My story : How I get started in Cyber Security & How can you…
Hi readers, hope everyone’s doing fine and learning something continuously. It’s been a while since I published my last article on Nmap for Beginners: Tutorial. I would like you to tell that the motivation of me writing the article on this topic (which many hundreds of successful people in Infosec field has already written) comes from a certain person who approached me on twitter and ask me to write a descriptive blog on this particular topic, and so, I decided to write one. I am truly honored and thanks for making me write one. So let’s dive in.
Before getting to point on how to get started in CyberSec and becoming l337 H4Ck3r (wuahahahaha…), I would like to highlight how I get to know about this field and what was the moment that made me walk this path. Please bear with my nonsense. (:
My intro — I am Akshat Gupta, a 3rd year B.Tech, Computer Science student, from JECRC University, Jaipur. So it all started back then when I was in 1st year in university and there’s a senior, whom I call as Hacker and he’s too good at things he do. So one day, me and my friends were meeting the seniors for some club interaction and there I got to know about this senior and I got de-attached from my surroundings and fully concentrated on what that senior was saying, although, I wasn’t getting anything what he was trying to tell me, but, now I somehow do (: . So I asked him many question related to this field and it took me more than 1 and half hour to finish the conversation. So at this point, I was ready to start explore the things. But, I became lazy and wasted my 1st semester and from 2nd semester, the COVID came and so do our university gets closed. At that point I was thinking now’s my chance to start exploring, but you know, everyone has their ups and downs, so have I, and I got super busy with mine. So fast forwarding the time till end of 2nd semester, at last, around June 2020, I finally started exploring Kali Linux (a Penetration Testing distro) and believe me it was super fun to learn to write commands on terminal and execute them. Then I started searching around for Hacking videos on Youtube and there I found a particular playlist which I started when I was high on becoming hacker but stopped watching it because the instructor was teaching random things. And there were couple of courses that I did but in the end, I was not satisfied. I’m not saying that the instructor was bad but I didn’t get the methodology to hack even the single machine as the instructor teaches random attacks and not the methodology. Then there was another senior in my university who suggested me Practical Ethical Hacking course of @thecybermentor aka Heath Adams. I started this course and by the time of doing this course, the instructor introduced me to some amazing platforms like TryHackMe, Vulnhub and HackTheBox on which we can do Hands-on practice like pwning/rooting/solving vulnerable machines. So while doing PEH course, I really enjoyed each and everything because instructor made everything so simple that even a n0ob like me could understand such difficult things at ease. I was feeling elated. Course has many sections like Networking, Pentest Stages, Active Directory, Post Exploitation and many more and believe me, when I saw the course content that I am about to learn in these coming months, I was jumping in my room all around and that sounded so cool to me that I even smirked with a evil smile and I bluffed out that I’m gonna H4ck everything.. wuahahahha.
But this course is invaluable to me as what I know as of now is because of this course and my respect goes to Sir Heath Adams.
Okay, that’s bit about my story and I’m actually happy that you’re co-operating with my nonsense. So let’s now jump right into which course you should start / best courses for beginners / best learning platforms for free/paid,, etc etc.
- Okay, so starting off with Practical Ethical Hacking course from @thecybermentor which teaches you the methodology and fundamental concepts related to Hacking (in Ethical way). This course is for total beginners and doesn’t require any fancy knowledge but just basic IT knowledge. It is 25 hours course which fancy hands-on practice on labs. This is one of the most amazing Hacking courses out there having hands-on practice and the price for this course is $29.99 which is an affordable option. But also, guess what? Sir Heath is so generous that he giveaway his course on half-price discount regularly, so maybe your chance to get this course ((: . Here’s the link for the course,
- Continuing with this course, @thecybermentor has other amazing courses on Linux Privilege Escalation and Windows Privilege Escalation. These both are different courses which covers methodology and concepts of elevating the users privileges, abusing vulnerabilities and many more. These courses improves Capture the Flag skillset and also prepares for certifications like OSCP, eCPPT, CEH etc. Here are the links for the courses,
- Coming towards next resource which is invaluable learning source for me is TryHackMe, which is one of the best cyber security learning platforms out there, which aims to teach everyone fundamentals and core concepts of Ethical Hacking and has 400+ gamified labs which helps in effective learning. TryHackMe is free for everyone but it does contains some paid content which is developed by some great persons out there (my hearty respect for them). Free users can learn so much from this platform as there are walkthrough challenges, CTF machines with easy, medium, hard and insane difficulty and if you wish to study some more contents from this platform itself, then you might want to purchase a subscription. The paid content is extremely beneficial for a learner as the admins, developers has made the Paths so that user can follow along to learn the best they can. Here’s the link of the platform,
- While TryHackMe is a total beginner platform, one of the infamous platform HackTheBox is a gem for practicing and improving hacking skillset. This platform contains many vulnerable machines developed by great Hackers, developers and people out there which you can Ethically hack and practice your skillset. HackTheBox has 200+ labs of diverse difficulty and always releases challenges and new labs every week. Again, platform has free labs as well as paid labs. While free labs can help a user a lot in learning, paid labs or retired machines (can be accessed by purchasing subscription) are immensely invaluable in one’s learning. HackTheBox also hosts CTF events which is free for everyone to play. Here’s the link of the platform,
- Another infamous open source security training resource which is acquired by Offensive Security (company which provides training of certifications like OSCP) is VulnHub. VulnHub platform is totally free and contains hundreds of vulnerable boxes/ machines whatever you call them and you can download them and build your own lab. There are hundreds of linux boxes (maybe not windows boxes because windows licensing is expensive) which are available to download. Here’s the link of the platform,
- If you want to learn about Web Security and Web Application attacks then Portswigger Academy will be a free resource that you must look onto, as it contains theoretical concepts and labs to practice on what one learns. It has dedicated sections for OWASP Top 10 vulnerabilities and their sub-sections as well plus dedicated labs. Each lab has their solutions provided by great members of community so if you get stuck on a lab, you can also look for solution. Here’s the link of the platform,
I have mentioned all the best resources that are in my knowledge till now and I know the list is still incomplete and I missed many many great resources but I am sure I did started using these resources. Now that I have mentioned all important resources, I would like to mention one last resource, a gem that I wouldn’t like to miss, a resource for eJPT Certification.
This is Penetration Testing Student training provided by INE which is completely free. This training is for complete beginner who has no prior knowledge related to Penetration Testing and something along the lines. Training has videos+slides+labs and will prepare an individual for eJPT (eLearnSecurity Junior Penetration Tester) certification. I have written a blog on My Journey of eJPT. I have discussed about the PTS course and explained about the eJPT certification so if you like, you can give a read (:
Now that I have mentioned all the courses and bit about my self and how I get started, I would like you to know that you are more than welcome to ask if you have any doubts and problem, I would really appreciate to help anyone. You can approach me on my discord handle, Hellfire#3915 and my twitter handle @Hellfire0x01.
Final words: Learn, enjoy and practice while you can. Dedicate yourself and be consistent. Thanks for reading and peace out.
