Last year, I posted a blog (https://tcm-sec.com/so-you-want-to-be-a-hacker-2021-edition/) and video (https://www.youtube.com/watch?v=mdsChhW056A) on how to become an ethical hacker in 2021. Given that it was well received, I thought it might be fun to update the blog with resources for 2022. So, without further ado, let’s chat about how you can break into the field of ethical hacking in 2022.
Before We Begin…
Before we dive into the resources, I must strongly stress a few things. First, it is incredibly important to build a strong foundation in IT prior to jumping right into the awesome hacky stuff. Think about your hacking career as if it were a house. If you build a house upon a weak foundation, there’s a good chance it will crumble. The same goes for your hacking career. If you skip over the foundational skills, you’ll likely find yourself lost and overwhelmed, which may discourage you from heading down the hacker path all together.
Second, ethical hacking is a “sexy” field. You literally get paid to break into networks, applications, buildings, and lots more. That’s damn sexy indeed. On top of this, it pays very well. Why does it pay well? Well, because not everyone is cut out to do this type of work. It’s basic economics at the end of the day: low percentage of capable workers coupled with a high demand leads to high salaries.
So why am I going on about this? Mainly because I see a lot of people try to break into the field because hacking sounds cool or pays well. I see a lot of people chasing the money. You should not be choosing this field solely because it pays well. Hacking is a lot of work. Not only is it challenging to break into the field, but you also have to stay on top of your game as new exploits and defenses come out. You are expected to be a life-long learner and if you’re at all complacent, you’ll be left behind by your peers.
Ensure that you’re interested in being a hacker because it excites you. The money is just a perk. You cannot be complacent. You can never stop learning. You have to constantly work hard to stay on top of your game. For this, you’ll get paid incredibly well and have a ton of fun.
With my rant out of the way, let’s chat about the foundational skills that I feel are necessary to mold a good hacker. With each of the skills, I will link resources/courses to help improve your skillset. Some of the links will be related to certifications. You do not have to take the certification unless you want to (though, it could help with landing a job). If you’re short on cash, just focus on the trainings themselves.
Now, the foundational skills:
1) Basic IT skills. By this, I mean your standard break/fix help desk skillset. Can you build a computer and identify its parts? Can you troubleshoot and fix issues? In my mind, this would be equivalent to the CompTIA A+ certification. If you’re brand new to IT and starting here, I strongly recommend picking one of the following resources:
FREE – Professor Messer – https://www.professormesser.com/free-a-plus-training/220-1001/220-1000-training-course/
PAID – https://www.udemy.com/course/new-comptia-a-2019-certification-1001-the-total-course/ andhttps://www.udemy.com/course/new-comptia-a-2019-certification-1002-the-total-course/
2) Networking skills. Networking skills are incredibly important when it comes to penetration testing. If I ask you to describe the OSI model, to tell me what service is running on port 22, or ask you to describe CIDR notation, can you do it? What about the TCP three-way handshake? If what I am saying to you is pure jibberish then congratulations, you need networking skills. Here are some of my favorite resources:
FREE – Professor Messer – https://www.professormesser.com/network-plus/n10-007/n10-007-training-course/
FREE – NETACAD PACKET TRACER – https://www.netacad.com/courses/packet-tracer
PAID, BUT WORTH IT – Mike Meyers – https://www.udemy.com/course/comptia-network-cert-n10-007-the-total-course/
3) Linux skills. We use a lot of Linux in ethical hacking. Primarily, we use a Debian-based distribution. This is often either Kali Linux or Parrot. Some hackers choose to use their own builds and distributions, but Kali and Parrot dominate the majority. Fortunately, there are a multitude of free resources out there for individuals interested in learning Linux.
My personal recommendation is to treat Linux like learning a foreign language. You can learn from an instructor and sure, you’ll pick stuff up. However, if you immerse yourself in the environment (e.g. living in a foreign country or in our case, using Linux as a primary operating system), you’ll pick things up a lot easier. Try installing Linux and using it for a week without using any other operating system. You’ll be surprised how fast you learn!
With that being said, here are two fantastic free websites for learning Linux:
PAID (self-promotion) – TCM Security Academy – https://academy.tcm-sec.com/p/linux-101
4) Coding/Scripting skills. For coding/scripting, you need to be able to read code, at a minimum, to be successful in this field. Fret not, you do not have to be a full-on developer. The better your are at coding, the easier your life will be. However, I’ve had a successful career and am fairly terrible at coding :).
For coding, I recommend starting with Python. Python is incredibly beginner friendly and is fairly easy to pick up. Here are some of my favorite resources:
(Note: Make sure you learn Python 3 and NOT Python 2 as it is quickly becoming deprecated)
FREE – FreeCodeCamp – https://www.freecodecamp.org/
FREE TRIAL (NO CC REQUIRED) – Codecademy – https://www.codecademy.com/
PAID – Team Treehouse – https://teamtreehouse.com/
PAID (self-promotion) – TCM Security Academy – https://academy.tcm-sec.com/p/python-101-for-hackers and https://academy.tcm-sec.com/p/python-201-for-hackers
You’ve Got the Foundations, Now What?
