Let me preface this post by stating that I am nowhere near an expert when it comes to ethical hacking, penetration testing, or cyber-security in general. This post is more of an overview of how I got to where I am now, and what I wish I’d known along the way. Rather than a definitive guide, it’s more of an opportunity to learn from my mistakes.
Let’s start with a run down of where I’ve come from, and how I got to where I am now. Firstly, I’ve been working in IT, or IT adjacent fields my entire working life. I’ve had a passing acquaintance with security, and the concepts of how to keep a system secure since high school (thanks to my grade 9 teacher for the lesson in how not to choose a password…). A few years back I was forced to take a break from work for medical reasons, and when I wanted to work again I decided to change career, and look for work in cyber-security.
I studied Information Security post-grad, and during the course of my studies decided I wanted a bit more “hands on” learning, so started attending security meetups. Through the meetups I found out about CTFs (capture the flags, which are basic pen testing exercises), and signed up to Hack the Box to attempt to apply what I was learning. I found the learning curve there to be extremely steep, and between that, finishing my studies, and starting a job in eCommerce, I let the pen testing stuff slide for a while.
When Covid-19 hit big time, I found myself unemployed again, and so started looking for online learning resources to help get back on track with cyber-security. Thanks to some good deals on courses at Udemy and other places I had a heap of material to learn. Towards the end of the year I saw an ad for Try Hack Me’s Advent of Cyber challenge, and decided to give it a go. Signing up for Try Hack Me was the best choice I’ve made so far. The content there was exactly what I needed back when I first signed up with Hack the Box.
So, with that out of the way, let me list the things I wish I’d known back when I first started:
- Some basic terminology like:
– CTF: Capture the Flag, a penetration testing exercise which typically involves finding flags (specific files on a host, for example) and entering them on a site to confirm you’ve found them.
– Enumeration: The process of finding information about a host, such as open ports, running services, files and directories on a web server, or user accounts.
– Reverse Shell: The process of getting a host being attacked to connect back to the pen tester’s computer to allow them to run commands on the host.
- Sure, Hack the Box is great, but start with sites that teach how to hack first. Some good choices are:
– Try Hack Me: Excellent site with a wide variety of paid and free resources.
– Hack this Site: Learn about web security with step by step exercises.
– Over the Wire Wargames: Another site that builds knowledge step by step.
- There are some websites you’ll use pretty frequently:
– ExploitDB: Search for exploits for a wide range of software.
– GTFOBins: A great resource for privilege escalation in Linux.
– CyberChef: Encode/Decode data in a variety of formats.
– PayloadsAllTheThings Methodology & Resources: Cheat sheets and resources for a large number of tasks.
– PenTest.ws: A web application for recording information about hosts during a pent test. Can create full reports on a pen test.
- There are a few utilities that you’ll use a heap, get to know them really well, it’ll make life easier:
– Nmap: scan hosts and networks to determine what ports are open and what services are running
– Gobuster / Dirbuster / Dirb: Find files and directories on servers based on wordlists.
– Hashcat / John the Ripper: Crack hashes and password protected files
– Burpsuite: Web application security software, allows you to intercept and modify web requests.
– Metasploit: A penetration testing framework that helps with taking advantage of exploits, getting reverse shells etc.
Just a collection of protons, neutrons and electrons…