Video Version:
Introduction
The past two years, we’ve posted blogs on how to become an ethical hacker. Given that these blogs have been well received, we have brought back yet another edition. So, without further ado, let’s chat about how you can break into the field of ethical hacking in 2023.
Before We Begin…
Before we dive into the resources, I must strongly stress a few things. First, it is incredibly important to build a strong foundation in IT prior to jumping right into the awesome hacky stuff. Think about your hacking career as if it were a house. If you build a house upon a weak foundation, there’s a good chance it will crumble. The same goes for your hacking career. If you skip over the foundational skills, you’ll likely find yourself lost and overwhelmed, which may discourage you from heading down the hacker path all together.
Second, ethical hacking is a “sexy” field. You literally get paid to break into networks, applications, buildings, and lots more. That’s damn sexy indeed. On top of this, it pays very well. Why does it pay well? Well, because not everyone is cut out to do this type of work. It’s basic economics at the end of the day: low percentage of capable workers coupled with a high demand leads to high salaries.
So why am I going on about this? Mainly because I see a lot of people try to break into the field because hacking sounds cool or pays well. I see a lot of people chasing the money. You should not be choosing this field solely because it pays well. Hacking is a lot of work. Not only is it challenging to break into the field, but you also have to stay on top of your game as new exploits and defenses come out. You are expected to be a life-long learner and if you’re at all complacent, you’ll be left behind by your peers.
Ensure that you’re interested in being a hacker because it excites you. The money is just a perk. You cannot be complacent. You can never stop learning. You have to constantly work hard to stay on top of your game. For this, you’ll get paid incredibly well and have a ton of fun.
Related Video: Why You Shouldn’t Be An Ethical Hacker
The Foundations
With my rant out of the way, let’s chat about the foundational skills that I feel are necessary to mold a good hacker. With each of the skills, I will link resources/courses to help improve your skillset. Some of the links will be related to certifications. You do not have to take the certification unless you want to (though, it could help with landing a job). If you’re short on cash, just focus on the trainings themselves.
Now, the foundational skills:
1) Basic IT skills. By this, I mean your standard break/fix help desk skillset. Can you build a computer and identify its parts? Can you troubleshoot and fix issues? In my mind, this would be equivalent to the CompTIA A+ certification (current version 220-1101 & 220-1102). If you’re brand new to IT and starting here, I strongly recommend picking one of the following resources:
FREE – Professor Messer – https://www.professormesser.com/free-a-plus-training/220-1101/220-1101-video/220-1101-training-course/ and https://www.professormesser.com/free-a-plus-training/220-1102/220-1102-video/220-1102-training-course/
PAID – https://www.udemy.com/course/total-comptia-a-certification-220-1101/ and https://www.udemy.com/course/total-comptia-a-certification-220-1102/
2) Networking skills. Networking skills are incredibly important when it comes to penetration testing. If I ask you to describe the OSI model, to tell me what service is running on port 22, or ask you to describe CIDR notation, can you do it? What about the TCP three-way handshake? If what I am saying to you is pure jibberish then congratulations, you need networking skills. This would be the equivalent to the CompTIA Network+ certification (current version N10-008). Here are some of my favorite resources:
FREE – Professor Messer – https://www.professormesser.com/network-plus/n10-008/n10-008-video/n10-008-training-course/
FREE – NetAcad Packet Tracer – https://www.netacad.com/courses/packet-tracer
PAID, BUT WORTH IT – Mike Meyers – https://www.udemy.com/course/total-comptia-network-n10-008/
If you’re somewhat familiar with computer networking, you may be asking, “What about the CCNA (Cisco Certified Network Associate) from Cisco?” Having studied for, and passed, the exam, it can be a slippery slope. I’m not saying it’s not beneficial, but it is a vendor-specific exam, meaning you learn the commands and technology of a specific vendor. In my opinion, it’s best to stay vendor-neutral when learning the basics. You can always come back to vendor-specific certifications later on if you feel that it’s necessary or if a job demands it.
3) Linux skills. We use a lot of Linux in ethical hacking. Like, a lot. Primarily, we use a Debian-based distribution. This is often either Kali Linux or Parrot. Some hackers choose to use their own builds and distributions, but Kali and Parrot dominate the majority. Fortunately, there are a multitude of free resources out there for individuals interested in learning Linux.
