Cyber Security — Where Learning Meets Fun

Published in

Version 1

4 min readMay 30, 2023

About one year ago, I wanted to learn more about cyber security. Boring for some perhaps but working with security professionals in my previous job they made it sound very interesting. It is also an area that is only going to keep growing as time goes on.

Another reason to learn is that there is such a wide variety of topics that are covered by cyber security, so you are bound to find one which interests you. Also selfishly, it’s not a bad thing for a software developer to learn about either. But how best to go about this? There were a couple of websites which I predominantly used.

HackTheBox

Originally, I signed up for this site during the first Covid lockdown back in 2020 but didn’t get too far with it until last year. Originally you had to “exploit” the website to get an account but these days you can just create an account in the normal way and get learning.

There are several different machines of various difficulties which you can try and break into. These machines can either have Windows or a version of Linux as the operating system and can have a wide variety of software installed on them. I have seen examples ranging from web applications to wireless router software. The goal is to get admin (root for linux) access to the underlying machine and copy a flag to prove that you have done it. However, there is also generally a user flag as well. Generally, machines are rotated after a few months and replaced with new ones with different issues. There is also a paid tier for HackTheBox which allows you access to all past machines as well.

The only issues with these machines are is that you need to have some background knowledge of how to exploit things or do a lot of searching online while you are trying to break in to your first box.

There are also several smaller exercises to help you get to grip with certain topics such as web exploits to mobile. In addition, there is also something newer called HTB Academy which, like TryHackMe, provides more structured learning.

TryHackMe

This site is better for beginners I feel. There are a few free courses however quite a lot are behind the premium tier which you need to pay for. TryHackMe covers the various topics more granularly and walks you through certain scenarios step by step. It will also teach you about the various pentesting tools which are out there. There are even modules which cover the ELK stack and Splunk being used for security alerting.

However, unlike HackTheBox there are some modules about learning the defensive side of security (blue teaming). This includes a module focusing on packet analysis and a relatively new course focusing on AWS security.

This website is the one that I found easier to learn from due to its structured content and the fact that all the information relevant to a particular module is there for you to read about while completing it.

Youtube

I have also watched some of John Hammonds videos on various security topics on his YouTube channel. Includes lots of videos about various security issues and also tutorials about how to set up various pieces of software up

Additionally, there is a good channel called Ipsec which goes over the solutions to the HackTheBox machines once they are no longer current for the general public.

Other Useful Information

Things that are useful to know for all the sites above are what tools to you. The tool widely known (although there are others) security focused operating systems are Kali Linux and Parrot OS. Both are Linux based operating systems with lots of security tooling already preinstalled. I have only used Kali Linux which is also the one with the greater market share so it is a good place to start.

I have installed Kali Linux onto a virtual machine. The software I use to manage my virtual machines is VirtualBox. This way I do not require a separate machine to learn about cyber security on but still having a degree of separation from my host operating system. In general, Kali do not recommend their operating system to be used as a normal operating system and expect it to be used for only performing security testing.

Conclusion

I have really enjoyed learning about cyber security, and it is an area that I want to continue to learn about. I hope this blog has inspired people who are interested I security to look at some of these resources that have helped me learn. This is an area which is only going to grow in the future with more and more data becoming available online which will need adequate security controls in place. Happy to hear about what other people have used to learn more about security in the comments.