Video Version:
Introduction
Recently, I posted a 36-part Twitter thread (https://twitter.com/thecybermentor/status/1343471814132031488) on how to become an ethical hacker in 2021. Given that it was well received, I thought it might be better to put all of that information into a more digestible page. So, without further ado, let’s chat about how you can break into the field of ethical hacking.
Before We Begin…
Before we dive into the resources, I must strongly stress a few things. First, it is incredibly important to build a strong foundation in IT prior to jumping right into the awesome hacky stuff. Think about your hacking career as if it were a house. If you build a house upon a weak foundation, there’s a good chance it will crumble. The same goes for your hacking career. If you skip over the foundational skills, you’ll likely find yourself lost and overwhelmed, which may discourage you from heading down the hacker path all together.
Second, ethical hacking is a “sexy” field. You literally get paid to break into networks, applications, buildings, and lots more. That’s damn sexy indeed. On top of this, it pays very well. Why does it pay well? Well, because not everyone is cut out to do this type of work. It’s basic economics at the end of the day: low percentage of capable workers coupled with a high demand leads to high salaries.
So why am I going on about this? Mainly because I see a lot of people try to break into the field because hacking sounds cool or pays well. I see a lot of people chasing the money. You should not be choosing this field solely because it pays well. Hacking is a lot of work. Not only is it challenging to break into the field, but you also have to stay on top of your game as new exploits and defenses come out. You are expected to be a life-long learner and if you’re at all complacent, you’ll be left behind by your peers.
Ensure that you’re interested in being a hacker because it excites you. The money is just a perk. You cannot be complacent. You can never stop learning. You have to constantly work hard to stay on top of your game. For this, you’ll get paid incredibly well and have a ton of fun.
The Foundations
With my rant out of the way, let’s chat about the foundational skills that I feel are necessary to mold a good hacker. With each of the skills, I will link resources/courses to help improve your skillset. Some of the links will be related to certifications. You do not have to take the certification unless you want to (though, it could help with landing a job). If you’re short on cash, just focus on the trainings themselves.
Now, the foundational skills:
1) Basic IT skills. By this, I mean your standard break/fix help desk skillset. Can you build a computer and identify its parts? Can you troubleshoot and fix issues? In my mind, this would be equivalent to the CompTIA A+ certification. If you’re brand new to IT and starting here, I strongly recommend picking one of the following resources:
FREE – Professor Messer – https://www.professormesser.com/free-a-plus-training/220-1001/220-1000-training-course/
PAID – https://www.cbtnuggets.com/certification-playlist/comptia-a-plus
2) Networking skills. Networking skills are incredibly important when it comes to penetration testing. If I ask you to describe the OSI model, to tell me what service is running on port 22, or ask you to describe CIDR notation, can you do it? What about the TCP three-way handshake? If what I am saying to you is pure jibberish then congratulations, you need networking skills. Here are some of my favorite resources:
PAID, BUT WORTH IT – Mike Meyers – https://www.udemy.com/course/comptia-network-cert-n10-007-the-total-course/
FREE – Professor Messer – https://www.professormesser.com/network-plus/n10-007/n10-007-training-course/
PAID – CBT Nuggets CCNA – https://www.cbtnuggets.com/it-training/cisco/ccna
FREE – NETACAD PACKET TRACER – https://www.netacad.com/courses/packet-tracer
3) Linux skills. We use a lot of Linux in ethical hacking. Primarily, we use a Debian-based distribution. This is often either Kali Linux or Parrot. Some hackers choose to use their own builds and distributions, but Kali and Parrot dominate the majority. Fortunately, there are a multitude of free resources out there for individuals interested in learning Linux.
My personal recommendation is to treat Linux like learning a foreign language. You can learn from an instructor and sure, you’ll pick stuff up. However, if you immerse yourself in the environment (e.g. living in a foreign country or in our case, using Linux as a primary operating system), you’ll pick things up a lot easier. Try installing Linux and using it for a week without using any other operating system. You’ll be surprised how fast you learn!
With that being said, here are two fantastic free websites for learning Linux:
https://linuxjourney.com/
https://overthewire.org/wargames/bandit/
You can also use YouTube, Udemy, or other learning platforms to build this foundation.
4) Coding/Scripting skills. For coding/scripting, you need to be able to read code, at a minimum, to be successful in this field. Fret not, you do not have to be a full-on developer. The better your are at coding, the easier your life will be. However, I’ve had a successful career and am fairly terrible at coding :).
For coding, I recommend starting with Python. Python is incredibly beginner friendly and is fairly easy to pick up. Here are some of my favorite resources:
(Note: Make sure you learn Python 3 and NOT Python 2 as it is quickly becoming deprecated)
FREE TRIAL (NO CC REQUIRED) – Codecademy – https://www.codecademy.com/
PAID, BUT FANTASTIC – Team Treehouse – https://teamtreehouse.com/
BOOK – Amazon – https://www.amazon.com/Learn-Python-Hard-Way-Introduction/dp/0134692888
FREE – FreeCodeCamp – https://www.freecodecamp.org/
You’ve Got the Foundations, Now What?
