance to kill Joker
(his mortal enemy and a criminal), he still managed not to kill
him. It is because Batman thinks that it is not ethical to kill.
Batman was trained not to kill when he's just starting. He was
trained to be ethical before he was trained in combat and
weapons.

This is the same story with the policemen (at least in the
Philippines). All of them MUST be trained ethically and
theoretically on what kind of situation they will have to use
their gun, what they must think while handling the gun and
whom they will shoot it before they can handle and use the gun
practically. All of them must have undergone a massive
theoretical training to condition their mind before handling any
kinds of weapon. It is because who knows, maybe some of them
don't really understand where to use it so theyll just use it to
scare people which is unethical. Again, they must be trained
first to be ethical before handling a weapon.

All of these stories are the same with hacking. You have to know
what is the ethical way of becoming a hacker before you can
use weapons in hacking. That's why before I introduced you to
the greatest weapon in hacking which is a hacker's mindset, I
already introduced to you that all of this must be used ethically.
You can be superhero and make a difference in this world
without breaking the law. And the greatest thing about it is you
can use hacking to make that possible.

In every step you will make to hack something and someone

make sure that you have permission from the owner of the

127
system you are hacking. It is good to have a pre-engagement to
the owner about the hack that you will do. Your reasons must
be for intellectual challenge or rewards, but whatever it is, talk
to the owner about the scope of the hack you will do because
through this you'll know the limits of your operation. This is a
good start to make the system of your targets more secure
because after you hack their system, you must give them the
solution on how to fix that hole in their system.

In this book, we are encouraging you to become one of the

superhero of this modern society. The modern defender of the
digital world lies within you. The future generation is hoping for
you to make our cyberspace more developed and secured. You,
the one reading this book, are one of the only hope of the
digital world to depopulate the Black Hats or the bad hackers in
cyberspace by making our cyberspace more secure.

As the time goes by, Mr. K trained me after that first test to be
ethical. He gave me more tests and the challenge here is not
how I can hack the system, but how I can make it ethical. That's
why now all of the steps I am using in my journey such as the
Hacker Games Championship, my cyber security business and
Mapuan Files issue were purely ethical and no person nor
system has been harmed.

8.2 Application of Hacker's Mindset

Knowledge is useless if you don't know how to apply it in the

real world. Now that you know all of these things, start creating
strategies on how you can hack a system without using too
much technology. It is because the real meat of this book is for
you to become a real hacker who is powerful even if

128
technology goes down in this world. Always remember that
technology is just a subordinate in hacking and the real power
of hacking lies on your mind, the hacker's mindset.

Some of them may say that what I've done in my past hacks is
just social engineering. Social engineering is all about hacking
the humans. However, social engineering is just one of the
capabilities of a hacker's mindset. Some of the capabilities of a
hacker's mindset are creating unconventional strategies that
can lead you to a more successful hacks, utilizing all of the
things you have and turn it into a powerful hacking weapon.
These are the reasons why you must not belittle the hacker's
mindset because it is has the greatest capability that any tool
can't have.

Now think of a company or a target you want to hack. Is it a big

corporation? Is it a small institution? Is it your friend's account?
Whatever it is, you must first talk to the owner of that system
so that you won't be in jail if you already hack their system.
Evaluate and talk to the target about the limits of the hacks
because most of the companies wouldnt want their websites
down for their operations online will be stopped.

Now that you have a permit and a target you now have to do a
massive information gathering about the targets. Utilize all of
the things you have so that you can extract more information
about the target. The more information, the more chances you
can see a vulnerability in their system. Sometimes, the
passwords or any confidential information is right here in this
step. So now, start being a deep researcher because the more
you dig deeper, the more you can find valuable information.

After that, create an unconventional strategy that can lead

you in hacking the target. Think of the vulnerabilities of each
target and think of any possible method to hack the target.

129
Here, you must think out of the box and you must create the
smartest way to hack the target. Lastly, the ways you will
formulate in this step must be ethical. So now, start creating
more strategies on how you can hack a certain target because
it will let you look what your situation is and how possible it is
to achieve an impossible thing. Always remember that hacking
is also about the creation of strategies.

Finally, we have the execution where you will execute the plans
youve made from the most possible to the least possible. This
is for you to save time and of course you must be flexible
because most of the time, there will be some changes in your
methods.

In your everyday life, you can practice these skills by just

researching about the target and making a strategy on how you
can hack that target even if you won't really hack them. It is
just for you to test yourself in researching and being a
strategist. For example, I sometimes talk about deep topics with
my friends (this is the research part) then later on, in my mind I
am creating the methods on how I can hack their Facebook
accounts; but I wont hack their Facebook accounts. Again, it is
just for you to test yourself how good you are in using your
hacker's mindset.

