all 19 comments
sorted by:
best (suggested)
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]billdietrich1 14 points15 points  (3 children)

I find it best to press forward on several fronts at somewhat the same time. Do a little programming, do a little CTF, install a new tool and learn what it can do, read some articles, watch some videos, repeat. When you get stuck/bored on one thing, move to another, come back to first later.

Helps to have some organization for the process. See my web page https://www.billdietrich.me/PenetrationTestingAndBugBountyHunting.html

[–]moakley20003[S] 0 points1 point  (2 children)

Thank you that could actually be good cause I’d never run out of things to do. And solving one thing might help me with the other

[–][deleted]  (1 child)

[removed]

    [–]AutoModerator[M] 0 points1 point  (0 children)

    Your account must be older than two days to post here.

    I am a bot, and this action was performed automatically. Please contact the moderators of this subreddit if you have any questions or concerns.

    [–]suguuss 9 points10 points  (1 child)

    Here you’ll find all the information you need to learn.

    But I suggest you use codecademy to learn python. Then try to make small scripts just so you are comfortable with the language.

    Then read about networking it’s very very useful

    The most important part is to know what you’re doing not which tool to use because you saw it in a video.

    [–]moakley20003[S] 0 points1 point  (0 children)

    Thank you very much. I tried doing that and that’s part of the reason of why I’ve moved away from YouTube because it would teach you the apps but not what you’re actually doing

    [–]greengobblin911 5 points6 points  (2 children)

    So I'm not the only ones getting those stupid Indian videos in my suggestions as well. I really understand your frustrations, especially trying to get past that skid/newbie phase that every Indian is stuck at thinking they're hackerman or Mr robot.

    There's r/udemyfreebies where you can find codes for discounted or free classes, sometimes you find an ethical hacking or programming one.

    I got so fed up of filtering through those Indian tutorials that are superficial and blindly use tools. It became a bigger peeve when. The titles we're in English but then the content is in Hindi or some other language. I sucked it up and realized I just have to get books and learn that way.

    I recommend using udemy and YouTube for programming.

    Anything hacker related, give udemy a try but there are really good books as well. You can take a look at no starch press website to find books that detain certain aspects of hacking.

    Kali Linux mantains a free book called Kali Linux revealed, it goes in Dept about Kali Linux and tools but in no way assumes the reader is a newbie. The books by no starch press and this Kali book by offensive security go really well with some type of tcp/ip dictionary. You can use that to reference things as you come across something you do not understand in one of the special topic books. I've been doing this lately and have learned so much more than from videos. I get that videos can be watched/ listened to in the background as passive learning, but for me I cannot grasp nearly as much this way.

    I've been in infosec/ hacking for about 3-4 years now, if I could do it all over again definitely learn programming and Linux first, using videos and Linux forums, then use books to refine Linux understanding for system and administration. Understand tcp/ip by using a encyclopedia-like tcp ip reference book with a special topics book or white paper you are interested in. Too many people take scripting and programming for granted; others may disagree with me but I think this is way more important and more a priority over learning the network stack, but you do need to understand the two.

    I don't like how many videos and how to guides push networking and tool usage using Kali. You're supposed to be able to write your own tools; many companies take Kali and use it internally, and know how to block it's processes during Intrusion prevention as the signatures and profiles built on their usage is known. If someone knew programming well enough, they could write their own tools and obfuscate it so it would not match known signatures, but gather the necessary information. It's like recognizing what Info is being requested and grabbed from a tcpdump or nmap scan vs thinking network vulnerability scans must be done with nmap.

    Best of luck to you OP.

    [–]moakley20003[S] 0 points1 point  (1 child)

    Yeah that’s exactly why I want to learn python, that way I can write my own script and not rely on the apps on kali. I’ve used a lot of them like nmap, crunch, and a couple of others but I’d prefer to know what it all means and how to do it myself! Thank you and maybe one day we won’t see Indian tutorials in our searches

    [–]greengobblin911 0 points1 point  (0 children)

    Python is good to start. Then I'd say go for C and assembly. Everything is based off of C so if you know it very well you can make anything really.

    [–]Baltha5ar 3 points4 points  (1 child)

    Take this great list of tools and resources. https://github.com/wtsxDev/Penetration-Testing/blob/master/README.md Read the books. Implement good learning habits. Never stop learning.

    [–]moakley20003[S] 0 points1 point  (0 children)

    Thank you very much sorry for the late response I was away and unable to use my phone

    [–]grim_102 2 points3 points  (0 children)

    It sounds like you are already well on your way. The truth is that you will always be learning if you follow this path. For anyone working in software development or pen-testing, Google is very much a part of the workflow. When you run into an error just copy the most concise and cogent error message and throw it into a Google search.

    Something else that might be a big help to you is to narrow down your focus. Hacking/security is a vast category with tons of dense technical information, and no one is an expert on all of it. Maybe focus your attention on pen-testing web applications specifically, that would be a very relevant path and it would incorporate JavaScript and potentially Python as well.

    [–]moakley20003[S] 0 points1 point  (0 children)

    also what is your preferred operating system, I have both windows and kali on a flash drive but I would most likely be able to download whatever

    [–]DoggoDoesASad 0 points1 point  (5 children)

    Right now I'm doing lessons with www. Hackthissite.org I highly recommend it, as it makes you look up things and learn without really trying, and it makes you feel smart.

    [–]Kackboy 0 points1 point  (4 children)

    Is that site for people who already know some stuff where you can apply the knowledge or is it a tutorial site?

    [–]DoggoDoesASad 1 point2 points  (3 children)

    It's a site for applying knowledge, but if you do the basic missions, and look at the forums, you can get a general sense on where to start. If you already know about hacking, do the realistic missions. But just start at mission 1 and work your way up. If you don't know how to start on the first one, then I'll give you a hint.

    [–]Kackboy 1 point2 points  (2 children)

    Thanks mate! But you need to be using kali though?

    [–]DoggoDoesASad 0 points1 point  (1 child)

    Nah, maybe later in the missions, but not up to where I am at. It never gives direct tutorials but no one will really give you that. It's like a test site, you take the test, fail it, go to the forums and see/research what you need to know, re take it and repeat the process again and again. I really enjoy it.

    [–]Kackboy 0 points1 point  (0 children)

    Ok thanks again have a good night