First things first, dispose of any conception you have of what a hacker is. At its most fundamental level, I think a hacker can be defined as someone who accomplishes a task in an unexpected manner. This is the definition I will be sticking to here.
You might be asking yourself, why should I trust you? Who am I? What have I done? All great questions. Well, I’m not some elite pentester or got a lot of vulns under my belt. But I do have a decent grasp on the basics to be sure.
Ok, everyone was gone? Cool, the basics are what allow you to succeed. The difference between a “script kiddie” and a “hacker” is understanding what they are doing, why, and how it works.
A lot of people seem so interested in the what, or the how, but not as much the why. That’s because the why is often the part that makes you learn everything from C to python, from Linux to Windows, from UDP to TCP/IP. But I will tell you this. I have an appetite for knowledge and are ready to jump in then follow me down this rabbit hole.
To get started my suggestion is to learn how to use Windows better. Specifically learn the command prompt, PowerShell, registry editor, group policy editor, and if you can, the API calls for windows itself. why windows first? because most of you are probably most familiar with it.
Next, you will want to study mac and see how it works, get a hang of the terminal. then move onto Linux, learn the tools and its pros and cons, find out why rm -rf / is a bad idea. install and uninstall programs, break Linux, and fix it. absorb all the knowledge you can, and stay away from kali, you’re not going to need it.
Now that you know windows, macOS, and Linux we can move on to programming. here you want to learn a few languages. I suggest one scripting language, a database language, and a compiled language start. some scripting languages are python and Perl. as for database, I highly suggest SQL and for the compiling language, I wholeheartedly prefer C. No, I don’t mean C++ I mean C. The reason is that C has far less overhead thus making it easier to decode your code when it comes to disassembly and reverse engineering.
Once you have a decent grasp on that, dive headfirst into the wonderful world of networking. learn the most common ports, learn the protocols, and find how to make your own computer and network security. if you want to get into security, we must first know what a well-secured network looks like, only then might we be able to spot what a vulnerable one looks like. more importantly, then we can understand why it is vulnerable. And this is just the beginning of knowing what you need to become a hacker.
So far that’s a lot of stuff to learn, right? yeah, it is. this isn’t something you can pick up in a day, a week or months. its a process. does that sound like too much work?
If it does, and you are looking for a shortcut and don’t want to go through all that, then go take your Udemy courses, go read your book on just pentesting, good luck to you. but you won’t ever be able to get a job like that sorry. if you decide to follow this advice then you have the respect of every computer security expert out there I know because you are finally on the right track.
Now for some more interesting stuff, I suggest looking into the assembly for x86 and 64bit architecture. to make it more interesting, set up a honeypot with your new skills and RE some malware. that will teach you assembly. learn how computers really work on the machine code level. this is the skill you need for developing your own payloads and exploits.
Then move on to kali finally. Learn how buffer overflows can be exploited, how do structured exception handling exploits work? Can you make your program crash and display deadbeef? Great, you’re almost there. start reading more vulnerabilities, not just for info on how to exploit it, but how and why they work.
Eat, sleep, and breathe all of what you have learned and never stop consuming information. Find a preference for vim or emacs (required) and learn mfsvenom, learn apache, iis, and any other servers you can. have fun with Nmap and don’t be stupid. Master Metasploit and go crack some boxes on ctf sites.
Continue to always look for more books to read, more videos to watch, more bugs to exploit, and new tools to use. but never forget why you are doing something.
If you’ve gotten to this point you have gotten farther than probably 99.99% of all people who ever venture out to learn to hack. now is when you can begin to consider yourself not just another noob fumbling in the darkness.
From this point onwards, your education isn’t so rigid, you can choose a specialty, learn more, and never stop doing so. And always remember, everything can be hacked so good luck.
I hope it helps set some of you on the right path. as for resources to use? Well, I always prefer books, especially the longer ones that explain more. Specific books? Sorry but I don’t have a ton of recommendations, I will tell you that you don’t always want to rely on one source for anything.
I hope I’ve given you a great preview of what you need to become a hacker.