I want to get into ethical hacking and pentesting. No prior experience. Where do I begin?

(Kent) #1

I know some networking basics, been reading and watching video tutorials about Kali Linux etc. I’m looking to educate myself a bit more before I’m going to school.

How did you guys start out?

(Kyle Nehman) #2

I’m probably about to give you the same seemingly copy pasted response you’ve seen everywhere, but you’ve gotta jump in! The number one skill I can recommend is to learn C and learn it well. Any programming is good, it lets you learn the basic logic and paradigms that programmers use, but C can be low level enough that you really figure out whats going on. (Especially if you ever want to get into reverse engineering or using assembly). And I absolutely recommend reading Hacking The Art of Exploitation, if just for their C section alone, it’s a great book.

As far as practicing goes, there’s a ton of sites like canyouhack.us and hackthissite that let you practice your skills, on top of CTFs and setting up your own VMs.

Security and hacking is one of those massive fields that encompasses so much stuff that it’s easy to get discouraged. Keep on it and eventually it’ll pay off. And if you’re about to go to school soon tell your professors about your interests after class or during office hours! It might seem silly when you’re in an intro to python class to ask about buffer oveflows but they’ll know what you mean and know you’re seriously interested, and a foot in the door can be a huge help.

(Harry) #3

First things first!
Having a strong foot in programming is a must if you want to play longer with less hassle and more freedom to create, break and fix stuff!


Cybrary and null-byte are a great starting point for beginners. however you can (and should) join other subreddits like /r/HowToHack and /r/NetSec to stay updated and aware.

YouTube Hacking Channels

YouTube channels like Seytonic, JackkTutorials are real gems for budding hackers… to discover new channels just look for suggested videos, YouTube sorts videos with related or higher quality content/channels usually.

Hackers on Twitter

Make sure to subscribe to them and follow on Twitter (@seytonic | @jackktutorials). and also subscribe @DefCon, BlackHat and Hacktivity’s Twitter and YouTube handles.

Hacking Video Courses

For paid courses you can search Udemy, PentesterAcademy as per you interest


Welcome to the community @Internet. All the very best. And…

Keep Learning!


Learning to write scripts, even simple ones, is an invaluable skill and will set you apart from “script kiddies.” There are lots of good languages to learn, each with respective upsides and downsides. My experience is more with code than hacking, but here’s some information on a few languages you may or may not want to start with, depending:

Python is a good language because it’s very easy to learn but can still do a lot, so it’s a particularly good choice for total code novices. Learn Python The Hard Way is a great resource because it gets down to the very barebones level of code concepts in general (such as data architecture, how bytes and encoding work, etc.), not just doing things in python. It’s also a very intuitive language to read, you can pretty much look at something and tell what it does. A downside is that you have to install it, and depending on what kind of hacking you want to do, it might not be as viable as something else because you can’t count on a target system having python installed unless you break in and install it yourself, which is fairly cumbersome and you’ll more than likely have to use something else to do that in the first place, so why bother?

C is a pretty barebones language like the other poster said, and basically any system you encounter is going to have C on it, so it’s very reliable, especially if you need to execute code from a target system. It’s a very powerful and reliable language for hacking related things, but a downside is that it can be not as “fun” to learn if you’re an absolute beginner to code, and it’s not as readable as some other languages if you’re a beginner too. One of the most famous and simple-yet-powerful networking/hacking tools, nc (or NetCat) is written in C and is basically a swiss army knife. I encourage looking at NetCat’s code once you understand the fundamentals of code concepts: if nothing else, the angry rants from Hobbit dispersed throughout might entertain you. The comments in the code are chock full of his personal commentary. My favorite is the one with “But then again, I like languages wherein a pointer is a pointer, what you put there is your own business, the compiler stays out of your face, and sheep are nervous.”

Powershell is only viable if you’re on windows, but I like it quite a bit as well. Readability isn’t amazing, but it’s a very fun language and can do a whole lot on windows systems very easily. It’s particularly great if you need to automate things. I use it to back up my Dark Souls III saves automatically.

Welcome to rootsh3ll Member's Area
(max) #5

very good source and it is free: http://opensecuritytraining.info/Training.html