Your First Steps into the Cyber Realm

Hello everyone, welcome to my blog post. In this blog we will discuss how to get started into the overwhelming world of cyber security.

In today’s tech-infused world, hacking is a term that carries a certain mystique. It simultaneously fascinates and unnerves, often conjuring images of secretive individuals in dimly lit rooms, their fingers dancing across keyboards as they unlock digital secrets. While hacking may have a reputation for shadowy activities, it’s crucial to understand that not all hacking is nefarious or against the law.

Whether you’re a curious beginner, a tech enthusiast, or someone seeking to bolster your cybersecurity knowledge, this journey will provide you with a roadmap to ethical hacking. We’ll delve into the tools, techniques, and principles that can turn you into a skilled digital detective, working for the greater good in the realm of cybersecurity.

So, fasten your seat belts and prepare to embark on a captivating adventure into the world of ethical hacking. Your voyage begins here, as we shed light on the fundamentals and guide you towards becoming a responsible and skilled hacker of the modern age. It’s time to take your first step towards becoming a guardian of the digital realm. Let’s get started!

Before I begin — everything about this should be totally and completely ethical at its core. I’m not saying this as any sort of legal coverage, or to not get somehow sued if any of you screw up, this is genuinely how it should be.

This guide isn’t for your reckless amusement and shot at recognition with your friends. This is for the betterment of human civilization. Use your knowledge to solve real-world issues.

Why might this guide help you ?

I know there are many blog posts from renowned sources and youtubers which are very helpful and resourceful. So, why invest your time here on this yet another blog post having the same thing.

Before I start I will be jotting down some points on why I decided to write this blog post :

1. As an active student in the field of security, I know what problems are suffered by a student who is just starting in this domain or an enthusiast who is eager to learn about it.
2. To be very honest I have read many blog posts and have seen many Youtube videos on how to get started. Seeing the content it feels like it is overwhelming. Yes it is overwhelming but in this guide I will try to summarize all the knowledge of how one can get started into this domain. PS — I have tried a lot of Youtube videos and followed many pathways from reading blogs but I will suggest that please don’t blindly follow any guide. In this domain everyone’s path is different so I would request you all to make your own path but take suggestions from different roadmaps . That’s what I did at last.
3. I have already taken seminars where I have discussed how to get started in cybersecurity / offensive security and bug bounty. But the audience there is limited and with this blog, I am trying to share my knowledge to everyone ( whoever comes across this blog post ).

Let’s get started

I have seen people only keep studying theory and not doing practical things and stating that they have a very deep knowledge in the field. And when I ask them about the practical work they have done or the labs they have solved, they have nothing to answer. Please don’t make this mistake. Cybersecurity is all about having practical knowledge and hands-on practice.

I will be breaking this guide into parts and each part will be a phase of every learner in this domain and people can relate who are already working in this domain.

Phase 1 ( Absolute beginner )

In this phase people are amused by the term hacking without even knowing what hacking really looks like in real life. How brainstorming it is, and sometimes how boring it is. People see movies where hacking is shown in such a way where a hacker with a hoodie in front of several monitors hack into servers or friends’ systems. Please trust me it’s not at all like that. Hacking into systems is not that easy in today’s world.

People start searching things on internet like:

• How to become a hacker.
• How to become a hacker easily.
• How to hack android phones.

Searches are like this !!!

There are videos on Youtube which will state that : Learn ethical hacking in 24 hours ( please do not fall in this trap and waste your time )

In this phase one should learn about :

• Basics of networking
• Linux Basics
• How windows work
• Learn scripting
• Learn a programming language ( you can learn this any time )

Now I will explain each point in a brief manner including resources :

Basics of Networking

In this section we should learn about about basics of networking such as:

• Different models ( OSI and TCP/IP )
• A bit of network topology
• About Headers
• IP addresses
• Subnetting

Listed above are just a few topics. There are many topics which you will learn while learning about networking.
One mistake I made during this phase was I was so focused on learning networking that I almost wasted more than a year just on networking. I started with some courses, then eventually got bored when the difficult part came and changed the course again. I started with the easy part and the process kept repeating itself. And I had net gain ZERO.

After this, I decided to take CCNA because it was difficult for me to stick to other courses. To be honest, I even changed many CCNA courses as well, but in the end, I bought one course from Udemy and kept doing it. Before that I searched for courses online for free. You just need to be good with searches. CCNA is not compulsory, neither do I recommend, but having one won’t be a problem.