Okay, we’re through the foundations and ready to start hacking. Where to start? Self-plug, but I strongly recommend my Practical Ethical Hacking course (https://academy.tcm-sec.com/p/practical-ethical-hacking-the-complete-course)
Note: The first 10 hours of this course are free to watch without signing up. Just click preview under the Course Curriculum section.
The Practical Ethical Hacking course is designed to teach you the foundational skills described above (it has sections on Linux, Python, and Networking) and build you up into actual hacking. Beyond the basics, it covers buffer overflows/exploit development, web application hacking, and Active Directory hacking. You can also find a shorter (and somewhat dated) version of the course free here:
https://www.youtube.com/watch?v=WnN6dbos5u8&ab_channel=TheCyberMentor
Beyond this, I think it’s great to start practicing hacking with intentionally vulnerable machines. That is: machines that are designed to be hacked. A lot of these machines are not “practical” and follow more of a “Capture the Flag (CTF)” style. However, they are great at teaching the fundamentals, tools, and mental persistence needed to be successful as a hacker. My three favorite sites for this are (in order):
https://tryhackme.com
https://hackthebox.com
https://vulnhub.com
I highly suggest starting with TryHackMe first, especially as a beginner. The platform has a lot of free machines that you can practice on and really helps hold your hand/describe what actions you’re taking and why. If you have $10 to spare, the monthly subscription is worth it. The other two sites are great, but are more challenging for beginners and should be done once you have some experience under you belt, in my opinion.
Additionally, if you like the CTF-type hacking, you might also be interested in participating in CTF events. If so, you should check https://ctftime.org for the latest upcoming CTFs and participate in them/read the writeups to improve your game.
Beyond the basics
Once you are feeling comfortable with the basics, there are several additional areas of hacking that you should familiarize yourself with, especially if you want to be a pentester. Those areas are:
1) Active Directory. Active Directory hacking is, in my opinion, one of the most overlooked categories by people looking to break into the field. Given that >95% or so of Fortune 1000 companies utilize Active Directory in their business environments, it’s an incredibly significant skillset to learn. Active Directory hacking comes up a ton in interviews and I find that a lot of people I’ve interviewed in the past that had shiny certifications, but no work experience, really struggled with the topic.
For Active Directory, beyond my course above, there are some pretty fantastic resources. Start with this blog, as it’s still relevant in 2021: https://medium.com/@adam.toscher/top-5-ways-i-gained-access-to-your-corporate-wireless-network-lo0tbo0ty-karma-edition-f72e7995aef2
Then look into these courses. Both are paid, but worth it:
https://www.pentesteracademy.com/redlabs
https://www.zeropointsecurity.co.uk/red-team-ops
On top of this, here are people (and blogs) you should follow if you’re interested in Active Directory hacking:
@PyroTek3 – https://adsecurity.org/
@_dirkjan – https://dirkjanm.io/
@Haus3c – https://hausec.com/
Additionally, anything by @SpecterOps, @CptJesus, @byt3bl33d3r, @gentilkiwi, and @harmj0y
2) Web Application Hacking. Any sort of application hacking is in high demand right now. When you see all those fancy bug bounty posts, it’s more than likely a bug that was found on a web or mobile application. There are jobs out there just for web app hackers. If you want to be a pentester, you have to learn this to step up your game. Here are some great, mostly free, resources:
https://hacker101.com
https://portswigger.net/web-security
https://www.bugcrowd.com/hackers/bugcrowd-university/
https://pentesterlab.com
(Self-plug: I’ve got a free course on YouTube for hacking web apps: https://www.youtube.com/watch?v=24fHLWXGS-M)
It is also helpful, when learning web apps, to familiarize yourself with OWASP (https://owasp.org), the OWASP Top 10 (https://owasp.org/www-project-top-ten/), and the OWASP Testing Guide (https://owasp.org/www-project-web-security-testing-guide/)
Beyond these resources, reading bug bounty write-ups is always interesting and helps understand the various exploits you might see in web applications. You can dig these up via blogs and Google, Additionally, most of the bounty websites have them. Such as: https://hackerone.com/hacktivity
3) Wireless Hacking. You can learn to hack wireless networks pretty quick. In fact, a lot of the hackers I know started out tinkering with wireless hacking before jumping into other areas of ethical hacking. You can easily pick up the skillset needed to hack WPA2 Personal by having the right equipment and reading a short blog post, such as: https://www.aircrack-ng.org/doku.php?id=cracking_wpa
WPA2 Enterprise is a little trickier, but hey, there are blogs for that too: https://cyberpunk.xyz/targeted-wpa2-enterprise-evil-twin-attacks-eaphammer
4) Certifications. The next thing to discuss are certifications. In my opinion, unless you need the Certified Ethical Hacker (CEH) or the CompTIA Pentest+ for job purposes (see: DoD 8570), then avoid them. They are not worth the time or effort.
