Hey guys, I know it’s been a while and I’m really sorry about that. This year threw me off kilter and I was having difficulties finding my drive and energy but I seem to be getting it back. Thanks for being patient with me.
Alright, so a lot of people have been reaching out to me asking how to begin their hacking/pen-testing journey. I feel your pain, there are too many resources out there that it gets really confusing and you start to feel overwhelmed.
So, I decided to put out my own learning flow, which by the way I got mostly from, John Strand & The Cyber Mentor.
P.S: You don’t necessarily need to follow my learning path to get where you’re going. Please feel free to create your own flow and even modify mine to suit your learning capabilities. But if you want and plan to be good at Cyber security, then you definitely need to learn and understand the basics, build a solid foundation, before you jump into breaching and exploitation.
All the resources provided are off the internet and are free, for the most part.
With that out of the way, let’s begin!
Here are some great platforms to learn, get hands-on experience and practice:
INE, TryHackMe, RangeForce, HackTheBox, Overthewire, Underthewire
Networking.
Networking is a very good place to start (cue the sound of music), in Cyber Security, you should definitely begin with networking. I don’t know about you but I learn and understand better with practical procedures.
Here are some really great resources to learn networking:
- Computer networking course on Alison.
- Computer networking on Class Central.
- Network simulators
- IT Support: Networking essentials on class central.
I suggest going through class central, Udemy and Edx, you’re sure to find some really great courses there and some are free too.
If you’d like to try out some physical networking, you can look for old Cisco gears on Ebay and there are some other cheap gears out there you can use.
Bash Scripting.
Yes, I do know that there are other scripting languages but I can assure you, that Bash is the best and perfect one to begin with. If you want to learn some other type of scripting language later on, then by all means do.
Here are some resources:
- Learn Shell.
- Intro to Linux shell scripting on Udemy.
- Linux shell & scripting tutorial on Udemy.
Some very useful Bash scripting books, (not free) I own a copy of the first one and it’s really a great source.
- The Linux command Line on Amazon.
- Linux command line and shell scripting bible on Amazon.
- Shell programming and bash scripting ultimate beginner on Amazon.
Python Programming.
I’m sure everyone knows that Python language is needed in this journey. Not to strike up an argument but I believe this is the easiest and best programming language to begin with, well I certainly wish I did start with this. It is my favorite and most used language, (not that I do know how to fully code in more than two languages).
OK, resources:
I absolutely recommend Codecademy. I even have my siblings, nieces and nephews hooked on it.
- Python on Codecademy.
- Introduction to Python programming on W3Schools.
- Python for beginners on Python.
- Interactive Python on Learn Python.
Create as much projects as you possible can and upload them to GitHub, to keep track and to add to portfolios and resumes.
Powershell.
I have to say this and please don’t let it hinder you from enjoying your learning journey but, I absolutely do not like Powershell and I think it’s freaking hard to learn, I’m still learning though.
Don’t get discouraged, I can honestly say it gets easier with practice and my secret is, I wrote down the most common commands I use regularly and taped it to the wall in front of my desk and the rest, I Google as I need them.
A few resources:
- Learn Powershell on Tutorials Point.
- Powershell unleashed on Amazon.
I consider all of the above the foundation needed to be good in Cyber security, the rest of the listed resources are the super structure you can build on this foundation and you can be sure you won’t sink. (Yes, it’s a construction engineering reference.)
Having this solid foundation is essential to understand things you’ll read/hear about exploits and attack tools. You’ll be able to get how exploits, scripting, tools, etc, work on a basic level and this would set you up to learn and understand the larger, more complicated aspects of Cyber.
Here’s the rest of the sections in the learning path, I know you all have probably been waiting to get to the exploitation and breaking into things section.
- Keep up with security news. I suggest using Feedly, all your topics in one place.
- Learn PHP and ASP.NET
- Learn ASP.NET on Microsoft.
- ASP.NET tutorials on W3SCHOOLS.
- ASP.Net on Tutorials point.
- Leann PHP.
- PHP the right way.
- Learn and understand protocols. (I suggest starting by picking just one protocol and learn everything there is to know about it, take it one protocol at a time and try getting one to specialize in)
Check this site out for a list of protocols you definitely wanna know.
- Participate in online challenges. You can also check out Vulhub, they have a variety of great boxes to download and practice. Here’s a website with a list of legal sites to practice hacking.
- ZAP for OWASP.
- Learn Cloud technologies.
Alright, I created a GitHub repo with links to most of the resources listed above and much more (All free!), and there are a few books and links to certifications too. Feel free to check it out, or not, no qualms.
You can also check out the SANS Institute for some really great security resources, got this from one of John Strand’s classes and you should definitely check out Wild West Hacking Fest (WWHF), they also have some neat courses (some free ones too).
Feel free to sit for and acquire useful certifications through this learning journey, it’s a needed boost, especially for jobs.
That’s all for now guys, I hope you have a beautiful holiday and rest of the year.
Until next time, Keep Learning, Keep Hacking. And don’t forget to Breathe!
Phoenix Information Security 