How to Learn Hacking
I often get asked how to get started with hacking and CTF competitions. So I composed this list of resources that I have found helpful.
I often get asked how to get started with hacking and CTF (Capture The Flag) competitions. Here, I've compiled a list of resources that I’ve found helpful.
Start by choosing one topic that interests you and practice it hands-on through CTFs, wargames, or labs. Read write-ups or watch walkthrough videos to learn how others solved challenges. Rinse and repeat!
How to Start Hacking
- How to Learn Hacking: The (Step-by-Step) Beginner's Bible for 2023 - Hack The Box
A comprehensive guide that covers the basics and provides a step-by-step roadmap for beginners in 2023. - List of InfoSec Resources by Steven Tong - Founder of Zellic
A curated list of valuable resources for anyone wanting to dive deep into information security. - How to Start Hacking? The Ultimate Two-Path Guide to Information Security
An essential guide that breaks down the journey into two main paths: the offensive (hacking) and defensive (cybersecurity) tracks.
CTF Guides
- The CTF Primer - A concise resource that introduces Capture The Flag (CTF) competitions and provides strategies for beginners.
- CTF Handbook - An open-source handbook for aspiring CTF players, filled with tips, tricks, and solutions to common problems.
- The CTF Field Guide - A practical guide from Trail of Bits that dives deep into CTF techniques and tactics.
Wargames for Learning Linux, Web and Binary Exploitation
- OverTheWire: Bandit - Focused on Linux command-line skills, Bandit is an excellent starting point for beginners to understand basic Linux commands and usage.
- OverTheWire: Natas - A web security game that offers challenges based on various web application vulnerabilities.
- OverTheWire: Narnia - Focused on ELF binary exploitation, Narnia helps you understand binary exploitation basics using different levels of challenges.
Additional Resources
- Hack The Box Academy - A platform with interactive lessons and hands-on labs that range from beginner to advanced topics in ethical hacking.
- PentesterLab - Offers a variety of challenges and labs focused on web application security and common vulnerabilities.
- TryHackMe - Provides structured paths and guided learning environments tailored for beginners and intermediate learners.
- VulnHub - A platform that provides intentionally vulnerable virtual machines for practicing penetration testing and security research.
- OWASP WebGoat - A deliberately insecure web application maintained by OWASP for educational purposes, helping you understand common vulnerabilities.
- PicoCTF - An online platform offering a wide variety of CTF challenges suitable for beginners, particularly high school and college students.
- Hack This Site - A free and legal platform that provides challenges ranging from beginner to expert level, covering various aspects of hacking.
- PortSwigger Web Security Academy - A free learning resource that offers labs, videos, and documentation to master web security and common web vulnerabilities.
Conclusion
These resources are just the tip of the iceberg. The key to mastering ethical hacking is consistency, curiosity, and persistence. Start with the basics, choose challenges that interest you, and never stop learning. Happy hacking!