Okay, we’re through the foundations and ready to start hacking. Where to start? Self-plug, but I strongly recommend my Practical Ethical Hacking course (https://academy.tcm-sec.com/p/practical-ethical-hacking-the-complete-course)
Note: The first 12 hours of this course are free to watch on YouTube:
The Practical Ethical Hacking course is designed to teach you the foundational skills described above (it has sections on Linux, Python, and Networking) and build you up into actual hacking. Beyond the basics, it covers buffer overflows/exploit development, web application hacking, and Active Directory hacking.
Beyond this, I think it’s great to start practicing hacking with intentionally vulnerable machines. That is: machines that are designed to be hacked. A lot of these machines are not “practical” and follow more of a “Capture the Flag (CTF)” style. However, they are great at teaching the fundamentals, tools, and mental persistence needed to be successful as a hacker. My three favorite sites for this are (in order):
I highly suggest starting with TryHackMe first, especially as a beginner. The platform has a lot of free machines that you can practice on and really helps hold your hand/describe what actions you’re taking and why. If you have $10 to spare, the monthly subscription is worth it. The other two sites are great, but are more challenging for beginners and should be done once you have some experience under you belt, in my opinion.
Additionally, if you like the CTF-type hacking, you might also be interested in participating in CTF events. If so, you should check https://ctftime.org for the latest upcoming CTFs and participate in them/read the writeups to improve your game.
Beyond the basics
Once you are feeling comfortable with the basics, there are several additional areas of hacking that you should familiarize yourself with, especially if you want to be a pentester. Those areas are:
1) Active Directory. Active Directory hacking is, in my opinion, one of the most overlooked categories by people looking to break into the field. Given that >95% or so of Fortune 1000 companies utilize Active Directory in their business environments, it’s an incredibly significant skillset to learn. Active Directory hacking comes up a ton in interviews and I find that a lot of people I’ve interviewed in the past that had shiny certifications, but no work experience, really struggled with the topic.
For Active Directory, beyond my course above, there are some pretty fantastic resources. Start with this blog, as it’s still relevant in 2021: https://firstname.lastname@example.org/top-5-ways-i-gained-access-to-your-corporate-wireless-network-lo0tbo0ty-karma-edition-f72e7995aef2
Then look into these courses. Both are paid, but worth it:
On top of this, here are people (and blogs) you should follow if you’re interested in Active Directory hacking:
@PyroTek3 – https://adsecurity.org/
@_dirkjan – https://dirkjanm.io/
@Haus3c – https://hausec.com/
Additionally, anything by @SpecterOps, @CptJesus, @byt3bl33d3r, @gentilkiwi, and @harmj0y
2) Web Application Hacking. Any sort of application hacking is in high demand right now. When you see all those fancy bug bounty posts, it’s more than likely a bug that was found on a web or mobile application. There are jobs out there just for web app hackers. If you want to be a pentester, you have to learn this to step up your game. Here are some great, mostly free, resources:
(Self-plug: I’ve got a free course on YouTube for hacking web apps: https://www.youtube.com/watch?v=24fHLWXGS-M)
It is also helpful, when learning web apps, to familiarize yourself with OWASP (https://owasp.org), the OWASP Top 10 (https://owasp.org/www-project-top-ten/), and the OWASP Testing Guide (https://owasp.org/www-project-web-security-testing-guide/)
Beyond these resources, reading bug bounty write-ups is always interesting and helps understand the various exploits you might see in web applications. You can dig these up via blogs and Google, Additionally, most of the bounty websites have them. Such as: https://hackerone.com/hacktivity
3) Wireless Hacking. You can learn to hack wireless networks pretty quick. In fact, a lot of the hackers I know started out tinkering with wireless hacking before jumping into other areas of ethical hacking. You can easily pick up the skillset needed to hack WPA2 Personal by having the right equipment and reading a short blog post, such as: https://www.aircrack-ng.org/doku.php?id=cracking_wpa
WPA2 Enterprise is a little trickier, but hey, there are blogs for that too: https://solstice.sh/ii-attacking-and-gaining-entry-to-wpa2-eap-wireless-networks/
4) Certifications. The next thing to discuss are certifications. In my opinion, unless you need the Certified Ethical Hacker (CEH) or the CompTIA Pentest+ for job purposes (see: DoD 8570), then avoid them. They are not worth the time or effort.
As of this posting, the certification landscape is shaped into a several segmented categories:
Category A – Practical & Affordable – Certifications such as PNPT (self-promotion) from TCM Security, CRTO from Zero Point Security, and CRTP from Pentester Academy are all under $400 and will arguably teach you more than the big-name certifications on the market.