Resources :

• https://www.youtube.com/watch?v=H8W9oMNSuwo&list=PLxbwE86jKRgMpuZuLBivzlM8s2Dk5lXBQ
• https://www.udemy.com/course/ccna-complete/

https://www.hackers-arise.com/networks-basics ( very recommended ) if you can find the course then go for it ( P.S. I was able to find the course so you all will be as well )

There are many other options such as TryHackMe, HackTheBox and many others. Feel free to see all but stick with one and don’t repeat my mistake.

Linux Basics

This is a bit interesting because it is more practical and hands-on. All you need here is discipline. You need to practice the commands regularly. As our brain has become so comfortable using windows people don’t go in this hard path. But very few know if one knows how to use Linux, they can literally have full control over their system.

Process :

• Just go on Youtube and search Linux basics there will be many video/playlists available. Try doing TCM security’s or hackersploit’s playlist. Others are good as well.
• Go to the website OverTheWire and start solving bandits.
• Go to TryHackMe and HackTheBox and start solving boxes related to basics of Linux

If you have done all these three steps you are good to go. You will never learn complete Linux at one go. It will be a long process. I still can’t remember all the things I have studied. I have my Comptia Linux+ certification but I don’t remember most of the commands and honestly it is not possible to remember all the commands, you will only remember the relevant commands which you will use on an everyday basis.

How windows work

We all use Windows but do you all know how to use windows it is also very necessary you know how to use your primary OS. This is also very important knowledge to have because maximum of the system which you all will hack will be windows based only.

Here I will link a playlist which will tell you all the required information about the topic:

Up to video number 22

Scripting

Before I start writing about this section, I would suggest all my readers and fellow hackers to run this process of learning scripting and programming; do it parallelly. With the next phase.

So in scripting you all need to learn

• Bash ( learn this in depth it will be extremely required )
• Powershell

I will provide the playlist for bash and power shell down here :

Programming

As many of you must have heard, programming is not that important in the field of cybersecurity. I don’t agree with it. Programming is necessary. Knowing one programming language completely is an extreme upper hand. For me it’s Python and Rust.

As a hacker we all have to understand multiple languages, we don’t need to be proficient in that language but can understand what the piece of code is doing.

There are multiple resources to learn a language so I won’t be listing it down here. But choose a language and start learning. Just start learning it.

Phase 2 ( Practice Phase )

Now as you all have basic knowledge of Networking, Operating Systems and a bit more about Linux. A basic knowledge about scripting, so now lets come into practicing our skills aka hacking.

There are many platforms where you can practice hacking.

I will name a few here :

PortSwigger’s Web Security Academy Labs

This is the place to start for anyone who wants to learn about web hacking. The Web Security Academy is a free online course taught by Burp Suite. The course covers everything from basic ethical hacking practice tests to advanced techniques like fuzzing and exploiting vulnerabilities in web applications. The first module of the course walks students through the basics of setting up their lab environment so they can practice on their computers or in their cloud service provider (CSP). The website also has links to other resources to help you start ethical hacking.

HackTheBox

This is where you can practice hacking on different virtual machines. HackTheBox is one of the most popular ethical hacking websites. It offers a wide range of challenges designed to help you learn about various security concepts and techniques. The challenges range from simple to very difficult, so it’s essential to start with the easier ones and then move on to more advanced ones as you gain experience.

PentesterLab

This is one of the best platforms for hacking online practice. The platform offers courses on web application hacking, penetration testing, network security, reverse engineering, and more. Their courses are a little pricey, but they are well worth it. The courses are designed in such a way that they cover all aspects of ethical hacking, from basic to advanced levels. The platform also provides certification programs for different levels of expertise in ethical hacking. Some tests require more advanced knowledge, but they’re not common.

HellBound Hackers

HellBound Hackers is an online community that brings together hackers from around the world who love sharing their knowledge with others through tutorials, guides, and forums. The website focuses on teaching people how to protect themselves against hackers rather than how to use hacking tools and techniques themselves. It offers great resources for beginners and those who want to learn advanced hacking techniques like exploiting mobile devices and networks using Wi-Fi-related vulnerabilities like KRACK or BlueBorne attacks (which affect Android devices).

VulnHub

VulnHub is a community for hosting and learning about security vulnerabilities. It’s a great place to learn about web application security and common vulnerabilities. Also, you can check the heath Adams ethical hacking course for a better understanding. The website hosts virtual machines with different vulnerabilities that can be accessed through SSH. When you find a vulnerability, you can report it to the VulnHub team so they can fix it. Once the vulnerability has been fixed, you get points based on how severe the vulnerability was.

