Read on Twitter
So, you want to be a hacker: 2021 edition.
The below thread will include my favorite resources for getting into the hacking field. It is by no means all-inclusive, but should help those of you looking to start. Let's do this...
(1/?)
The below thread will include my favorite resources for getting into the hacking field. It is by no means all-inclusive, but should help those of you looking to start. Let's do this...
(1/?)
Before we get to resources, I must strongly stress a few things. First, it is incredibly important to build a foundation in IT prior to jumping right into the awesome hacky stuff. If you build upon a weak foundation, it's bound to crumble and you'll find yourself struggling
2/?
2/?
Second, hacking is a sexy field and it pays well. However, these should no be your primary motivators. It's a great feeling to hack into something and get paid to do it, but the work that goes into getting to this level is rough and the dropout rate is high
3/?
3/?
Ensure that you're interested in being a hacker because it excites you. The money is just a perk. This field requires lifelong learning. New hacks and defenses are out every day. You cannot be complacent. You can never stop learning. You'll get left behind if you do.
4/?
4/?
With that out of the way, here are the foundational skills that help mold a good hacker:
1) Basic IT skills (A+ cert level)
2) Linux
3) Networking
4) Coding/Scripting
Let's take a bit of a deeper dive into these before we go into hacking resources
5/?
1) Basic IT skills (A+ cert level)
2) Linux
3) Networking
4) Coding/Scripting
Let's take a bit of a deeper dive into these before we go into hacking resources
5/?
If you're brand new to IT, it's good to pick up the basics. I typically point people to the A+ certification. You don't have to obtain it, but studying the content in the syllabus definitely helps.
My favorite free resource is @ProfessorMesser - https://www.professormesser.com/free-a-plus-training/220-1001/220-1000-training-course/
6/?
My favorite free resource is @ProfessorMesser - https://www.professormesser.com/free-a-plus-training/220-1001/220-1000-training-course/
6/?
There are other great resources, such as @CBTNuggets and Mike Meyers on Udemy. These two are paid, but equally as good depending on your learning style.
All three of these resources also have Network+ and Security+ material that is worth studying imo
7/?
All three of these resources also have Network+ and Security+ material that is worth studying imo
7/?
For Linux skills, you can find a million different trainings online. Here are a couple of my favorites:
https://overthewire.org/wargames/bandit/
https://linuxjourney.com/
Again, sites like CBT Nuggets, Udemy, and YouTube will have fantastic resources for Linux as well.
8/?
https://overthewire.org/wargames/bandit/
https://linuxjourney.com/
Again, sites like CBT Nuggets, Udemy, and YouTube will have fantastic resources for Linux as well.
8/?
The Linux used in hacking is primarily Debian-based. We often use Kali and Parrot (plus other custom builds).
The best way to learn, imo, is to immerse yourself in it. Use it as a main OS for a week. Just like a foreign language, it's easier to pick up in person vs in class
9/?
The best way to learn, imo, is to immerse yourself in it. Use it as a main OS for a week. Just like a foreign language, it's easier to pick up in person vs in class
9/?
On to coding/scripting. At a minimum, you need to be able to read code to be successful in this field. You do not have to be a full-on developer. Thankfully, there are a ton of free resources out there for coding. I strongly recommend starting with Python
10/?
10/?
Python is beginner friendly and fairly easy to pick up. Here are some of my favorite resources (free and paid):
https://www.codecademy.com/
https://teamtreehouse.com/
https://www.amazon.com/Learn-Python-Hard-Way-Introduction/dp/0134692888
You can also check out @freeCodeCamp on YouTube and find great courses there too
11/?
https://www.codecademy.com/
https://teamtreehouse.com/
https://www.amazon.com/Learn-Python-Hard-Way-Introduction/dp/0134692888
You can also check out @freeCodeCamp on YouTube and find great courses there too
11/?
For networking, I strongly recommend Mike Meyer's Net+ course on Udemy: https://www.udemy.com/course/comptia-network-cert-n10-007-the-total-course/
Again, Professor Messer ( https://www.professormesser.com/network-plus/n10-007/n10-007-training-course/) is great
CBT Nuggets as well, especially for their CCNA material ( https://www.cbtnuggets.com/it-training/cisco/ccna), which is a great for a foundation
12/?
Again, Professor Messer ( https://www.professormesser.com/network-plus/n10-007/n10-007-training-course/) is great
CBT Nuggets as well, especially for their CCNA material ( https://www.cbtnuggets.com/it-training/cisco/ccna), which is a great for a foundation
12/?