Category B – Somewhat Practical & Somewhat Expensive – eLearnSecurity/INE fall into this category with certifications such as the eCPPT. The practicality can be lacking at times and the price tag has gone up since eLearnSecurity/INE has moved to a subscription model, but the platform remains a decent option for those looking to break into the field and those that have enough time to study to make the subscription model worth the investment.
Category C – Not Practical & Expensive – Offensive Security falls into this category. Certifications like the OSCP offer an excellent opportunity for students to get past HR gatekeeping, but do not provide many of the practical skills necessary to work in the field. Combine that with the ever-increasing price tag as Offensive Security switches to a Business to Business (B2B) model and it’s a double-edged sword. The OSCP is still the top certification to get past gatekeeping, but the ROI is not as high as it used to be.
Category D – Practical & Expensive – SANS falls into this category. Their courses are phenomenal and taught by industry leaders, but are also upwards of $7,000. If an employer ever offers to send you, you should go, but definitely do not pay out of pocket unless you can really, really afford it.
5) Exploit Development. Since we’ve covered basic hacking already, let’s talk about exploit development and buffer overflows. For a lot of the practical exams (OSCP, eCPPT, etc), you will be asked to perform a basic stack-based buffer overflow. This may sound daunting, but it’s not all that bad.
I have a video series on the topic here: https://www.youtube.com/playlist?list=PLLKT__MCUeix3O0DPbmuaRuR_4Hxo4m3G
And a blog post covering it here: https://tcm-sec.com/buffer-overflows-made-easy/
Additionally, @0xTib3rius has a room on TryHackMe that is great: https://tryhackme.com/room/bufferoverflowprep
If you can complete the buffer overflow from these tutorials, you can knock out the exam overflows with little issue.
If you find yourself intrigued by exploit development and wanting to learn more, there are two great YouTube channels I can recommend:
LiveOverflow – https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w
GynvaelColdwind – https://www.youtube.com/user/GynvaelColdwind
6) Privilege Escalation. This is a topic many new hackers struggle with. You land on a machine, but you’re not the admin/root user. How can you elevate your privileges? You’ll be tested on this in practically any relevant exam, so it’s a topic you should know.
Again, I have some courses on the topic:
Windows Privilege Escalation – https://academy.tcm-sec.com/p/windows-privilege-escalation-for-beginners
Linux Privilege Escalation – https://academy.tcm-sec.com/p/linux-privilege-escalation
As does TibSec:
Windows Privilege Escalation – https://www.udemy.com/course/windows-privilege-escalation/
Linux Privilege Escalation – https://www.udemy.com/course/linux-privilege-escalation/
Plus, there are a million guides out there for PrivEsc. I will leave you to your Googling skills to find these, but here is just one example of a great guide: https://book.hacktricks.xyz/linux-unix/privilege-escalation
This article would be incomplete if I did not include some of my favorite content creators. I’m including both smaller and larger channels, in no particular order. Additionally, I apologize in advance if I miss someone!
Me (The Cyber Mentor) – https://youtube.com/c/thecybermentor
John Hammond – https://youtube.com/c/JohnHammond010
Joe Helle – https://youtube.com/c/JoeHellethemayor
Stefan Rows – https://www.youtube.com/user/Ceophreak
DC CyberSec – https://youtube.com/c/DCcybersec
HackerSploit – https://youtube.com/c/HackerSploit
sup3rhero1 – https://www.twitch.tv/sup3rhero1
Ash_F0x – https://www.twitch.tv/ash_f0x
IppSec – https://youtube.com/c/ippsec
Conda – https://youtube.com/c/c0nd4
PwnFunction – https://youtube.com/c/PwnFunction
Infinite Logins – https://youtube.com/c/InfiniteLogins
Cody Winkler – https://youtube.com/c/cwinfosec
Web App/Bug Bounty:
NahamSec – https://youtube.com/c/Nahamsec
STÖK – https://youtube.com/c/STOKfredrik
InsiderPhD – https://youtube.com/user/RapidBug
Codingo – https://youtube.com/c/codingo
Farah Hawa – https://youtube.com/c/FarahHawa
Rana Khalil – https://youtube.com/c/RanaKhalil101
Luke Stephens – https://youtube.com/c/Hakluke
Lastly, I believe communities are an important aspect to becoming a good hacker. It gives you the ability to ask questions, help others, and network with people in the field or looking to get into the field. Do not underestimate the importance of networking with others and do not underestimate how a strong community can enhance your learning. Here is our community, which is over 30,000 users strong at the time of this posting: https://tcm-sec.com/discord
If you’re a military veteran, I suggest checking out the community at VetSec – https://veteransec.com
I really hope you found this article useful. While it is by no means all-inclusive, a lot of the links I provided helped to guide me to where I am today. Every path is different and I encourage you to research outside resources as well. Regardless, you now have enough material in front of you to keep you busy for all of 2022. Happy hacking!