8.3 Technical Hacking

To be honest, this book is not intended to teach you the details

about technical hacking. It is because you must understand
programming, networks, Linux, and some computer
fundamentals first before you can fully understand technical
hacking. Technical hacking will be in my next book wherein I

130
 will teach you the things you need to know first before jumping
in to technical hacking. This book is primarily focused on
developing a hacker's mindset which makes up the 80% of a
hacker and technical hacking is only subordinate in hacking
which is just 15% that's why I dedicated this whole book in
having a hacker's mindset.

Fortunately, I will introduce you to the basic hacks. I will also

tell you the countermeasures for you not to become one of their
victims.

1.) Phishing
This is the act of sending an email to a victim and
falsely claiming to be an established company in an
attempt to scam the user into surrendering confidential
information such as username and passwords. This email
will direct you to a website where you will be asked to
log-in or update any personal data such as password,
social security, bank account, and credit card numbers.
However, the website is fake and will capture all the data
youve entered.

Countermeasure:
Always check the URL of the website you are visiting.
Sometimes you can see that the website you are visiting
by appearance is really that website for example,
gmail.com. However, if you check the URL and turns that
it is not gmail.com but gm4il.com, it must be phishing.

2.) Keyloggers
It is a software or a hardware that records the real time
activity of a computer user including the keyboard keys
they press. It allows not only keyboard strokes to be
captured, but also capable of collecting screenshots

131
 from the computer's victim. However, the primary goal of
hackers in using this is to collect sensitive
information like passwords and username.

Countermeasures:
Keylogger detection software can literally find
keyloggers. However, just like common anti-virus
software, it only detects recorded and known keylogger
software. Any new or unknown keylogging programs
won't be detected as their signatures aren't recognized
by the software.
Keyloggers are one of the primary reasons why you have
to turn on your firewall. The firewall prevents any
unauthorized information from leaving your computer. If
a keylogger is installed in your computer, the information
it's attempting to send can't get through. Although
Windows Firewall is somehow, useful, you should invest
in more secure firewall software.
You can use Spybot software which not only detects
keyloggers but also the Trojan horses (one of the ways
remote keyloggers are installed)
You can also use less popular operating system such as
GNU/Linux, which have very little compatible keylogger
software available.

3.) Social Engineering

Hacking Facebook? Gmail? Ymail? Twitter? Well, the trick

in doing that is much easier and scarier. Social
engineering is a term that describes a non-technical kind
of intrusion that relies on human interaction and often
involves tricking other people to break security
procedures. For example in Facebook, today, when I am
writing this book, Facebook has a security question that if

132
 you just have a little chitchat with the target about that
question then you'll discover the answer and break-in
to their account easily.

Countermeasures:

Simply educate the users about the tricks such as avoid

giving too much detailed information, especially if you
know that that it is your security question in some
accounts.

If you own a company, it is better to train your

employees to demand proof of identity over the phone
and in person.

4.) R.A.T.
RAT stands for Remote Administration Tool. It is
mostly used for malicious purposes, such as controlling
the victim's computer remotely, stealing the victims'
data, deleting and/or editing some files on the victim's
computer. One can infect someone else by sending them
a file called Server. When this file is opened by the
victim, it will plant itself deep into the system and starts
to run in the background anonymously. Additionally, it
can also send a message to the attacker every
time the victim's computer is active like when a
computer is turned on.

These are the things that a RAT can do in the victim's

computer:
Manage files. (Delete/Modify)
Control Web Browser. (Change homepage, open a
website)
Get system information. (OS version, Antivirus name,

133
 RAM Memory, Computer Name, Network Address etc.)
Get passwords, credit card numbers, or any private data
View and control remote desktop. (Take a screenshot or a
snap from the webcam)
Record camera, or sound (Control mic and camera)
Control mouse or keyboard input
Almost everything you can do in your own computer.

Countermeasure:
RATs are one of the most difficult to detect because they
usually don't show up in the list of running programs or
tasks so it is better to have the best antivirus you can
ever have to defend yourself from this kind of attack.
Always keep your antivirus up to date.
Don't download files in the Internet from the parties you
don't actually know.

5.) Wi-Fi Hacking

As of now there are two types of wireless
encryption-standard, Wired Equivalent Privacy (WEP)
and Wi-Fi Protected Access (WPA and WPA2). Every
Wi-Fi that has a WEP encryption is very insecure. By
using fern Wi-Fi cracker or any other Wi-Fi hacking tool
out there you can hack the password of the Wi-Fi in just a
minute and a couple of clicks of some buttons. However,
if you are using WPA then it is more secure, but it does
not mean that it is not vulnerable. Hackers can hack
WPA Wi-Fi if the password is weak by just using a simple
dictionary attack.

