This was always the question in my mind from the very beginning and after studying for months and doing deep analysis and research, I came to the conclusion that everything is available for free these days. You just have to be willing to learn and grow.
As per my experience, I’ve noticed that people will ask you to teach them hacking and when you start with the basics which are obviously important then they will say no, it’s boring. We don’t wanna learn this. We wanna learn real hacking. That’s where we need to make sure they understand the real meaning behind the term hacking and most importantly Ethical Hacking. It’s not about writing fancy lines of codes on a black and green screen. It’s about learning how things work and how you can break them. Understand the logic and concepts. If it was easy then everyone would have done that. When a kid is born, they doesn’t start walking straightaway, they first learns to crawl then walk then run. So follow the steps in the correct order.
Hacking is all about the right mindset which one attains when he/she practices a lot and gains real-world experience and builds a basic foundation.
Tips to build a great foundation:
Learn basic IT skills. (Understand how computer and the internet works)
Networking skills. (What is an OSI model, how do data travel, how to deploy your own network, etc and study for CompTIA Network+, CompTIA A+, and CCNA) Resources
Linux skills. (Choose your own Linux distro if you have worked with it before otherwise I’d suggest going with Kali Linux and getting familiar with all the commands, Bash scripting, and all) Resources → Kali Linux course, free website.
Coding skills. You don’t need to be a programmer or developer to start in cybersecurity. The language I and every other person in this industry would suggest to you is Python. There are tons of free amazing resources available on YouTube for free. So, go on with any of it as it depends on you which one you understand and like to go with.
Now, let’s jump to hacking basics. Some of the best free resources out there are TryHackMe, HackTheBox, and PentesterLab. Now, after completing all the basics and a few rooms on THM as well as some machines on HTB, you are good to go for an analyst job but why stop here. You need to advance your level. Now, at this stage, you must have been aware of which area you are willing to work in. Is it Offensive security or Defensive security mean red team or blue team. Research on it, it’s up to you which path you wanna follow. You should now start writing your blogs and walkthroughs. Share your experience and knowledge with others as it will also help you learn more.
Play CTFs: It’s fun to solve CTFs (Capture the flag), you can learn a lot from them and it’s free of cost. And if you become good at solving them, you can actually earn from them as well. They are just like Competitive programming but here you need to find the hidden flags. Some of the websites are: picoCTF, CTFtime for ongoing and past CTF challenges, Hacker 101 CTF, OverTheWire. These are the beginner-friendly as well as advanced and you can easily find their walkthroughs online.
Create projects such as keylogger software, Password manager, create ransomware, and deploy it in a VM or VirtualBox. How to create them? just use your research and analytic skills now. Do entry-level internships and build your awesome resume. Here, I created a password manager in python language. You can use it for reference purposes or just create a better version of it.
Let’s hop to bug bounty now. A bug bounty is basically hacking into an organization with valid permissions under their bug bounty program and you get paid for finding vulnerabilities. Every big company as well as some small companies runs a bug bounty program. Here you just get paid for your skills. Practice your bug bounty skills at:
1. HackTheBox
2. HackThisSite
3. PortSwigger
4. HellBound Hackers
5. bWAPP
6. intigriti
Websites for finding vulns on:
1. HackerOne
2. Bugcrowd
3. intigriti
3. All other company sites such as Google, Meta, Microsoft, etc.
Register right here and share your opinion in the group chat: https://broadway.africamotion.net/