Where to Start?
Interested in learning how to hack, but have no clue where to start? Well, you’re not alone and you’re in the right place. It can all seem really overwhelming when you’re first trying to get your feet wet so hopefully this article will give you some clarity and guidance!
Simply put, networking is the place to start. You can’t assess a network if you don’t know what a network is and how it works. You need to know the basics of IT before you can effectively learn how to hack. Key word here being basics. I’m not suggesting that you become a self-taught Network Architect/Engineer, but being familiar with the basics of networking will certainly prove to be beneficial and at some point necessary on your hacking journey.
One resource that I will reference numerous times throughout this article is TryHackMe. TryHackMe is an online learning platform that teaches cybersecurity concepts and allows their users to put the theoretical knowledge they’ve gained on the platform into practice by providing real world labs. TryHackMe has vulnerable machines for seasoned and beginner hackers, all accessible through your browser! Over 80% of this platform’s content is free and the rest is available through a $10 USD monthly subscription fee.
- I highly recommend TryHackMe’s What is Networking, Introductory Networking, and OSI Model rooms. They cover what exactly the internet is, the OSI model, TCP/IP model, and an introduction to basic networking tools.
- If you have some cash to spare and a little python programming knowledge, I suggest Mastering Python for Networking and Security, as well as Foundations of Python Network Programming.
Now that you’re familiar with networking basics, you’re ready to narrow your focus and choose an area of interest to build skills in. Below I’ll cover resources for learning web application and network hacking, as well as some references to gain familiarity with the industry standard tools used most by hackers.
Web Application
It’s a good idea to start by familiarizing yourself with the OWASP top 10 web application vulnerabilities. The OWASP top 10 is a frequently updated security report that outlines the 10 most critical web-app risks.
- TryHackMe’s OWASP top 10 room is a great place to start. The room “breaks each OWASP topic down and includes details on what the vulnerability is, how it occurs and how you can exploit it.” It’s designed for beginners and includes multiple labs that allow you to put theory into practice.
- Portswigger’s Web Security Academy is a completely free online web security training platform designed by the creators of BurpSuite(an often used set of pen-testing tools). You can follow along one of their learning paths which gives some structure and guidance to beginners for the order in which they should complete the labs provided.
- Hack The Box is an online cyber training platform that lets you build cybersecurity skills all through your browser(for a fee)! HTB has an academy where they provide courses and learning paths that include challenges and machines that users can progress through to master a particular subject. Their Bug Bounty Hunter and Login Brute-forcing paths are a good place to start! Once you’ve grasped the fundamentals, you can put your new skills to the test; their Playground has over 200 live hackable machines ready for you to pwn!
For Bibliophiles like myself that don’t mind spending a penny I recommend the following book:
- My suggestion is Bug Bounty Hunting for Web Security. If you’re looking for a hands-on hacking book that’s practical and to the point, then this one’s got you covered. Perfectly suited for beginners that understand the theory of vulnerabilities, but haven’t had the chance to exploit them. It will also help you start to build your home lab for hacking practice if you don’t already have one. A good idea is to use this book as supplemental material while working through TryHackMe’s OWASP top 10 room.
Network Hacking
Below I’m going to list some resources for those of you interested in network hacking/pen-testing. These will cover topics like network reconnaissance, linux and windows privilege escalation, active directory, password cracking, etc.
- TryHackMe: Offensive Pentesting learning path which covers advanced exploitation, buffer overflow exploitation, kerberos hacking, and hacking with powershell.
- HackTheBox: Active Directory Enumeration and Attacks, Linux Privilege Escalation , OSINT: Corporate Recon, Stack-Based Buffer Overflows on Windows x86, and Password Attacks.
For book lovers:
- Hands on Hacking is the way to go! This book broke my “hacking cherry” so to speak, and I couldn’t recommend it more. Learn to hack into Unix, Linux, and Windows operating systems as well as discover and exploit web application vulnerabilities. Whatever your interest in hacking, this book has got any beginner covered!
Mobile Hacking(Android)
- For those interested in delving into mobile hacking, there’s TryHackMe’s Android Hacking 101
Industry Standard Tools
Here are some of the best hacking software and tools used frequently by beginner and experienced hackers alike.
- NMAP: an open-source network mapping tool used to find hosts and services on a network as well as vulnerability identification. I suggest TryHackMe’s NMAP, NMAP Live Host Discovery, and NMAP Post Port Scan rooms. Also check out HTB’s Network Enumeration with NMAP course.
- Metasploit: An exploitation framework used to test network security. Hackers use this tool to discover and exploit vulnerabilities. TryHackMe’s Metasploit Introduction, Exploitation , and Meterpreter rooms as well as HTB’s Using the Metasploit Framework course.
- Wireshark: Wireshark is a packet analyzer used for network troubleshooting, analysis, protocol development and more. TryHackMe’s Wireshark 101, and Wireshark: The Basics are a good place to gain some familiarity with this tool.
- BurpSutie: Burp is a suite of web application penetration testing tools. Hackers use burp to capture and manipulate traffic between themselves and a webserver. I suggest TryHackMe’s Burpsuite Basics, Repeater, Intruder, Other Modules, and Extender rooms!
I hope you enjoyed this piece and it gave you a bit of clarity and guidance!
In one of my upcoming blogs, I’ll write out a self study plan for anyone who feels overwhelmed and still unsure of where to start or how to manage their time to get the most out of these resources.
Happy Hacking!!