Countermeasures:
Use WPA encryption.

134
 Use a strong password.

6.) Dictionary Attack

This is the method used to break password-based
security systems, in which the attacker automatically
tests all the possible passwords beginning with words
that have a higher possibility of being used, such as
names, places, and animals. The word dictionary
refers to the attacker exhausting all of the words in a
dictionary in an attempt to discover the password.
Dictionary attacks are typically done with software
instead of an individual manually trying each possible
password.

Countermeasures:
From a user's perspective, make sure that your password
is difficult to guess and can't be found in the dictionary. It
must have a symbol and numbers.
In the programmer's perspective, make sure that you
have an account locking program in your password
system. Locking an account after several unsuccessful
attempts (three to five) prevents a hacker from checking
multiple possible passwords to log in.

Those techniques are some of the common techniques hackers

use in their targets and it is very important for you to know how
to counter all of these things. Those things are just to give you a
glimpse of what we will tackle in the hands-on hacking and
much more detailed technical hacking in my next book.

135
8.4 Learning Continuously

Congratulations! You just learned how to use the inborn power

deep inside you: the hacker's mindset that everyone can have
whether you are technical or not. You've learned that everyone
in this world can be a hacker. And you can hack everything no
matter how hard it is to break-in.

You also learned that all of this power must be used purely in
ethical. All of you now who read this book are responsible to
help our digital world to make it more secure. You are now
responsible to make a more secure cyberspace for the next
generation. For as a popular saying goes, With great power
comes great responsibility.

The good thing in this era is we have the Internet. You can
learn anything you want in just a click of a button. So go utilize
this thing called the Internet for your development. As a hacker,
you must learn continuously and you never stop learning
because every field in this life is a never-ending mystery so
learning must also be eternal for you to become ahead.

True learning will be yours forever if you will apply it in the real
world. So we are encouraging you to apply it, especially the
hacker's mindset:
Think Out of the Box
You Can Achieve Anything
There is NO 100% Secure in Cyberspace
Hackers Dig Deeper
Be a P.R.O. (Patient, Resourceful and Observant)
Those are the things most of the security professionals didn't
have. Most of them belittle it and say that they are already
using those things; but based on their acts, they're not.

136
Always remember that hacking's great power relies on the
hacker's mindset and not to the tools they are using. That's
why we want you to learn first how to hack without using any
tools. Again, technology is just a subordinate to hacking and
the only reason why technicalities are the main focus of hacking
nowadays is because we are in the technology era today.
However, reading this book will be for nothing if you won't apply
it so go apply what you've learned in this book ethically.

This book is a series. The book two of this will talk about the
technicalities in hacking so for those who are waiting for easy-
to-understand techniques about technical hacking, grab our
next book. This is for you to complete the 100% of a Be-Do-Re
hacker. By reading this book you just acquired the 80% of being
a hacker, the majority of being a hacker and the thing that
every hacker needs; and by reading the next book, you you will
now complete the 100% of becoming a Be-Do-Re hacker.

If I don't have this kind of training, then probably I won't

achieve the things I have now. Although Mr. K is my primary
suspect behind the Anti-Cryptors, I have to thank him for he
reveals the truth to me about the hacking industry. Thanks to
his training that gave me a strong foundation in true hacking.
Maybe, he just set up the Mapuan Files hacking event as my
last test to him, but whatever it is I am still thankful. And
because I want the world to know the truth, I wrote this book.

137
8.5 Join Us In Our Revolution!

Hacking is one of the extraordinary powers of humans.

However, most of the people don't use it because they say it is
bad. It just looks bad because there are a lot of bad people
who are using it. In short, this power was notoriously used by
bad people so it became known as a great weapon of the
villains, but what will happen if that power will go into the
hands of a superhero?

Most of the bad people know how to use this power but only a
few good people know it. That's why I created this book: to
populate our cyberspace with superheroes or the ethical
hackers. If we overpopulate the cyberspace with superheroes,
then probably, the cybercrime rate will decrease. That will be
one of our solutions to definitely change not just the cyberspace
but also the world and this is your chance to be a part of it!

138
How to join in our revolution? Simply, spread the idea of this
book because the idea is bulletproof. We want it to spread like a
virus but with a good effect and social media is good with it so...
Take a photo with this book in your Facebook or Twitter
account.
Include our official hashtag #Cryptors
The caption must be related to the idea of this book
which is to become the modern superhero of this
society through the power of hacking.
Every month we will pick a winner whose picture is
extraordinary (25%), caption is motivating (25%) and
has the huge numbers of likes and shares/retweet
(50%).
The winner will be recognized in our social media
accounts and to our official website as one of the
modern superheroes who spread the golden idea of this
book. Then he/she can get the limited edition T-shirt of
Cryptors as a souvenir.

