Introduction to Ethical Hacking/Pentesting
Follow these steps to get started:
Install linux on your system. Kali Linux is recommended.
Learn basic linux commands.
Learn the basics of some programming languages (
HTML/CSS,JS,PHP,SQL,Python) For basics and in-short tutorials of programming languages, watch Derek's videos on YouTube
Frequently Used Linux commands:
Steps for Kali Installation:
WSL (Windows Subsystem for Linux):
For Windows 10/11
If wsl --install doesn't work then refer the manual steps
Reference Video:
This video by NetworkChuck guides you through the manual steps Install WSL in 5 minutes
For installation of GUI (Graphical User Interface), kex, refer to the following video Graphical Install for WSL
Virtual Box / VMware
For those of you on Windows AMD, WSL has some stability issues. So, we recommend using Virtual Machines
Mac users
For mac users, you already have a terminal. For some tools you might need Kali Linux (not any time soon).
Learn these Essential Concepts:
HTTP methods (mainly
GETandPOSTmethods)IP (Internet Protocol)
DNS (Domain Name System)
SSH (Secure Shell)
Telnet (Teletype Network)
Ports
How does the internet work?
Recommended Learning:
Learn Python, as many tools/scripts are coded in it.
Learn to use Github.
Learn about OWASP (Open Web Application Security Project) community and it's list of top 10 vulnerabilities.
Learn basics of command line editors vim and GNU nano.
Cyber Security Challenges/Practice:
After completing Bandit and Natas, move on to Hack this site(contains challenges covering the basics and JS)
Start participating in live CTFs on CTFtime. This will boost your problem solving skills.
Solve previous Challenges of CTF and read Writeups.
Note: CTFtime is the platform where you can get every CTF-related information.
Advanced Learning:
Learn creating ssh public key and connecting to ssh server: pico2017 keyz
Master some of the most important tools of Kali:
Burpsuite
Wireshark
Nmap
Metasploit
Webscarab
Learn using some browser extensions helpful in solving CTF problems:
Hackbar
Cookie-editor
Open referer control
Learn about various vulnerabilities:
XSS, HTMLi, SQLi, Parameter Tampering, Host Header Injection, URL Redirection, LFI, RFI, SSTI, CCRF, SSRF, Subdomain Takeover, CMDi, XMLI etc.
Branches of Cyber Security:
Web Security
Network Security
Forensics
Application Security
Steganography
Cryptography
Mobile Security
Pentesting:
Quick guide for introduction: https://www.tutorialspoint.com/penetration_testing/penetration_testing_quick_guide.htm
Popular websites for vulnerable machines:
Useful tools:
Resources:
Useful Books:
Web Application Hackers' Handbook
Web Hacking 101
Links:
Some sites to practice Web Vulnerabilities:
http://testphp.vulnweb.com/
http://hackthis.co.uk (SQLi)
Intro to Cryptography:
learn with practicals: CryptoHack
For advanced crypto go to coursera
Learn basic regex:
(https://regexone.com/)
(https://regexr.com/)
Learn bash scripting:
(https://devhints.io/bash)
(https://www.shellscript.sh/)
Some important resources to learn hacking:
(https://www.cybrary.it/)
(https://www.hacker101.com/)
(http://virustotal.com): Site used for finding all subdomains of a site, checking virus, and many more.
Books for reversing/binary exploitation:
Hacking: The Art of Exploitation
The Shellcoders Handbook
Some useful youtube channels:
Bug Bounty Programs:
Useful Tools:
Steganography:
zteg,stegsolve,binwalk,hex-editor,Aperi'Solve,StegOnlineReversing:
gdb,ghidra,edb-debug,dogboltPassword cracking:
john the ripper,Crackstation,hashcat,crunch,medusaSQLi:
sqlmapForensics:
Volatility,Sleuthkit
For networking some basic terminologies to learn are:
HTTP, HTTPS, FTP, DNS, SMTP, ports, MAC Address, IPv4, IPv6, Public v Private IP, OSI model, Routers and switches.
Workshop Resources:
Last updated