My personal recommendation is to treat Linux like learning a foreign language. You can learn from an instructor and sure, you’ll pick stuff up. However, if you immerse yourself in the environment (e.g. living in a foreign country or in our case, using Linux as a primary operating system), you’ll pick things up a lot easier. Try installing Linux and using it for a week without using any other operating system. You’ll be surprised how fast you learn!
With that being said, here are two fantastic free websites for learning Linux:
https://linuxjourney.com/
https://overthewire.org/wargames/bandit/
If you’re looking for more structured learning, we also offer a class on Linux:
PAID (self-promotion) – TCM Security Academy – https://academy.tcm-sec.com/p/linux-101
4) Coding/Scripting skills. For coding/scripting, you need to be able to read code, at a minimum, to be successful in this field. Fret not, you do not have to be a full-on developer. The better your are at coding, the easier your life will be. However, I’ve had a successful career and am fairly terrible at coding :).
For coding, I recommend starting with Python. Python is incredibly beginner friendly and is fairly easy to pick up. It’s so beginner friendly, in fact, that colleges are moving to using Python exclusively in their beginner coding classes. Here are some of my favorite resources to learn Python:
(Note: If you are finding free courses online, make sure you learn Python 3 and NOT Python 2 as it is deprecated)
FREE – FreeCodeCamp – https://www.freecodecamp.org/
FREE TRIAL (No credit card required) – Codecademy – https://www.codecademy.com/
PAID (subscription) – Team Treehouse – https://teamtreehouse.com/
PAID (self-promotion) – TCM Security Academy – https://academy.tcm-sec.com/p/python-101-for-hackers and https://academy.tcm-sec.com/p/python-201-for-hackers
5) Security skills. Finally, you’ll need some security knowledge before you work in cybersecurity. That makes sense, right?
At this point, if you’re going to get one single certification from all the have been listed thus far, it would not hurt to go out and get your Security+ certification. The Security+ adds security knowledge to most of the basics you’ve learned thus far. I honestly like to think of it as the “Network++”, simply because it takes a lot of the networking fundamentals and sprinkles in security concepts on top.
Having foundational security knowledge is critical to your future success in the field and it can also help you land some entry-level security jobs, such as a SOC Analyst.
Similar to the other CompTIA certifications listed above, the best training on the market (in my opinion) is Professor Messer or Mike Meyers.
FREE – Professor Messer – https://www.professormesser.com/security-plus/sy0-601/sy0-601-video/sy0-601-comptia-security-plus-course/
PAID – https://www.udemy.com/course/total-comptia-security-certification-sy0-601/
You’ve Got the Foundations, Now What?
Okay, we’re through the foundations and ready to start hacking. Where to start? Self-plug, but I strongly recommend my Practical Ethical Hacking course (https://academy.tcm-sec.com/p/practical-ethical-hacking-the-complete-course)
Note: The first 15 hours of this course are free to watch on YouTube and is up to date as of 2023. It’s such a large upload, we had to break it into two videos:
Part 1
Part 2
The Practical Ethical Hacking course is designed to teach you the foundational skills described above (it has sections on Linux, Python, and Networking) and build you up into actual hacking. Beyond the basics, it covers buffer overflows/exploit development, web application hacking, and Active Directory hacking.
Additionally, I think it’s great to start practicing hacking with intentionally vulnerable machines. That is: machines that are designed to be hacked. A lot of these machines are not “practical” and follow more of a “Capture the Flag (CTF)” style. However, they are great at teaching the fundamentals, tools, and mental persistence needed to be successful as a hacker. My three favorite sites for this are (in order):
https://tryhackme.com
https://hackthebox.com
https://vulnhub.com
I highly suggest starting with TryHackMe first, especially as a beginner. The platform has a lot of free machines that you can practice on and really helps hold your hand/describe what actions you’re taking and why. If you have $10 to spare, the monthly subscription is worth it. The other two sites are great, but are more challenging for beginners and should be done once you have some experience under you belt, in my opinion.
Additionally, if you like the CTF-type hacking, you might also be interested in participating in CTF events. If so, you should check https://ctftime.org for the latest upcoming CTFs and participate in them/read the writeups to improve your game.
Beyond the basics
Once you are feeling comfortable with the basics, there are several additional areas of hacking that you should familiarize yourself with, especially if you want to be a pentester. Those areas are:
1) Active Directory. Active Directory hacking is, in my opinion, one of the most overlooked categories by people looking to break into the field. Given that >95% or so of Fortune 1000 companies utilize Active Directory in their business environments, it’s an incredibly significant skillset to learn. Active Directory hacking comes up a ton in interviews and I find that a lot of people I’ve interviewed in the past that had shiny certifications, but no work experience, really struggled with the topic.
