Want to learn how to hack computers?
You: “Of course!”
Whether you want a job or it’s a hobby, everyone can learn to hack.
Prepare to learn a broad set of skills, core computing knowledge and problem-solving. Early warning, it’s more involved than a single degree or certification… it’s a ‘whole life’ thing. If any of that sounds interesting, carry on!
Since hacking can take years, here’s my list of courses, videos, books and games to help your journey. Have fun, fellow newbie hacker.
*Disclaimer, ongoing list, I’ll update when I can. Approx times and price tags for each resource, check to confirm. This is a guide and not a strict order, learn how you like.
Tech is a big industry and hacking falls under the Cyber Security field.
Start with Hoppers Roppers Introduction to Computing Fundamentals
free. This introduces you to the above four areas, and most importantly, Linux. To scaffold your Linux learning, see CISCOs Linux Unhatched
free and NetworkChuck’s Linux for Hackers
free video series.
Roppers will also show you programming with Python via Code Academy – Learn Python 2
free/cert cost and Automate The Boring Stuff with Python
free. If you can, get the Automate with Python Udemy Course
low cost do it. Follow the creator, Al Sweigart as the course is given out for free a lot. Learn Python The Hard Way
free is also worth going through for it’s well-written exercises.
These double down on everything you’ve touched on from Roppers plus some.
Then start the TryHackMe – Complete Beginner Learning Path
free/some costs. It does require a premium plan, if that’s not possible, tackle the free walkthroughs: Linux Fundamentals Part 1, Part 2. Part 3, Introductory Networking, Nmap, Web Fundamentals, OWASP Top 10, OWASP Juice Shop, Pickle Rick, Encryption – Crypto 101, Windows Fundamentals Part 1, Part 2, Metasploit, Blue, Linux PrivEsc.
Wow, that’s a lot of learning! Now you’re ready to get into the Cyber Security field!
Capture The Flags
To apply your hacker skills start some Capture The Flags (CTFs).
These are gamified experiences based on real technologies and techniques. Designed to continue learning while creating a fun competitive environment.
To start, go to Roppers Networking with Capture The Flags
free and Roppers Introduction To Capture The Flags
free. Roppers shares OverTheWire’s – Bandit
free, see Bandit 0 – 4, Bandit 5 – 10 and Bandit 11 – 15 for help.
Head back to TryHackMe and take on RootMe, see write-up for help. Then pick from their free CTF rooms available, keep working on them until the list runs dry! Jump over to PicoCTF
free for their Gym CTF’s, here’s my General Skills write-up. Then back to Hack The Box, but this time their CTF platform and not their academy.
After you get comfortable with the basics of CTFs, you’re ready to check CTF Time
free and find a live in-person or online event at your skill level. Some CTFs are team-based, it’s a good opportunity to meet new people and learn from the community. If that’s daunting, you can do some CTFs solo.
A great starting CTF comes from Trace Labs
free. They provide crowdsourced Open Source Intelligence (OSINT) to assist law enforcement with real missing person cases. They throw virtual search parties, so you learn hacking while helping, amazing.
Create your own virtual lab environment to play, test and try out your hacker skills.
A lab means using virtualisation software to replicate a real network of connected computers.
This can be done on almost any modern computer.
Since you’re spawning mini virtual machines on your host computer, be aware of your CPU, RAM and HDD space i.e. hardware limitations.
VulnHub is a platform for vulnerable virtual machines, similar to walkthroughs and practice CTFs.
Start with Metasploitable
free to practice penetration testing using the framework Metasploit
free. This is a collection of tools likened to the Swiss army knife of pen-testing. It’s worth reading Metasploit – The Penetration Testers Guide
costs for a more detailed history and looks into the tool.
Option 1, for an intermediate Cyber Sec lab using VMWare, follow CyberWox home lab (use my write up for VirtualBox) which involves pfSense
free, Security Onion
free eval, Ubuntu Desktop
free, Kali Linux
free, Windows Server
free eval, Windows Desktop
free eval, Splunk
free dev and VulnHub machines
free. At least 8 core CPU, 16Gb RAM and 500Gb HDD.
Ideally, you follow all three labs and have a dedicated lab machine. Maybe you have an old laptop or unused gaming PC you can convert. If you’re buying hardware, I recommend 12+ core CPU, 32Gb+ RAM and 2Tb+ HDD. If you’ve never built a computer before, this is great practice, plus it’s your sandbox to safely hack.
Some people go all out buying routers, switches, dedicated servers etc… it’s up to you how far you’d like to go given your budget and situation. I don’t think you need to spend much if anything.
If purchasing hardware, please look second hand, it helps the environment, keeps consumerism down, plus you’ll find sweet deals! One man’s trash is another man’s treasure.
Content and Community
In order to stay focused while learning, not to mention keeping up to date with the ever-changing field that is Cyber Sec, you need to find some good content.
These are the guys and gals out there, other students on the same path or experts who have been in the field for years! Learn from others, always! Plus, all those courses, capture the flags and labs get a bit exhausting, so break it up!
- Al Sweigart – Creator of Automate The Boring Stuff With Python.
- Chris Titus Tech – videos on Linux and Networking.
- ComputerFile – videos on hacking and networking.
- CS50tv – videos on computer science, interviews and lectures.
- Custodian Data Centres – videos on networking and work inside data centres.
- Darknet Diaries – podcast of real stories from professionals and cybercriminals.
- DarkSec – videos of TryHackMe rooms.
- David Bombal – videos on programming, networking, hacking and more.
- Day Cyberwox – videos of networking and certifications + Discord Server.
- DFIR DIVA – articles on hacking.
- FreeCodeCamp – video courses on programming, networking and more.
- Hak5 – videos on hacking hardware.
- Hoppers Roppers – courses, posts and Slack on computing, networking and programming.
- Jeff Geerling – videos on hardware and networking projects.
- Jim Browning – videos on phishing scams and cybercrime.
- John Hammond – video CTF walkthroughs and hacking tutorials.
- Kalle Hallden – videos on python programming and Linux.
- LiveOverflow – video CTF walkthroughs, hacking conferences and more.
- NetworkChuck – videos on Linux, hacking and networking + Discord Server.
- Professor Messer – content on networking and certs.
- Samy Kamkar – cyber sec professional.
- Seytonic – hacking news.
- STÖK – videos on bug bounties and hacking.
- The Cyber Mentor – videos on hacking, Linux and python.
- Trace Labs – podcast and videos on OSINT hacking.
Share Your Journey – #100DaysOfHacking
This is optional, feel free to ignore it, but I HIGHLY recommend this. All the courses, books and resources you find and put through that beautiful brain of yours, share them!
Start a YouTube channel, write a blog, set up a podcast or sign up for a Twitter account. It doesn’t matter what or where, just share.
There are a few benefits to this:
- Meet others in the community.
- Better understand what you’ve learnt.
- Help others and add to the community.
- Increases luck surface area.
- Nurture writing/video/audio skills.
- Make yourself accountable.
If this sounds exciting to you, start your own #100DaysOfHacking to stay motivated while learning. Tweet me and announce to the world what you’re working on!
Here’s more I’ll add in the future:
- People on Twitter.
- Practice Exams and Certificates.
- Programming and Lab Projects.
- Output: Note-taking, write-ups and active recall (Quizlet)
- Beginner Network Penetration Testing (2019)
I agree, this is a rough list, but I’ll pad it out over time.
If you have any feedback, please send me a message @mrashleyball.