I want to get into ethical hacking and pentesting. No prior experience. Where do I begin?

(Kent) #1

I know some networking basics, been reading and watching video tutorials about Kali Linux etc. I’m looking to educate myself a bit more before I’m going to school.

How did you guys start out?

How to Speed up Dictionary Attack?
(Kyle Nehman) #2

I’m probably about to give you the same seemingly copy pasted response you’ve seen everywhere, but you’ve gotta jump in! The number one skill I can recommend is to learn C and learn it well. Any programming is good, it lets you learn the basic logic and paradigms that programmers use, but C can be low level enough that you really figure out whats going on. (Especially if you ever want to get into reverse engineering or using assembly). And I absolutely recommend reading Hacking The Art of Exploitation, if just for their C section alone, it’s a great book.

As far as practicing goes, there’s a ton of sites like canyouhack.us and hackthissite that let you practice your skills, on top of CTFs and setting up your own VMs.

Security and hacking is one of those massive fields that encompasses so much stuff that it’s easy to get discouraged. Keep on it and eventually it’ll pay off. And if you’re about to go to school soon tell your professors about your interests after class or during office hours! It might seem silly when you’re in an intro to python class to ask about buffer oveflows but they’ll know what you mean and know you’re seriously interested, and a foot in the door can be a huge help.

(Hardeep Singh) #3

First things first!
Having a strong foot in programming is a must if you want to play longer with less hassle and more freedom to create, break and fix stuff!


Cybrary and null-byte are a great starting point for beginners. however you can (and should) join other subreddits like /r/HowToHack and /r/NetSec to stay updated and aware.

Join the irc, and start doing bandit on OverTheWire

YouTube Hacking Channels

YouTube channels like Seytonic, JackkTutorials are real gems for budding hackers… to discover new channels just look for suggested videos, YouTube sorts videos with related or higher quality content/channels usually.

Hackers on Twitter

Make sure to subscribe to them and follow on Twitter (@seytonic | @jackktutorials). and also subscribe @DefCon, BlackHat and Hacktivity’s Twitter and YouTube handles.

Hacking Video Courses

For paid courses you can search Udemy, PentesterAcademy as per you interest


Welcome to the community @Internet. All the very best. And…

Keep Learning!


Learning to write scripts, even simple ones, is an invaluable skill and will set you apart from “script kiddies.” There are lots of good languages to learn, each with respective upsides and downsides. My experience is more with code than hacking, but here’s some information on a few languages you may or may not want to start with, depending:

Python is a good language because it’s very easy to learn but can still do a lot, so it’s a particularly good choice for total code novices. Learn Python The Hard Way is a great resource because it gets down to the very barebones level of code concepts in general (such as data architecture, how bytes and encoding work, etc.), not just doing things in python. It’s also a very intuitive language to read, you can pretty much look at something and tell what it does. A downside is that you have to install it, and depending on what kind of hacking you want to do, it might not be as viable as something else because you can’t count on a target system having python installed unless you break in and install it yourself, which is fairly cumbersome and you’ll more than likely have to use something else to do that in the first place, so why bother?

C is a pretty barebones language like the other poster said, and basically any system you encounter is going to have C on it, so it’s very reliable, especially if you need to execute code from a target system. It’s a very powerful and reliable language for hacking related things, but a downside is that it can be not as “fun” to learn if you’re an absolute beginner to code, and it’s not as readable as some other languages if you’re a beginner too. One of the most famous and simple-yet-powerful networking/hacking tools, nc (or NetCat) is written in C and is basically a swiss army knife. I encourage looking at NetCat’s code once you understand the fundamentals of code concepts: if nothing else, the angry rants from Hobbit dispersed throughout might entertain you. The comments in the code are chock full of his personal commentary. My favorite is the one with “But then again, I like languages wherein a pointer is a pointer, what you put there is your own business, the compiler stays out of your face, and sheep are nervous.”

Powershell is only viable if you’re on windows, but I like it quite a bit as well. Readability isn’t amazing, but it’s a very fun language and can do a whole lot on windows systems very easily. It’s particularly great if you need to automate things. I use it to back up my Dark Souls III saves automatically.

Welcome to rootsh3ll Member's Area
(max) #5

very good source and it is free: http://opensecuritytraining.info/Training.html

(Zunine Trevor) #6

I have come across www.infosecaddicts.com and they are teachin info sec enthusiast about ethical hacking for free. Here is the link- https://infosecaddicts.com/course/certified-ethical-hacker-v10/

I hope it helps.

(Hardeep Singh) #7

Although the course is free, the examination cost is around $800. and C|EH is something that I’d never suggest a beginner to look forward to. It is just not worth the effort. It’s better to prepare yourself for something better, like OSCP.

If you are a beginner reading this, it’d be good for you to take the course from InfoSecAddicsts, but not worth your money if you actually take the exam. So, learn from the course and move on to better stuff. sharpen your skill set and utilise your money and time.

(-) #8

/r/howtohack has irc (irc.zempirians.com/6697) and discord (https://discord.gg/Y7MZ5hw) for real-time conversations on the topic ^^

(Hardeep Singh) #9

IRC is cool. But about discord, I’ve never seen some legit and clear conversation in any of the discord servers. it has always been a mess and a plethora of unnecessary responses.

Ratio would be like 1:5 on the level of usefulness.

I may be totally wrong. What do you think?

(-) #10

Discord is all the rage these days, but I for sure like irc better. Also it’s highly matter of moderation, and dependent on the size of the community.

(Hardeep Singh) #11

Agree. IRCs are still better. I used discord once on my mac to share screen. and my mac froze to death. It still does every time I use screen sharing. Don’t know why. App’s UI is top notch but UX… meh!

(Andrei L.) #12

Try to start with this article.

(Hardeep Singh) #13

That’s a really great article. Thanks for sharing @lermontoff