For Active Directory, beyond the course above, there are some pretty fantastic resources. Start with this blog, as it’s still relevant in 2023: https://adam-toscher.medium.com/top-five-ways-i-got-domain-admin-on-your-internal-network-before-lunch-2018-edition-82259ab73aaa
On top of this, here are people (and blogs) you should follow if you’re interested in Active Directory hacking:
@PyroTek3 – https://adsecurity.org/
@_dirkjan – https://dirkjanm.io/
@Haus3c – https://hausec.com/
Additionally, anything by @SpecterOps, @CptJesus, @byt3bl33d3r, @gentilkiwi, and @harmj0y
2) Web Application Hacking. Any sort of application hacking is in high demand right now. When you see all those fancy bug bounty posts, it’s more than likely a bug that was found on a web or mobile application. There are jobs out there just for web app hackers. If you want to be a pentester, you have to learn this to step up your game. Here are some great, mostly free, resources:
https://portswigger.net/web-security
https://hacker101.com
https://www.bugcrowd.com/hackers/bugcrowd-university/
https://pentesterlab.com
(Self-plug: I’ve got a free course on YouTube for hacking web apps: https://www.youtube.com/watch?v=24fHLWXGS-M)
It is also helpful, when learning web apps, to familiarize yourself with OWASP (https://owasp.org), the OWASP Top 10 (https://owasp.org/www-project-top-ten/), and the OWASP Testing Guide (https://owasp.org/www-project-web-security-testing-guide/)
Beyond these resources, reading bug bounty write-ups is always interesting and helps understand the various exploits you might see in web applications. You can dig these up via blogs and Google. Additionally, most of the bounty websites have them. Such as: https://hackerone.com/hacktivity
Finally, we have a pretty awesome course on our Academy that teaches the practical side of web application penetration testing, made for beginners:
PAID (self-promotion) – TCM Security Academy – https://academy.tcm-sec.com/p/practical-web-application-security-and-testing
3) Wireless Hacking. You can learn to hack wireless networks pretty quick. In fact, a lot of the hackers I know started out tinkering with wireless hacking before jumping into other areas of ethical hacking. You can easily pick up the skillset needed to hack WPA2 Personal by having the right equipment and reading a short blog post, such as: https://www.aircrack-ng.org/doku.php?id=cracking_wpa
WPA2 Enterprise is a little trickier, but hey, there are blogs for that too: https://adam-toscher.medium.com/top-5-ways-i-gained-access-to-your-corporate-wireless-network-lo0tbo0ty-karma-edition-f72e7995aef2
4) Certifications. The next thing to discuss are certifications. In my opinion, unless you need the Certified Ethical Hacker (CEH) or the CompTIA Pentest+ for job purposes (see: DoD 8570), then avoid them. They are not worth the time or effort.
As of this posting, the certification landscape is shaped into a several segmented categories:
Category A – Practical & Affordable – Certifications such as PNPT (self-promotion) from TCM Security, CRTO from Zero Point Security, and CRTP from Pentester Academy are all under $400 and will arguably teach you more than the big-name certifications on the market.
Category B – Somewhat Practical & Somewhat Expensive – eLearnSecurity/INE fall into this category with certifications such as the eCPPT. The practicality can be lacking at times and the price tag has gone up since eLearnSecurity/INE has moved to a subscription model, but the platform remains a decent option for those looking to break into the field and those that have enough time to study to make the subscription model worth the investment. Courses and exams have been slow to be updated since INE purchased eLearnSecurity and thus, a lot of the material is severely out-of-date. Please do your due diligence and research the exam and/or course you’re interested in before making a purchase.
Category C – Not Practical & Expensive – Offensive Security falls into this category. Certifications like the OSCP offer an excellent opportunity for students to get past HR gatekeeping, but do not provide many of the practical skills necessary to work in the field. Combine that with the ever-increasing price tag as Offensive Security switches to a Business to Business (B2B) model and it’s a double-edged sword. The OSCP is still the top certification to get past gatekeeping, but the ROI is not as high as it used to be.