Okay, we're through the foundations. Now, we're ready for some hacking. Where to start? Self-plug, but I recommend my Practical Ethical Hacking course ( https://academy.tcm-sec.com/p/practical-ethical-hacking-the-complete-course).
The first 10 hours or so is free without any sign up required (just press preview!)
13/?
The first 10 hours or so is free without any sign up required (just press preview!)
13/?
This course is designed to teach you the foundational skills described above and build you up into actual hacking. Beyond the basics, it covers exploit development, web app hacking, and Active Directory hacking. An older version is free on YT
14/?
14/?
Beyond this, I think it's great to start practicing with intentionally vulnerable machines. Sites such as:
https://tryhackme.com
https://hackthebox.com
https://vulnhub.com
are great. I highly suggest starting with @RealTryHackMe as it's very beginner friendly
15/?
https://tryhackme.com
https://hackthebox.com
https://vulnhub.com
are great. I highly suggest starting with @RealTryHackMe as it's very beginner friendly
15/?
If you like these type of capture the flag (CTF) style vulnerable machines, you might also be interested in participating in CTFs. If so, you should bookmark https://ctftime.org and participate in the events/read the writeups and improve your game.
16/?
16/?
Once you have the basics down, there are specific areas you should familiarize yourself with, especially if you want to be a pentester. Those are:
Active Directory
Wireless
Web Application
Exploit Development (somewhat)
Privilege Escalation (we'll talk about this soon)
17/?
Active Directory
Wireless
Web Application
Exploit Development (somewhat)
Privilege Escalation (we'll talk about this soon)
17/?
Active Directory hacking is one of the most overlooked categories for those looking to break into the field. Think about it. >95% or so of the Fortune 1000 companies utilize AD in their business environments. This is a significant part of our job and comes up in interviews
18/?
18/?
For AD, beyond the course I listed above, there are amazing resources:
To start, this blog is still relevant in 2021: https://medium.com/@adam.toscher/top-5-ways-i-gained-access-to-your-corporate-wireless-network-lo0tbo0ty-karma-edition-f72e7995aef2
There are also great courses from @SecurityTube:
https://www.pentesteracademy.com/redlabs
And from @_RastaMouse:
https://www.zeropointsecurity.co.uk/red-team-ops
19/?
To start, this blog is still relevant in 2021: https://medium.com/@adam.toscher/top-5-ways-i-gained-access-to-your-corporate-wireless-network-lo0tbo0ty-karma-edition-f72e7995aef2
There are also great courses from @SecurityTube:
https://www.pentesteracademy.com/redlabs
And from @_RastaMouse:
https://www.zeropointsecurity.co.uk/red-team-ops
19/?
My favorite AD bloggers are:
@PyroTek3 - https://adsecurity.org
@_dirkjan - https://dirkjanm.io/
@Haus3c - https://hausec.com/
and literally anything put out by @SpecterOps/ @CptJesus/ @byt3bl33d3r/ @harmj0y
Some of these reads can get pretty deep, FYI
20/?
@PyroTek3 - https://adsecurity.org
@_dirkjan - https://dirkjanm.io/
@Haus3c - https://hausec.com/
and literally anything put out by @SpecterOps/ @CptJesus/ @byt3bl33d3r/ @harmj0y
Some of these reads can get pretty deep, FYI
20/?
On the web app/bug bounty side, here are great resources:
https://hacker101.com via @Hacker0x01
https://portswigger.net/web-security via @PortSwigger
https://pentesterlab.com/ via @PentesterLab
https://www.bugcrowd.com/hackers/bugcrowd-university/ via @Bugcrowd
I also have a free course
21/?
https://hacker101.com via @Hacker0x01
https://portswigger.net/web-security via @PortSwigger
https://pentesterlab.com/ via @PentesterLab
https://www.bugcrowd.com/hackers/bugcrowd-university/ via @Bugcrowd
I also have a free course
21/?
There are a ton of content creators we will get to in a bit. It is also incredibly helpful, when learning web apps, to familiarize yourself with OWASP ( https://owasp.org/ ), the OWASP Top 10 ( https://owasp.org/www-project-top-ten/), and the testing guide ( https://owasp.org/www-project-web-security-testing-guide/)
22/?
22/?
Beyond this, reading bug bounty write ups is always interesting and helps understand different exploits. You can dig these up via blogs and Google. Plus, most of the bounty sites have them. Such as:
https://hackerone.com/hacktivity
23/?
https://hackerone.com/hacktivity
23/?