As of this posting, the best return on investment hacking certification (and a bit of a glorified gatekeeper bypass-er) is the OSCP: https://www.offensive-security.com/pwk-oscp/
There are other valuable hacking certifications, from organizations such as SANS and INE/eLearnSecurity, but they are more expensive and the return on investment is arguably less.
Regardless of the certification you choose (and you should pick at least one, in my opinion, to be competitive in the current job market), you’ll likely need to have skills in basic exploit development (see: buffer overflows), basic hacking, and privilege escalation.
5) Exploit Development. Since we’ve covered basic hacking already, let’s talk about exploit development and buffer overflows. For a lot of the practical exams (OSCP, eCPPT, etc), you will be asked to perform a basic stack-based buffer overflow. This may sound daunting, but it’s not all that bad.
I have a video series on the topic here: https://www.youtube.com/playlist?list=PLLKT__MCUeix3O0DPbmuaRuR_4Hxo4m3G
And a blog post covering it here: https://tcm-sec.com/buffer-overflows-made-easy/
Additionally, @TibSec has a room on TryHackMe that is great: https://tryhackme.com/room/bufferoverflowprep
If you can complete the buffer overflow from these tutorials, you can knock out the exam overflows with little issue.
If you find yourself intrigued by exploit development and wanting to learn more, there are two great YouTube channels I can recommend:
LiveOverflow – https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w
GynvaelColdwind – https://www.youtube.com/user/GynvaelColdwind
6) Privilege Escalation. This is a topic many new hackers struggle with. You land on a machine, but you’re not the admin/root user. How can you elevate your privileges? You’ll be tested on this in practically any relevant exam, so it’s a topic you should know.
Again, I have some courses on the topic:
Windows Privilege Escalation – https://academy.tcm-sec.com/p/windows-privilege-escalation-for-beginners
Linux Privilege Escalation – https://academy.tcm-sec.com/p/linux-privilege-escalation
As does TibSec:
Windows Privilege Escalation – https://www.udemy.com/course/windows-privilege-escalation/
Linux Privilege Escalation – https://www.udemy.com/course/linux-privilege-escalation/
Plus, there are a million guides out there for PrivEsc. I will leave you to your Googling skills to find these, but here is just one example of a great guide: https://book.hacktricks.xyz/linux-unix/privilege-escalation
Content Creators
This article would be incomplete if I did not include some of my favorite content creators. I’m including both smaller and larger channels, in no particular order. Additionally, I apologize in advance if I miss someone!
General Hacking:
Me (The Cyber Mentor) – https://youtube.com/c/thecybermentor
John Hammond – https://www.youtube.com/user/RootOfTheNull
Joe Helle – https://www.twitch.tv/themayor11
Stefan Rows – https://www.youtube.com/user/Ceophreak
DC CyberSec – https://www.youtube.com/channel/UC3sccPO4v8YqCTn8sezZGTw
HackerSploit – https://www.youtube.com/channel/UC0ZTPkdxlAKf-V33tqXwi3Q
NullByte – https://www.youtube.com/channel/UCgTNupxATBfWmfehv21ym-g
sup3rhero1 – https://www.twitch.tv/sup3rhero1
Ash_F0x – https://www.twitch.tv/ash_f0x
Web App/Bug Bounty:
NahamSec – https://www.youtube.com/channel/UCCZDt7MuC3Hzs6IH4xODLBw
STÖK – https://www.youtube.com/channel/UCQN2DsjnYH60SFBIA6IkNwg
InsiderPhD – https://www.youtube.com/user/RapidBug
The XSS Rat – https://www.youtube.com/channel/UCjBhClJ59W4hfUly51i11hg
Codingo – https://www.youtube.com/channel/UCUfO02gdMDXgOJWdv_jiLMg
PwnFunction – https://www.youtube.com/channel/UCW6MNdOsqv2E9AjQkv9we7A
Farah Hawa – https://www.youtube.com/channel/UCq9IyPMXiwD8yBFHkxmN8zg
Communities
Lastly, I believe communities are an important aspect to becoming a good hacker. It gives you the ability to ask questions, help others, and network with people in the field or looking to get into the field. Do not underestimate the importance of networking with others and do not underestimate how a strong community can enhance your learning. Here are a few of my favorites:
TCM Discord (shameless plug) – https://tcm-sec.com/discord
NetSecFocus – https://mm.netsecfocus.com/join
NahamSec Discord (for bug bounties) – https://discord.gg/KsxB68wmSt
If you’re a military veteran, I suggest checking out the community at VetSec – https://veteransec.com
Conclusion
I really hope you found this article useful. While it is by no means all-inclusive, a lot of the links I provided helped to guide me to where I am today. Every path is different and I encourage you to research outside resources as well. Regardless, you now have enough material in front of you to keep you busy for all of 2021. Happy hacking!