Category D – Practical & Expensive – SANS falls into this category. Their courses are phenomenal and taught by industry leaders, but are also upwards of $10,000. If an employer ever offers to send you, you should go, but definitely do not pay out of pocket unless you can really, really afford it.
5) Exploit Development. Since we’ve covered basic hacking already, let’s talk about exploit development and buffer overflows. For a lot of the hands-on exams (OSCP, eCPPT, etc), you will be asked to perform a basic stack-based buffer overflow. This may sound daunting, but it’s not all that bad.
I have a video series on the topic here: https://www.youtube.com/watch?v=ncBblM920jw
Additionally, @0xTib3rius has a room on TryHackMe that is great: https://tryhackme.com/room/bufferoverflowprep
If you can complete the buffer overflow from these tutorials, you can knock out the exam overflows with little issue.
6) Privilege Escalation. This is a topic many new hackers struggle with. You land on a machine, but you’re not the admin/root user. How can you elevate your privileges? You’ll be tested on this in practically any relevant exam, so it’s a topic you should know.
Again, I have some courses on the topic:
Windows Privilege Escalation – https://academy.tcm-sec.com/p/windows-privilege-escalation-for-beginners
Linux Privilege Escalation – https://academy.tcm-sec.com/p/linux-privilege-escalation
As does @0xTib3rius:
Windows Privilege Escalation – https://www.udemy.com/course/windows-privilege-escalation/
Linux Privilege Escalation – https://www.udemy.com/course/linux-privilege-escalation/
Plus, there are a million guides out there for PrivEsc. I will leave you to your Googling skills to find these, but here is just one example of a great guide: https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Linux%20-%20Privilege%20Escalation.md
Content Creators
Content creators play an important role in educating the next generation of hackers looking to break into this field and this article would be incomplete if I did not include some of my favorite content creators.
Before we get into that, I would like to provide a word of caution. There are several content creators out there that have never worked a day as an ethical hacker, pushing bad products, bad advice, and intentionally misleading their viewers for monetary gain. Many new-comers do not know better. Please, please do your research on the people you watch. If they are selling you products or giving you career advice in a field they’ve never worked in, run away.
These false hackers have gotten so bad, the real hackers have been calling attention to it (see: https://www.youtube.com/watch?v=r6t7u9Wf0l4 and https://www.youtube.com/watch?v=FyMy8dd6cnU for example).
With that warning out of the way, I’m including both smaller and larger channels, in no particular order. Additionally, I apologize in advance if I miss someone!
General Hacking:
Me (The Cyber Mentor) – https://youtube.com/c/thecybermentor
John Hammond – https://youtube.com/c/JohnHammond010
Joe Helle – https://youtube.com/c/JoeHellethemayor
Stefan Rows – https://www.youtube.com/user/Ceophreak
DC CyberSec – https://youtube.com/c/DCcybersec
HackerSploit – https://youtube.com/c/HackerSploit
sup3rhero1 – https://www.twitch.tv/sup3rhero1
Ash_F0x – https://www.twitch.tv/ash_f0x
IppSec – https://youtube.com/c/ippsec
Conda – https://youtube.com/c/c0nd4
PwnFunction – https://youtube.com/c/PwnFunction
Infinite Logins – https://youtube.com/c/InfiniteLogins
Cody Winkler – https://youtube.com/c/cwinfosec
Web App/Bug Bounty:
NahamSec – https://youtube.com/c/Nahamsec
STÖK – https://youtube.com/c/STOKfredrik
InsiderPhD – https://youtube.com/user/RapidBug
Codingo – https://youtube.com/c/codingo
Farah Hawa – https://youtube.com/c/FarahHawa
Rana Khalil – https://youtube.com/c/RanaKhalil101
Luke Stephens – https://youtube.com/c/Hakluke
Communities
Lastly, I believe communities are an important aspect to becoming a good hacker. It gives you the ability to ask questions, help others, and network with people in the field or looking to get into the field. Do not underestimate the importance of networking with others and do not underestimate how a strong community can enhance your learning. Here is our community, which is over 48,000 users strong at the time of this posting: https://tcm-sec.com/discord
If you’re a military veteran, I suggest checking out the community at VetSec – https://vetsec.org/
Conclusion
I really hope you found this article useful. While it is by no means all-inclusive, a lot of the links I provided helped to guide me to where I am today. Every path is different and I encourage you to research outside resources as well. Regardless, you now have enough material in front of you to keep you busy for all of 2023. Happy hacking!