Let me preface this post by stating that I am nowhere near an expert when it comes to ethical hacking, penetration testing, or cyber-security in general. This post is more of an overview of how I got to where I am now, and what I wish I’d known along the way. Rather than a definitive guide, it’s more of an opportunity to learn from my mistakes.

Let’s start with a run down of where I’ve come from, and how I got to where I am now. Firstly, I’ve been working in IT, or IT adjacent fields my entire working life. I’ve had a passing acquaintance with security, and the concepts of how to keep a system secure since high school (thanks to my grade 9 teacher for the lesson in how not to choose a password…). A few years back I was forced to take a break from work for medical reasons, and when I wanted to work again I decided to change career, and look for work in cyber-security.

I studied Information Security post-grad, and during the course of my studies decided I wanted a bit more “hands on” learning, so started attending security meetups. Through the meetups I found out about CTFs (capture the flags, which are basic pen testing exercises), and signed up to Hack the Box to attempt to apply what I was learning. I found the learning curve there to be extremely steep, and between that, finishing my studies, and starting a job in eCommerce, I let the pen testing stuff slide for a while.

When Covid-19 hit big time, I found myself unemployed again, and so started looking for online learning resources to help get back on track with cyber-security. Thanks to some good deals on courses at Udemy and other places I had a heap of material to learn. Towards the end of the year I saw an ad for Try Hack Me’s Advent of Cyber challenge, and decided to give it a go. Signing up for Try Hack Me was the best choice I’ve made so far. The content there was exactly what I needed back when I first signed up with Hack the Box.

So, with that out of the way, let me list the things I wish I’d known back when I first started:

  1. Some basic terminology like:
    – CTF: Capture the Flag, a penetration testing exercise which typically involves finding flags (specific files on a host, for example) and entering them on a site to confirm you’ve found them.
    – Enumeration: The process of finding information about a host, such as open ports, running services, files and directories on a web server, or user accounts.
    – Reverse Shell: The process of getting a host being attacked to connect back to the pen tester’s computer to allow them to run commands on the host.
  2. Sure, Hack the Box is great, but start with sites that teach how to hack first. Some good choices are:
    Try Hack Me: Excellent site with a wide variety of paid and free resources.
    Hack this Site: Learn about web security with step by step exercises.
    Over the Wire Wargames: Another site that builds knowledge step by step.
  3. There are some websites you’ll use pretty frequently:
    ExploitDB: Search for exploits for a wide range of software.
    GTFOBins: A great resource for privilege escalation in Linux.
    CyberChef: Encode/Decode data in a variety of formats.
    PayloadsAllTheThings Methodology & Resources: Cheat sheets and resources for a large number of tasks.
    PenTest.ws: A web application for recording information about hosts during a pent test. Can create full reports on a pen test.
  4. There are a few utilities that you’ll use a heap, get to know them really well, it’ll make life easier:
    Nmap: scan hosts and networks to determine what ports are open and what services are running
    – Gobuster / Dirbuster / Dirb: Find files and directories on servers based on wordlists.
    – Hashcat / John the Ripper: Crack hashes and password protected files
    Burpsuite: Web application security software, allows you to intercept and modify web requests.
    Metasploit: A penetration testing framework that helps with taking advantage of exploits, getting reverse shells etc.