TryHackMe

TryHackMe is another website where users can hack into vulnerable machines using their tools and techniques. The site lets users set up their servers and invite others to try and break into them using exploits they’ve found or developed themselves. This allows users to learn how real-world systems respond under attack while also allowing them to hone their skills by trying their hand at increasingly complex challenges over time as they become more comfortable with ethical hacking.

Juice Shop

OWASP Juice Shop is a game that replicates an e-commerce site with several security issues. Visitors can hone their cyber capabilities by attacking flaws in a website that is very similar to the real one. Gamers can also exercise their bug-finding abilities since Juice Shop does not provide difficulties in a heading-wise order but rather replicates them on an e-commerce site.

Security Shepherd

This OWASP fragile initiative focuses on web app and smartphone app flaws. The program is available for download on GitHub and can be installed directly on your computer. Skilled programmers can then work on various ethical hacker certification practice test tasks while improving their expertise. Users can also obtain help from hints if they get trapped. The tasks are centered on understanding the top ten OWASP problems and other frequent flaws. This platform allows users to take many different courses based on their expertise, from beginner to advanced levels. This is a reputable, ethical hacking practice website rapidly growing in popularity.

Defend the Web

Defend the Web is yet another great website that offers free courses on ethical hacking and penetration testing. The courses are divided into web app security, mobile app security, and information security management system (ISMS). You can also check out their blog, where they post articles related to cybersecurity news, tools, and tutorials. The site also features an impressive list of tools that can be used by hackers and security professionals alike, including Metasploit, Nmap, and Aircrack-ng.

OverTheWire

OverTheWire is a website that you can use to learn various hacking techniques and tools. The site currently has over 1,300 challenges available for users of all levels and interests. Many of the challenges teach basic security concepts such as encryption and authorization mechanisms. Others are more advanced and require an understanding of common exploits used by hackers.

Game of Hacks

This website offers challenges in various categories like cryptanalysis, reverse engineering, forensics, web security, etc. You must solve problems in each category and earn points based on the difficulty level of the challenge. You also get a rank depending on your performance in each challenge. Once you complete all the challenges at a particular level, you are promoted to the next rank, and if you fail in any challenge, you’ll be demoted to the previous rank.

CTFlearn

CTFlearn is an online platform that provides users with various hacking challenges to help them learn the skills necessary to become an IT security professional. The site has many different categories, including cryptography, malware analysis, network security, web application security, etc. In addition, users earn points as they complete an ethical hacker certification practice test, which can be redeemed for certificates or badges from many different colleges and universities. The interface is user-friendly, and it has a large community where you can learn from other users.

Root Me

Root Me is another free platform that allows users to learn how to hack into systems by completing challenges. There are currently, over 100 challenges available on the site that cover several different topics like networking protocols (PPTP), mobile devices (Android), operating systems (Linux), and more. Each challenge has its own set of instructions, so you’ll know exactly what needs to be done to complete it. This site provides an online learning environment for cyber defenders, who will use their skills to protect against attacks on their systems.

BodgeIt Store

BodgeIt Store is one of the best websites to practice ethical hacking. It contains a wide range of tutorials and articles on ethical hacking, which will help you learn the basics of penetration testing, web security, etc. In addition, it includes multiple courses on ethical hacking, networking, and much more.

HackerRank

HackerRank is a platform where you can solve coding challenges to improve your programming skills and get rewarded with certificates if you solve all the problems correctly within the time limit.

Now comes phase 3 which is understanding advanced topics. I won’t be adding the rest of the phases here because people won’t be able to grasp it.

This guide alone can give someone a great kick start.

Your journey into the world of ethical hacking has just begun. It’s a realm of endless learning and discovery, where your skills can make a positive difference in an increasingly interconnected world. So, whether you’re seeking a career in cybersecurity, aiming to protect your own digital assets, or simply intrigued by the art of ethical hacking, know that you’re on a path that holds the promise of constant growth and the potential to make our digital world a safer place.

If you’ve found the information or assistance I provided to be valuable or helpful in any way, I would greatly appreciate your feedback and acknowledgement. Your appreciation not only encourages me but also helps me improve my ability to assist and provide information in the future. Thank you for taking the time to share your thoughts and express your gratitude.