Introduction to Ethical Hacking/Pentesting

Follow these steps to get started:

1. Install linux on your system. Kali Linux is recommended.

2. Learn basic linux commands.

3. Learn the basics of some programming languages (HTML/CSS, JS, PHP, SQL, Python) For basics and in-short tutorials of programming languages, watch Derek's videos on YouTube

Frequently Used Linux commands:

cat, ls, vim, ping, file, find, du, pwd, env, chmod, wget, cron, telnet, gzip, bzip2, tar, base64, grep, nc, curl, strings, whatweb etc.

Steps for Kali Installation:

WSL (Windows Subsystem for Linux):

For Windows 10/11

• Official Microsoft Guide

If wsl --install doesn't work then refer the manual steps

• Microsoft Guide Manual

Reference Video:

• This video by NetworkChuck guides you through the manual steps Install WSL in 5 minutes

• For installation of GUI (Graphical User Interface), kex, refer to the following video Graphical Install for WSL

Virtual Box / VMware

For those of you on Windows AMD, WSL has some stability issues. So, we recommend using Virtual Machines

• Kali Linux in Virtual Box

• Linux on VMWARE

Mac users

For mac users, you already have a terminal. For some tools you might need Kali Linux (not any time soon).

• Virtual Box method

• Macbook M1

Learn these Essential Concepts:

• HTTP methods (mainly GET and POST methods)

• IP (Internet Protocol)

• DNS (Domain Name System)

• SSH (Secure Shell)

• Telnet (Teletype Network)

• Ports

How does the internet work?

• Hacker101 - The Web In Depth

• IP Addresses and the Internet - Computerphile

Recommended Learning:

• Learn Python, as many tools/scripts are coded in it.

• Learn to use Github.

• Learn about OWASP (Open Web Application Security Project) community and it's list of top 10 vulnerabilities.

• Learn basics of command line editors vim and GNU nano.

Cyber Security Challenges/Practice:

• Solve basic CTF problems from Bandit and Natas on OverTheWire.

• After completing Bandit and Natas, move on to Hack this site(contains challenges covering the basics and JS)

• Start participating in live CTFs on CTFtime. This will boost your problem solving skills.

• Try solving CTF challenges from picoCTF and CTFlearn.

• Solve previous Challenges of CTF and read Writeups.

Note: CTFtime is the platform where you can get every CTF-related information.

Advanced Learning:

• Learn creating ssh public key and connecting to ssh server: pico2017 keyz

• Master some of the most important tools of Kali:

  • Burpsuite

  • Wireshark

  • Nmap

  • Metasploit

  • Webscarab

• Learn using some browser extensions helpful in solving CTF problems:

  • Hackbar

  • Cookie-editor

  • Open referer control

• Learn about various vulnerabilities: XSS, HTMLi, SQLi, Parameter Tampering, Host Header Injection, URL Redirection, LFI, RFI, SSTI, CCRF, SSRF, Subdomain Takeover, CMDi, XMLI etc.

Branches of Cyber Security:

• Web Security

• Network Security

• Forensics

• Application Security

• Steganography

• Cryptography

• Mobile Security

Pentesting:

Quick guide for introduction: https://www.tutorialspoint.com/penetration_testing/penetration_testing_quick_guide.htm

Popular websites for vulnerable machines:

• TryHackMe

• HackTheBox

• VulnHub

Useful tools:

• nmap

• rustscan

• feroxbuster

• hydra

• Reverse Shells

• GTFOBins

Resources:

Useful Books:

• Web Application Hackers' Handbook

• Web Hacking 101

Links:

• XSS

• SQLi

Some sites to practice Web Vulnerabilities:

• http://testphp.vulnweb.com/

• http://hackthis.co.uk (SQLi)

Intro to Cryptography:

• learn with practicals: CryptoHack

• For advanced crypto go to coursera

Learn basic regex:

• (https://regexone.com/)

• (https://regexr.com/)

Learn bash scripting:

• (https://devhints.io/bash)

• (https://www.shellscript.sh/)

Some important resources to learn hacking:

• (https://www.cybrary.it/)

• (https://www.hacker101.com/)

• (http://virustotal.com): Site used for finding all subdomains of a site, checking virus, and many more.

Books for reversing/binary exploitation:

• Hacking: The Art of Exploitation

• The Shellcoders Handbook

Some useful youtube channels:

• Computerphile

• David Bombal

• JohnHammond

• DEFCONConference

• NahamSec

• IppSec

• BlackPerl

• LiveOverflow

Bug Bounty Programs:

• Bugcrowd

• Hackerone

Useful Tools:

• Crypto: dCode, CyberChef, cryptii

• Steganography: zteg, stegsolve, binwalk, hex-editor, Aperi'Solve, StegOnline

• Reversing: gdb, ghidra, edb-debug, dogbolt

• Password cracking: john the ripper, Crackstation, hashcat, crunch, medusa

• SQLi: sqlmap

• Forensics: Volatility, Sleuthkit

For networking some basic terminologies to learn are:

HTTP, HTTPS, FTP, DNS, SMTP, ports, MAC Address, IPv4, IPv6, Public v Private IP, OSI model, Routers and switches.

Workshop Resources:

• Linux Fundementals

• Google Dorking

• Steganography

• Windows Password Bypass

• File Deletion and File System

• VLC

• CTF