(For the updated details here, just go to www.cryptors.org)

Why do this? The world needs the idea of this book and you
are one of the ways for them to discover this thing. This book is
a real treasure for those who want to make a difference in this
world so go spread the idea. We want the people to discover
this in the fastest way and to be honest; YOU are the key to it.

Why not pirate this book? By buying this book, whether it's in
a form of e-book or paperback, you just helped this revolution.
Encourage the people to buy and not to pirate this book. By
doing that, we can possibly make another book to expose the
truth and give the idea that the people must know about
hacking. And of course, if you value a thing then you will
probably spend a dime. So why not legally support this book?

139
Are you a shy person who doesnt want to take a picture?
Then you can still join the revolution by making a status update
in your social media like Facebook or Twitter with the hashtag
#Cryptors. Of course, the status must be about the idea of this
book we want to spread like a virus. The most liked and shared
status for the month will also get recognition on our website as
one of the superheroes who shared the golden idea of this
book. Then he/she can get the limited edition Cryptors T-shirt
as a souvenir.

(For the updated details here, just go to www.cryptors.org)

Are you an avid video maker? This is your chance to make a

difference in this world by your creation.
Create a 60 to 90 seconds amazing commercial about
the idea of this book we want to spread.
Every year there would be 3 winners.
Champion will have a 20,000 Philippine pesos cash prize,
certificate and a trophy, recognition on our website and
social media as superheroes who shared the golden idea
of this book through video-making, and will have
Cryptors T-shirt as a souvenir.
1st runner up will have a certificate, recognition on our
website and social media as superheroes who shared the
golden idea of this book through video-making, and will
have Cryptors T-shirt as a souvenir.
2nd runner up will have a certificate, recognition on our
website and social media as superheroes who shared the
golden idea of this book through video-making, and will
have Cryptors T-shirt as a souvenir.
The awarding will held in the annual hacking conference
organized by Cryptors.

140
(For the updated details here, just go to www.cryptors.org)

Whatever race, culture, religion you are right now you can still
join this revolution. This revolution will raise cyber security
awareness around the world. It will make our cyberspace more
secure and by just being with us in this revolution, you just
make a difference. Go! And become the superhero of this
modern society!

~ Things to Remember

You can HACK EVERYTHING by just being creative and

resourceful on how you will use the things you already
have.
You can hack without tools for the greatest tool is your
hacker mindset.
Professional hackers who depend too much on tools are
not real hackers.
Hackers who primarily use their hacker mindset and use
technology as a subordinate to their operation are the
real hackers.
You can learn anything better than those who study in
the classroom by simply using SELF-STUDY which is a
primary skill of a hacker.
A hacker learns continuously.
Hacking is all about the thinking details. The technical
details are just subordinate.

141
 Recommendations
Go to www.cybrary.it: (For FREE)
Learn CompTIA A+ (For you to know the basics of
computer software and hardware)
Learn CompTIA Network+ (For you to have an in
depth knowledge about networks)
Learn CompTIA Linux+ (For you to have an in
depth knowledge on how to use the Linux
platform)
Learn CompTIA Security+ (For you to have a
basic knowledge in security)

Go to www.codecademy.com: (For FREE)

Learn Python programming language (For you to
have basic knowledge in programming)
Learn HTML & CSS (For you to have a basic
knowledge in web designing)

Read the Book II of Cyber Defender:

You will learn the realistic approach of how
technical hacking occurs.
You will learn hands on with image guides on how
to do a certain technical hacks.
The book will be based on my real life story so
that you will learn, at the same time, you enjoy.

142
 Resources

Why Teach Hacking?: https://www.youtube.com/watch?

v=KwJyKmCbOws
Hackers, Superhero:
http://money.cnn.com/technology/superhero-hackers/
Mapuan Files hacking: https://twitter.com/search?q=mapuan
%20files%20hack&src=typd
Barnaby Jack: http://motherboard.vice.com/blog/barnaby-jack-
hacker-autopsy
Reuben Paul: http://www.idigitaltimes.com/meet-reuben-paul-9-
year-old-hacker-changing-world-one-app-time-438461
Types of Hackers: http://study.com/academy/lesson/what-is-a-
hacker-definition-lesson-quiz.html
Misconceptions About Hackers:
http://hubpages.com/technology/Misconceptions-About-Hackers
Allegory of the Cave: http://study.com/academy/lesson/the-
allegory-of-the-cave-by-plato-summary-analysis-explanation.html
Social Engineering: http://www.social-engineer.org/
Pipl: www.pipl.com

143