How I got into the Security Field

This is kind of an FAQ for the “me” in past which might be useful for someone else

How to enter the Security field or more appropriately How to start “Hacking”

If you want to read a better organized and formatted blog you can read it here on my personal blog: Kaiser784 Blog

If you’re reading this and don’t understand a term or an acronym try your best to google it, coz there will be a lot of googling when you get into security.

Everyone asks for prerequisites when starting in Security, so let’s get to it first.

Do I need to know programming/coding?

No matter how much you avoid it you’ll end up writing scripts, it may either be modifying existing scripting tools or making your own. But as you are just starting you won’t be doing it that much at the beginning.

But the ability to read code will be very helpful at the start, you should also be able to adapt to different programming languages. The major ones I would recommend you to look over would be Python, Ruby, Bash, C/C++ , in no way I mean to become an expert in these languages before you start, but have a basic understanding of how they work. The amount of code you'll be looking at for exploits and vulnerabilities while pentesting, you'll pretty much learn it from there. If you're willing to learn from tutorials, any YouTube channel that you can understand the best is more than enough because they all explain most of the same things but in different ways.

Do I need to use Kali Linux? Can I use Windows?

To be frank, any Linux Distro will do the job, Kali gets all the tools required for pentesting pre-installed which makes it a bit easier. For starters try Ubuntu and get familiar with it.

You can use windows for pentesting, but it’s hard to use some tools so I would recommend either using WSL(Windows Subsystem for Linux) or a VM(Virtual machine). If you’re feeling adventurous you can dual-boot your system but I highly recommend not to do it without someone to help you with it.

As for me, I use Kali Linux as my main machine which is a pretty dumb move from my side but I invested too much time in it now to switch.

Do I need to learn Computer Networking?

You need to know the basics of it and most terms and what they mean. You can try and learn it from different books or try to learn it from pentesting writeups.

For books, I would recommend Comptia Network+ but it gets a bit boring without any practical application, so I would recommend learning it through pentesting. When I say pentesting I don’t mean real-world pentesting but in solving machines and challenges in practice sites.

What is a CTF

What does hacking contain? Is it just “I’m in” as the movies say?

Hacking is much more than “I’m in” but sometimes it boils down to it 😋 . It’s a really vast field with different topics and these topics are inter-connected with each other in more than one way, So it’s pretty hard to isolate each topic and learn it as they almost always go hand-in-hand.

You can look for more details about the different categories from CTF101

Now for where to actually practice

You can learn a lot of basic to intermediate stuff here from Linux to Web Application Security

This is the most beginner-friendly site, it has a lot of resources to learn from and experiment on legally.

This contains archives of previous picoCTF’s, you can practice them it’s very helpful when trying to test your basic knowledge. They also hold yearly CTF’s in Feb-Mar.

This is not exactly a site for hacking but you can practice your scripting skills in different languages, it also contains some cryptography challenges.

This one’s a pretty hardcore site, I would highly suggest beginners steer clear of this site until you think you’re at least an intermediate level coz the challenges are pretty hard for beginners and don’t wanna chase you away with it (at least that’s what I feel).

This one is purely penetration testing and has very good and interesting machines.

This website is not exactly a site for practice but keeps track of all ongoing live CTF’s so that you can participate in them at your convenience.

When practicing in any of the above sites do not hesitate to look at solutions because you’re in the learning phase, you don’t know a lot of stuff in the beginning, learn from the solutions and note them down.

How to keep up in the security world

Twitter, Reddit, and YouTube play a huge role in keeping up with everything going on currently in the community. LinkedIn is a bit stagnant but it’s pretty helpful in following what the security companies are doing.

Keeping up in this community is pretty vital so make sure you’re up-to-date with whatever is going on.

Here are some profiles you can follow to start, you can find other good ones through their retweets and mentions.

Youtube

Twitter

LinkedIN

Reddit

I tried not to repeat people from YouTube on Twitter so that I can mention more people. Do follow their YouTube, Twitter, and LinkedIn, coz remember this always More Information is always Good.

Courses, Certifications and Exam

A lot of Certification exams you apply for come bundled with a course. There aren’t many good courses out there either most of them either feel like scams or are scams.

The courses I would recommend are pretty few, rather than courses I would recommend reading blogs and articles, GitHub repos will be a real huge help if you’re looking for some course-like modeled content.

Here are some good GitHub repos and courses I followed/took.

Courses

Github Repos

Do not just watch the courses or only study from guides, use it practically on the practice sites simultaneously as you’re learning them.

Security certifications are really expensive so you have to be pretty careful and well prepared while taking them. They range from $199 — you can’t even afford them, so be careful when you choose what to get certified for.

The Offensive Security certifications are quite good and are respected in the community, elearnsecurity ones are really good too. This is how I would recommend you to go through for certifications.

I highly suggest not to take the OSCP until you’ve explored at least 2 years in this field.

Use this OSCP prep guide if you’re preparing for eJPT, eCPPTv2, and OSCP. After OSCP you’ll be in this field for enough time to know what to do next.

Do not waste money on certifications that are valid for only 2–3 years or ones with MCQs. Apply for ones that have a practical exam.

What I would recommend you to do

First and foremost I would tell you to read the Hacker Manifesto and then start the journey.

Before diving in, get familiar with common terms and tools used, through HackerSploit and Hacksplaining. Watch some videos of JohnHammond and LiveOverflow and then dive into the practice sites mentioned above.

Definitely watch this video of LiveOverflow where he explains why there is no set path in learning about hacking. Everything you do, everything you stumble upon will factor in the larger picture.

You’ll be navigating through a lot of Linux systems because even though it’s not a very widely used desktop OS, 95% of the web use some kind of Linux OS for their servers.

So get yourself as familiar as possible with Linux, it’ll be pretty different from windows at the start and a bit annoying and hard to use for someone who never used it but trust me you’ll start loving and enjoying it more than windows unless you’re a hardcore gamer (steam is trying to make gaming possible for Linux gonna take some time tho).

Try to practice daily in TryHackMe because if you lose touch it’s gonna be pretty bad in a beginner phase, be as consecutive as possible.

After getting familiar with most of the TryHackMe labs take the INE starter pass which contains the course content and labs for eJPT for free and when you think you’ve prepared enough you can take the eJPT exam and get your first certification and then start preparing for OSCP.

After that, I’m pretty sure you would have a pretty strong foothold to decide what to do from that point on.

I made this blog because when I started there were not many people who could have helped me or guided me and I made this in a way such that it answers most of the questions I had when I started.

May the source be with you in this journey, young padawan. Hack The Planet.

If you want to read a better organized and formatted blog you can read it here on my personal blog: Kaiser784 Blog

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Paul Babu Kadali

Paul Babu Kadali

6 Followers

I love making things work in a way that they were originally not meant to.