pirateducky
Posted on January 21, 2020
We have all been there - specially when you start looking at some of the certs/courses out there like:
And the list goes on, now are these good? sure if you can afford them or if your employer is paying for them, but what if you're in your 20s with a low paying job and a family? That cert could be your rent(it was for me).
When I started wanting to learn how to hack I thought you needed to get the most up to date courses, and books and sometimes I felt like I couldn't do it, like it was out of my reach, but then I just started to learn online, reading blogposts and watching videos - now more than ever the material you need to learn to get your foot in the door is available for free thanks to all the awesome content creators out there.
In this blog post I'll share a few of the resources that have helped me to get started on a budget. I'll be focusing on web application hacking since that's what I've been doing for about a year so I have managed to gather a ton of information about that.
Not exhaustive lists but should get you started, if it does not have a price - the resource is free.
Web applications
The number 1 thing when you want to learn about hacking web application is learning how web apps works, you don't have to be an expert but definitely understand how an application is put together, both frontend and backend.
Report Writing
Reports are a huge part of hacker's day to day activities, report writing should be something that yous stride to become good at, it could be the difference between getting paid for a report and your report being marked informational.
Learn from reports
If you aren't reading other researcher's disclosed reports - you are doing it wrong. I try to read at least 1 report a day and understand what the researcher found and the impact. Read good and bad reports so you know what works and what doesn't. You can find other resources but my go to is H1's hacktivity page.
Books
Reading is a big part of this, you have to be willing to read some pretty dry material, break it down into smaller more digestible pieces, my go to books are
- WAHH(USD $40.52)
- Tnagled Web (USD $44.49)
- Web Hacking 101 (Free when you join H1)
Videos
This one has been getting so much content lately, with creators like @nahamsec, @stökfredrik, @thecybermentor & @InsiderPhD putting out some 🔥 content. Here's a list of youtube channels to subscribe to.
Practice
You have all this knowledge - now what? you practice of course! It's 2020 you don't have to try to hack someone's site, or get in trouble - companies like hackerone have created awesome resources for us to learn like hacker101 an ongoing CTF that rewards you with private invitations to programs that pay money. There's other CTFs that work but this one gives you an incentive to keep going, and the community is awesome.
- hacker101 CTF
- hacker101 Discord
- rootme
- lkwa
- pentesterlab (USD $20/monthly)
-
Portswigger Academy
- Free but you need burp pro for some exercises, still really good resource.
Newsletters/blogs
Some stuff I subscribe to that might interest you
Sharing knowledge is a hacker's way of giving back, is how we interact with one another and make friends, if this helped you please share it so others can have access to the information.
Posted on January 21, 2020
Join Our Newsletter. No Spam, Only the good stuff.
Sign up to receive the latest update from our blog.