The Secret step-by-step Guide to learn Hacking — Spoonfed Edition!

Eshaan Bansal
Aug 20, 2019 · 4 min read

Step 1: Get your super black hacker hoodie and guy Fawkes mask
Step 2: Go to https://hackertyper.net and start typing.
Step 3: they believe you are hacker
Step 4: you are hacker.

Ez pz, right ?

Totally clickbait, I know.

Note : This guide is for someone who wants to be professional pentester or cybersecurity engineer not some kid who wants into hack their friend’s Facebook or neighbor’s Wi-Fi.

If you want to be a professional Hacker/pentester you have to go through hell(I mean it)


I have seen many people asking me that “hacking sounds very interesting where do I start”, and “can I become a hacker if i learn Kali Linux” ?

Answer #1: This blog post is for you.

Answer #2: No. Never. Kali Linux is kind of an end-product for Hackers. It has 300+ tools tailor made for Penetration testing(pentester). So before jumping into Kali Linux follow these steps.

Hacking = Programming + OS + Networking + databases + webapps + Linux + Hardware + Everything.

Step 0x00

1. Setup a Virtual Lab

Retrieve a virtualization system (VirtualBox, VM player) and install Linux. Use a traditional distribution like Ubuntu not a security related one(like Kali).

2. Linux.

Learn Basic Linux commands like navigating file systems, directories.
Understanding file system,giving/taking permissions to file and folders etc.
Then move on to shell scripting it’s easy and powerful.

3. Start with coding and learn:
C, C++, JavaScript, Python and Ruby.

Don’t worry, you will get familiar with all of these in the long haul, you are not supposed to just cram all these up in a day or a week. More importantly, you don’t have to be a master of all. Pick one and learn its syntax and data types. To be a successful pentester you need to have at least one scripting language like python, JavaScript, ruby etc. in which you can write exploits and automate your tasks. Be comfortable enough to read, modify, edit in above mentioned languages. I recommend Python.

Few resources:
Install Ubuntu in VM in Windows 10
IT basics: https://xapax.gitbooks.io/security/content/
Linux bash basics: https://www.youtube.com/watch?v=oxuRxtrO2Ag

That’s all you need to get started for now. If you have your Linux machine ready and basics of Linux and python clear, you are on your way !

Side Note: Watch TV Show called Mr. Robot (Available on amazon prime). Thank me later !

Step 0x01 — more clickbait

Watch these videos to get a sense of what it means to learn hacking.

The Secret step-by-step Guide to learn Hacking by liveoverflow on Youtube
How to learn hacking? ft. Rubber Ducky

Read this reddit thread.

https://www.reddit.com/r/HowToHack/comments/c1zo1q/from_where_can_i_learn_hacking/

Step 0x02 — Intro To CTFs

What is CTF? An introduction to security Capture The Flag competitions:
https://www.youtube.com/watch?v=8ev9ZX9J45A

Play CTF! A Great Way to Learn Hacking by liveoverflow on Youtube:
https://www.youtube.com/watch?v=rfjV8XukxO8

Step 0x03 — Play some CTFs

I always recommend starting with the bandit wargame from OverTheWire.
Before that, Watch at least the first 10 videos of both playlists before moving along.

PicoCTF 2017:
https://www.youtube.com/watch?v=x-qaeuw74WE&list=PL1H1sBF1VAKVTu-v1XcJV9VVdhEEALvkY&index=1

PicoCTF 2018:
https://www.youtube.com/watch?v=uIkxsBgkpj8

^John Hammond has a discord server. Do join it. Connect with infosec people, talk to them, ask them for advice in where you are stuck. The infosec community is great if you know how to ask questions. Learning with a community is the best way to learn.

STEP 0x04 — More on CTFs

These will help you alot as you tackle CTF challenges.

CTF Field Guide: https://trailofbits.github.io/ctf/
CTF Cheatsheets:
1. https://github.com/JohnHammond/ctf-katana
2. https://www.gracefulsecurity.com/cheat-sheets/
3. http://pequalsnp-team.github.io/cheatsheet/

Step 0x05

STOP WASTING YOUR TIME AND LEARN MORE HACKING!
https://www.youtube.com/watch?v=AMMOErxtahk

Step 0x06 — Pick a lane!

Now that you have seen what hacking is, what CTFs are, played a few, and got a broader idea of what different domains are there in cyber security..

  1. Reverse Engineering/Binary exploitation:
    John Hammond’s RE playlist
    Liveoverflow’s RE playlist
  2. Web Security:
    Read this blog post.
    John Hammond’s Web Security playlist
    PwnFunction’s channel on Youtube
    https://PentesterLab.com/bootcamp
  3. Foreniscs/Stego/Crypto:
    John Hammond’s Steganography playlist
    John Hammond’s Forensic Playlist
    John Hammond’s Crypto Playlist

Pick one domain you like or are most interested in. Give it ample time, reading writeups, watching walkthroughs and regularly participate in CTFs and try to tackle the challenges of your chosen domain.
If you are not able to solve, don’t worry, read the writeups/solutions posted after the CTF ends on https://CTFtime.org/. See what you were doing wrong, what was missing. Most importantly, play with your friends as a team. That’s the best way to learn.

Step 0x07

A few things to remember:

  • There is no secret step-by-step guide to learn hacking. Although I hope this was somewhat helpful.
  • The resources provided in this blog post are the one’s which personally helped me and that’s why I decided to share with you. Don’t expect to be spoonfed at every hurdle along the way.
  • The YouTube channels I mentioned, the blog links, the cheat-sheets and guides are overflowing with knowledge. There’s so much more content in those links, blog pages and channels only. Scrape it, search for it. If you can’t find what you are looking for, It’s not because It doesn’t exist. It’s because you are going about it the wrong way.
  • Don’t be overwhelmed by thinking there’s so many links, so many videos. There’s no predefined time limit for you to complete all this in. Take your time, continue your learning whenever you can.
  • Cybersecurity is a very interesting field.
    It’s not just hacking your friend’s Facebook or your neighbor’s Wi-Fi. However, here’s some good sauce for such mischief unmanaged: https://null-byte.wonderhowto.com/

Step 0x08

Will be updated after first session of Cybersecurity club, Rooters — Techspace, USICT.


Thanks for reading, happy hackin’! ~ Eshaan7

Techspace

This is the publication for Techspace USICT, sharing blogs…

Eshaan Bansal

Written by

I like Linux, Security, Web development and pentesting! https://eshaan7.github.io/

Techspace

Techspace

This is the publication for Techspace USICT, sharing blogs, tutorials and information.

More From Medium

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade