Introduction to Ethical Hacking | The definitive guide
Welcome, to the ultimate guide to introduce you to the wonderful world of ethical hacking.
First of all I wanted to thank you for taking the time to read the article, I hope you find it valuable in starting your hacking career 😉 Let’s get started!
Article Summary
1- Introduction
2- Prerequisites
3- Getting started
4- Capture the flag (CTF) programs
5- What’s next?
6- Awesome resources
Introduction to ethical hacking
First of all we must be clear about a number of concepts about hacking. For this I am going to make a small summary about what the concept of hacking and the ‘types of hacker’ means:
# What is hacking?
The definitions about hacking that we will find on the Internet will not be different from:
Hacking is an attempt to exploit a computer system or a private network inside a computer. Simply put, it is the unauthorised access to or control over computer network security systems for some illicit purpose.
# Types of hackers
You need to understand that the word hacker is not linked to illegality/ illicit/ delinquency… For this reason I will show you the types of hackers that we can find.
- Ethical Hacker (White hat): A hacker who gains access to systems with a view to fix the identified weaknesses. They may also perform penetration Testing and vulnerability assessments.
- Cracker (Black hat): A hacker who gains unauthorized access to computer systems for personal gain. The intent is usually to steal corporate data, violate privacy rights, transfer funds from bank accounts etc.
- Grey hat: A hacker who is in between ethical and black hat hackers. He/she breaks into computer systems without authority with a view to identify weaknesses and reveal them to the system owner.
- Script kiddies: A non-skilled person who gains access to computer systems using already made tools.
- Hacktivist: A hacker who use hacking to send social, religious, and political, etc. messages. This is usually done by hijacking websites and leaving the message on the hijacked website.
- Phreaker: A hacker who identifies and exploits weaknesses in telephones instead of computers.
Source: https://www.guru99.com/what-is-hacking-an-introduction.html
For more information I highly recommend the following reading. You will be able to have a general concept about hacking and cyber security, as well as the different types of attacks, malware, exploits…
Prerequisites
Becoming a hacker is not an easy goal.It’s impossible to give you all the knowledge in this article, but I can make it easier for you and give you some tips to get a solid base. Here we go!
# Get friendly with any LINUX operating system
You can start by installing linux in a virtual machine for testing purposes. It is very important that you have a thorough knowledge of these systems. Some of the operating systems I recommend you to start with are Ubuntu or Linux Mint. You can also try Kali Linux or Parrot OS and have a look at the wide range of security tools they have.
# Networking basics
I recommend that you visit the official Cisco website and start with a free course offered by them and test it in laboratories with the help of the free software offered by PacketTracer:
# Learning programming languages
Another essential step is programming. I highly recommend you start with Python.
Here are some platforms that offer courses to start programming in this language:
- Codecademy: https://www.codecademy.com/learn/learn-python-3
- Treehouse: https://teamtreehouse.com/library/topic:python
- Realpython: https://realpython.com/learning-paths/python3-introduction/
Getting started
It’s time to put our knowledge into practice. We must be clear that the Internet is our most powerful source of information, use it!
Download virtualization software (VMware Workstation or Virtualbox) and configure your work environment with the operating system you prefer, preferably Kali Linux or Parrot OS to avoid installing tools that will be necessary for you.
With a couple of searches we can find guides to create our own vulnerable labs and try to exploit them. Important, always in a controlled environment. We also have at our disposal the download of vulnerable machines to use them on our computer.
You can’t miss the following video to start controlling the security tools that are used and to see the process involved in the pentesting process:
CTF -Capture the flag programs
Another way to practice our skills is through the CTF programs. Knowing new safety techniques to try to get the flag. If you don’t know what these programs are about, don’t worry!
Here I leave you with the most popular CTF platforms to develop your skills:
- Hackthebox (online machines): To get registered on this platform you must demonstrate your skills and get an invitation by hacking! https://www.hackthebox.eu/
- Vulnhub (offline machines): You can download the machines https://www.vulnhub.com/
- Tryhackme (online machines): https://tryhackme.com/
What’s next?
In the world of hacking there is no goal. Every day you will be faced with new challenges. It’s a continuous learning process!
The most important thing you should learn is to be persistent and never lose the desire to learn new things so you can build your career step by step.
Awesome resources
I leave you a list of resources that I have been creating in my time of learning, I hope you enjoy it! 😜
📚 # Library
Some interesting books you should read…
Hacking library:
- The Hacker Playbook 2 and 3: Practical Guide To Pentesting
- Metasploit: The Pentesting Guide
- Kali Linux Revealed: https://www.kali.org/download-kali-linux-revealed-book/
- Hacking: The Art of Exploitation
- The Web Application Hacker’s Handbook
Python library:
- Python Cookbook, Third Edition
- Learn Python The Hard Way
- Automate the Boring Stuff with Python
Free programming books: https://books.goalkicker.com/
Linux library:
- The linux command line
- Linux basics for hackers
- How linux works
Networking library:
- Networking for dummies
- Network warrior
🔔 # Blogs you should follow
- Hacking notes: https://coffeejunkie.me/ — https://guide.offsecnewbie.com/
- Writeups machines: https://medium.com/ctf-writeups/tagged/hackthebox
- Hacking blogs and tutorials: https://www.fuzzysecurity.com/ — https://www.darknet.org.uk/ — https://offensivesec.blogspot.com/ — https://null-byte.wonderhowto.com/ — https://hakin9.org/blog/
- Red Team Notes: https://dmcxblue.gitbook.io/red-team-notes/
📋 # Other resources
- Free web security training: https://portswigger.net/web-security
- Metasploit unleashed course: https://www.offensive-security.com/metasploit-unleashed/
- Web security: https://github.com/qazbnm456/awesome-web-security/blob/master/README.md
- Read Teaming resources: https://github.com/yeyintminthuhtut/Awesome-Red-Teaming
- Free hacking courses: https://www.cybrary.it/course/advanced-penetration-testing/
- Another ctf platform: https://www.root-me.org/?lang=es
- Cryptography challenges: https://cryptohack.org/
- Awesome OSCP resources: https://github.com/0x4D31/awesome-oscp
- Awesome hacking resources: https://github.com/vitalysim/Awesome-Hacking-Resources
- Awesome ethical hacking resources: https://awesomeopensource.com/project/husnainfareed/Awesome-Ethical-Hacking-Resources
- More oscp resources: https://github.com/six2dez/OSCP-Human-Guide/blob/master/oscp_human_guide.md
- Hacking videos: https://www.youtube.com/channel/UCa6eh7gCkpPo5XXUDfygQQA
When you start your learning adventure you will need to take a lot of notes. Choose a good note manager that suits your needs. I can recommend a few:
- Joplin Notes: https://joplinapp.org/
- OneNote (⭐️): https://products.office.com/es-es/onenote/digital-note-taking-app
- Simple note: https://simplenote.com/
Another recommendation I can give you is to create a blog where you can narrate your experience. It will serve you for your personal learning and for future occasions when you need to take those resources:
- With Github Pages (FREE): https://onextrapixel.com/start-jekyll-blog-github-pages-free/
It’s time to say goodbye. I hope the article was helpful, if so let me know in the comments. To clarify that this guide is from my humble opinion. Not for not following these steps you will not manage to become a hacker. It is simply my personal recommendation.
If you liked my work you can support me by buying me a coffee :)
Thank you for your time and..
