How Should I Start Learning Ethical Hacking on My Own?
Ethical hacking refers to offensive testing of computer systems in order to find out security-related loopholes. These loopholes are called security vulnerabilities. It has been a very popular career choice for students of all backgrounds(non-CS students can also learn it easily and be equally good as CS students, or even better than them).
You can learn ethical hacking effectively by following this two-step process. The first step would be to learn about concepts and to understand them well. On the internet, the resources for learning are available in abundance. We recommend:
1. Hacking for Dummies: The “for dummies” series of Wiley focuses on publishing beginner-friendly books on various topics. This book introduces the user to ethical hacking through concepts and tools. It is very useful for people who want to start learning ethical hacking but are not very comfortable with programming. This should however be understood that being an elite hacker is almost impossible without learning to program.
2. CEHv10 Study Guide by SYBEX: This book is aimed to aid the preparation of CEH(Certified Ethical Hacker), a popular certification course in ethical hacking. It explains the ethical hacking methodology and the phases of it. Each phase of ethical hacking is well explained with details of the concepts and practice on the tools.
3. Hacking, The Art of Exploitation :This book has been very popular in the community of white hat hackers for a long time. Probably because of the content it covers and the depth it goes into. The good thing about this book is that even if you are a novice with absolutely no knowledge about programming and networks, you can still benefit immensely. The book covers Basic Programming in C, Scripting with Bash, basics of memory management in computers, filesystems, overflow based vulnerabilities and their exploitation, basic networking, attacks on networks, writing shell-code, and cryptology.
Popular Online Courses
1. Udemy: These cybersecurity ethical hacking courses have been already taken by many people and their rating is quite good, so we are assuming these will be really useful for your self-learning.
- Learn Ethical Hacking From Scratch
- The Complete Ethical Hacking Course: Beginner to Advanced!
- Hacking in Practice: Certified Ethical Hacking MEGA Course
- Ethical Hacking with Hardware Gadgets
- CompTIA Pentest+ (Ethical Hacking) Course & Practice Exam
2. PentesterLab: PentesterLab is useful for beginners and advanced learners equally. Their beginner-friendly tutorials and labs are from highly successful ethical hackers and bug bounty hunters and they are also well known as instructors and mentors.
3. Pentester Academy: Pentester Academy is a platform of learning for beginners as well as seasoned hackers. They have courses and online labs for major vulnerabilities. Pentester Lab also has courses on programming, forensics, VoIP, DevOps Security, Red/Blue team, etc.
1. JackkTutorials: Provides hands-on introductory tutorials to almost all the important concepts, tools, and skills related to ethical hacking.
2. Thenewboston: This channel not only covers the basics of practical ethical hacking but also provides tutorials on programming, app development, graphic design, chemistry, databases, video editing, etc.
3. HackerSploit: Hackersploit is highly popular among bug bounty beginners. It has penetration testing tutorials, CTF walkthroughs, Bug bounty hunting tips, programming tutorials, malware analysis tutorials, steganography tutorials, etc.
LiveOverflow, Nahamsec, Bugcrowd, and HackerOne are also very good and worth checking out.
Websites and Blogs
These websites are useful for staying up to date with recent findings, for getting quick references, for understanding advanced concepts, and more.
1. PortSwigger’s Blog: Dafydd Stuttart is known as portswigger in the hacker community. He is a co-creator of the BurpSuite tool. His blog contains news about the Latest web application vulnerabilities, new features of BurpSuite, tips on how to use BurpSuite well, and his own findings as a bug bounty hunter.
2. TheHackerNews: A dedicated platform for the latest cybersecurity-related news. The Hacker News provides detailed information about the latest vulnerabilities, new developments in the cybersecurity domain, news related to cybercrimes, data breaches, hacktivism, etc.
3. HackerOne Hactivity(disclosed vulnerability reports): HackerOne is a bug bounty platform. Bug bounty programs may allow public disclosure of a vulnerability report after it is resolved. These reports can be used to understand how to look for vulnerabilities on a target, how to perform reconnaissance, how to approach interesting endpoints, how to exploit a vulnerability for maximum impact, and what kind of vulnerabilities are commonly found on a specific type of target.
The second step is practice: Practicing is very important because it will help you absorb the concepts you have learned. It will also help you gain confidence in your skills. Intentionally vulnerable virtual systems and CTFs are the best way to practice. bWApp, DVWA(Damn Vulnerable Web Application), Metasploitable are some of the best vulnerable VMs. The OWASP has put up an index of vulnerable virtual machines, which can be accessed here
Also take a look at Top 5 places to practice ethcial hacking