In 2019 I wrote an article on how to learn to hack.
It’s not technically wrong but I feel like it’s a little dated.
The education landscape for cyber has changed fairly significantly in 4 years.
I want you to remember this: all the information to learn cyber is freely available in some form on the Internet. Which means: “just Google it”.
1. Understand the Internet
If you're keen on courses, there is CompTIA’s Network+, A+, Cloud+, Security+ and more that can help guide you if you’re stuck. You can even study for these exams for free using YouTube channels like Professor Messor. These are vendor-neutral courses, so you won't learn any particular technologies, you'll learn principles.
2. Get a hypervisor and set up your hacking machine
A hypervisor is software that allows you to run a computer within a computer. We call them Virtual Machines or VMs. I use VMware Fusion (paid) because I'm on macOS and it feels like it belongs on macOS, but you can use VirtualBox (free) if you prefer. If you're on Windows you can use VMware Workstation or VirtualBox.
Cloud VMs are common these days, but knowing how to use hypervisors is a valuable skill. When you're doing a basic penetration test, you’ll probably be running Kali in a hypervisor.
3. Download Kali Linux
Kali Linux is a free, well-maintained operating system that you will learn to love. It’s looked after by OffSec, a well-regarded company in the industry. It is the operating system of choice for hackers the world over. It comes with hundreds of hacking tools built-in and you can add more as you progress. All for free. Make sure you get the version that works on your hypervisor. If you're stuck on the setup process, search for it on YouTube. (I have a few). Another popular choice these days is ParrotOS. It’s run by ParrotSec and I’ll explain it later in this blog.
4. Master note-taking
Now you have all the software that hackers use day-to-day. What you lack is hacking knowledge. There are a lot of websites, YouTube channels, and books to choose from. Get ready to be busy organising your bookmarks. I recommend GitBook and Notion for staying organised. When hacking a new platform or learning how to hack, I use GitBook to keep structured notes. It's awesome. This isn't an ad. I use the free version of GitBook myself. You could absolutely just use Notion though. So if you're comfortable with Notion, I'd stay there.
5. Join Hack the Box
This is not a paid endorsement. Hack the Box is the top dog when it comes to online training labs in my honest opinion. I've been using it for years. I highly recommend buying VIP access; it's a bargain at twice the price. You'll get access to active and retired machines, challenges, a members area, and there are "pro" labs when you're ready to really test your skills. The retired machines are where you will do the majority of your learning, with great videos from IppSec. You can even apply for jobs directly on the site whenever you have earned the relevant rank.
A cool thing on Hack the Box is they offer you ParrotOS in the browser! This means you don't need to mess around with hypervisors, downloading and configuring Kali Linux, or using VPNs. Pretty neat!
They recently added an Academy where you can learn everything that I mentioned at the start of this article. They have certifications for bug hunters and penetration testers as well as loads of learning pathways covering every topic you can imagine on cyber.
Hack The Box is a fast-evolving company, I made this video in August 2022, but if you're totally new to it, you'll get value out of this video:
6. Test what you have learned
If you've gone through all that, you've come a long way. Well done. Perhaps you'd like to consolidate what you know in a common format that employers will understand: a certification. There are a lot of information security training courses and exams out there. Here are a few vendors and courses to check out:
- eLearn Security's eJPT: a fun and cost-effective way to get your first certificate - this was the first penetration testing cert I did and it's fun!
- Hack The Box's CPTS: the new kid on the block, but anything from Hack The Box will be a challenge and well recognised.
- TCM Security's PNPT: an amazing team with great videos and a well-regarded, reasonably priced cert.
- OffSec's OSCP: 48 hours of pain; still the most coveted certificate on the market because of its history and relationship with Kali. I passed the OSCP the first time, my video below will help you do the same.
- Zero Point Security's CRTO: once you've got one of the certs above, maybe try this one to nail the Red Team workflow.
7. Keep on learning
There is no end to the amount of learning one can do with regard to cybersecurity. There is enough to last a literal lifetime. Find your niche and become an expert or stay as a generalist with a few areas that you really like to dive into. It's up to you.
8. More ways I can help you
- If you'd like to get daily cyber news updates, follow TEARLINE on LinkedIn, Twitter, Facebook or even on the Telegram channel.
- If you'd like to land a career in cyber security but don't know where to start, your best bet is through my SWITCHFIRE guide.
- If you'd like to learn how to create content to raise your online profile, I have a free email crash course and a whole series of video workshops.
I'll see you online and best of luck!