Mandatory disclaimer: just because you may learn how to do it, don’t use it for illegal purposes; similar to how you shouldn’t start beating up people just because you’re taking a martial arts class. Be sensible.

Some scoff at the idea of writing guides about how to learn hacking and penetration testing, because doing it to others is a crime. Personally I wish there where as many easily accessible tutorials on the subject as there are “photoshop tuts” out there, simply because it’s something a lot of companies disregard or don’t care about. Hiding knowledge on how to exploit weaknesses won’t make a system secure.

Furthermore, I believe common knowledge in information and network security should be taught alongside normal programming courses in school. It’s hard to develop software that prevents intrusion when a developer doesn’t know how intrusions can happen.

With this article I’d like to give five tips on getting started, for those who’s new to the field and have an interest in it, but doesn’t know where to start.

1. Start using Linux on a daily basis instead of Windows/Mac

Usually it’s easier to understand how an operating system works under the hood when you’ve been using a Linux based OS for a while, since you will often come in contact with concepts like Kernel, boot loader, the OSI model, etc., instead of wizards and support centers (though I might be biased, not necessarily true for others).

The majority of servers accessible on the internet today is run on Unix-like operating systems, and very often startups and smaller businesses develop their services for Linux machines.

In addition, a lot of the tools and libraries out there only support Linux systems, so it’s just overall more convenient.

If you never used a Linux system before, try Ubuntu, and find a online course (preferably free) about Linux basics, then another course on basic Linux System Administration. One option is to do these two:

2. Get good in scripting languages

Yes that’s plural. :) Scripting is often an incredibly valuable tool to have. My suggestion in to learn Python (until you’re pretty okay at it) and Bash (until you’re okay-ish at it). Some material that I have found useful:

Often you’ll have to automate your work to move fast, or monitor more, or open tunnels etc. You probably won’t get to a level where you can craft shellcode payload without first having mastered the above anyway.

3. Read, read, read

Reading a lot is a necessity, simply because there’s too much you need to know for you to have time to figure it all out on your own.

A reading list that doesn’t require too deep knowledge:

4. Signup and compete in (legal) hacking competitions

These sites are meant for you to try your skills at, and the first to do it lands a place at the leader board. Fun way to learn. Some common sites:

You’ll learn to be innovative in finding ways to break security.

5. Going further

Sign up for a free Amazon AWS account and start implementing all the security measures you hear and learn about, while trying to use the techniques you’ve learnt to circumvent them. Install intrusion detection systems, log analyzers, firewalls, etc., and understand how they work:

Understand networking

Study the OSI layers, learn how TCP/IP works, what NAT is and how your router at home can split network traffic. Set up a cheap computer at home with two network cards and learn how to configure it to act as a router. Study DNS and learn how to set up your own DNS service on your custom router. Study iptables and configure it on your custom router to block incoming traffic on ports you don’t need, to protect you against common DoS attacks (syn floods, forged RST from your ISP, block port scanning etc.). Understand the difference between PPTP, IPSEC, OpenVPN.

Understand intrusion detection/prevention systems

Learn how the following systems work (and if possible, set them up on yourself in a VM or on a physical machine):

Snort,

DenyHosts,

Suricata,

Juniper intrusion detection,

OSSEC

If you did it all, and wish to go further, getting an intern position at a penetration testing company is a solid choice.

Thanks for reading, and feel free to comment and give questions!