Hacking CAN be easy.
But, often it's not.
Let's develop your technical skills, they obviously matter.
A roadmap:
But, often it's not.
Let's develop your technical skills, they obviously matter.
A roadmap:
1/
- Learn Bash scripting & the command line
- Learn HTML & Javascript (CodeAcademy / W3 Schools)
- Learn Python (or Golang, Java, C#, or whatever).
- Learn some basic SQL.
- Learn Bash scripting & the command line
- Learn HTML & Javascript (CodeAcademy / W3 Schools)
- Learn Python (or Golang, Java, C#, or whatever).
- Learn some basic SQL.
2/ Learn networking.
@three_cube has some amazing FREE resources on his website.
Google "Network Basics for Hackers" and go through all of the posts.
Here, learn TCP/IP basics, Subnetting, Network Masks, DNS, HTTP, etc.
BORING? Maybe. But this knowledge is invaluable.
@three_cube has some amazing FREE resources on his website.
Google "Network Basics for Hackers" and go through all of the posts.
Here, learn TCP/IP basics, Subnetting, Network Masks, DNS, HTTP, etc.
BORING? Maybe. But this knowledge is invaluable.
3/ Download Burp Suite (or Caido from my friends at @CaidoIO when it's public)
Configure it with your browser.
Learn how to use the Proxy and the Repeater.
Look at real HTTP requests when you visit a site.
Configure it with your browser.
Learn how to use the Proxy and the Repeater.
Look at real HTTP requests when you visit a site.
4/ Build a web application with HTML/JS/Python(Flask)/SQL
Google a tutorial.
Implement functionality: creating posts, logins, etc.
Anything that helps you understand how these components work together.
To break, you must first understand.
Google a tutorial.
Implement functionality: creating posts, logins, etc.
Anything that helps you understand how these components work together.
To break, you must first understand.
6/
- Go through the PortSwigger Web Academy.
- Go through the Hacker101 free course.
- Go through PentesterLab.
- Learn about reconnaissance:
* Google dorks
* subdomain enumeration: subfinder, amass, findomain
* portscanning: nmap, masscan
* directory bruteforcing: ffuf
- Go through the PortSwigger Web Academy.
- Go through the Hacker101 free course.
- Go through PentesterLab.
- Learn about reconnaissance:
* Google dorks
* subdomain enumeration: subfinder, amass, findomain
* portscanning: nmap, masscan
* directory bruteforcing: ffuf
7/ Try.
I recommend trying the Department of Defense's Vulnerability Disclosure Program.
Develop your technical skills by learning from others and by doing. Do NOT use vulnerability scanners. They're a crutch. You will fail.
I recommend trying the Department of Defense's Vulnerability Disclosure Program.
Develop your technical skills by learning from others and by doing. Do NOT use vulnerability scanners. They're a crutch. You will fail.
8/
You don't learn to cook in a day. It's a process.
You start with someone else's recipe.
Gradually, over time, you become proficient and are ready to make your own recipes.
This is a marathon, not a sprint. Learn to love the process of learning.
You don't learn to cook in a day. It's a process.
You start with someone else's recipe.
Gradually, over time, you become proficient and are ready to make your own recipes.
This is a marathon, not a sprint. Learn to love the process of learning.
TLDR;
- Learn to code
- Learn networking
- Learn web vulnerability types
- Practice through Labs
- Learn how to do reconnaissance
- Try on VDPs or bug bounties.
- Learn to code
- Learn networking
- Learn web vulnerability types
- Practice through Labs
- Learn how to do reconnaissance
- Try on VDPs or bug bounties.
I hope this helped, I'm sure I missed some resources!
Drop your favorite resources down below:
Drop your favorite resources down below:
Loading suggestions...