We have all been there - specially when you start looking at some of the certs/courses out there like:
And the list goes on, now are these good? sure if you can afford them or if your employer is paying for them, but what if you're in your 20s with a low paying job and a family? That cert could be your rent(it was for me).
When I started wanting to learn how to hack I thought you needed to get the most up to date courses, and books and sometimes I felt like I couldn't do it, like it was out of my reach, but then I just started to learn online, reading blogposts and watching videos - now more than ever the material you need to learn to get your foot in the door is available for free thanks to all the awesome content creators out there.
In this blog post I'll share a few of the resources that have helped me to get started on a budget. I'll be focusing on web application hacking since that's what I've been doing for about a year so I have managed to gather a ton of information about that.
Not exhaustive lists but should get you started, if it does not have a price - the resource is free.
The number 1 thing when you want to learn about hacking web application is learning how web apps works, you don't have to be an expert but definitely understand how an application is put together, both frontend and backend.
Reports are a huge part of hacker's day to day activities, report writing should be something that yous stride to become good at, it could be the difference between getting paid for a report and your report being marked informational.
If you aren't reading other researcher's disclosed reports - you are doing it wrong. I try to read at least 1 report a day and understand what the researcher found and the impact. Read good and bad reports so you know what works and what doesn't. You can find other resources but my go to is H1's hacktivity page.
Reading is a big part of this, you have to be willing to read some pretty dry material, break it down into smaller more digestible pieces, my go to books are
This one has been getting so much content lately, with creators like @nahamsec, @stökfredrik, @thecybermentor & @InsiderPhD putting out some 🔥 content. Here's a list of youtube channels to subscribe to.
You have all this knowledge - now what? you practice of course! It's 2020 you don't have to try to hack someone's site, or get in trouble - companies like hackerone have created awesome resources for us to learn like hacker101 an ongoing CTF that rewards you with private invitations to programs that pay money. There's other CTFs that work but this one gives you an incentive to keep going, and the community is awesome.
- hacker101 CTF
- hacker101 Discord
- pentesterlab (USD $20/monthly)
- Free but you need burp pro for some exercises, still really good resource.
Some stuff I subscribe to that might interest you
Sharing knowledge is a hacker's way of giving back, is how we interact with one another and make friends, if this helped you please share it so others can have access to the information.