$whoami - My Background
My name is Siddhant Chouhan, I am from New Delhi, India. I am a cyber security enthusiast and have keen interest in vulnerability assessment and penetration testing. I love taking part in capture-the-flag competitions, solving HackTheBox, TryHackMe and Vulnhub boxes. I get a lot of messages on LinkedIn where people ask me how to get started and break into cyber security, so this post will be all about breaking into cyber security. I love this field so much because we are doing everything practically and not just studying theoretical concepts, so get ready for a fun ride!
Getting Started
To get started there are no prerequisites, if you are willing to learn and put in the work then you are all set. Hacking is all about understanding how something works and then we look for ways to carry out unintended actions. Let’s start with the steps you should take to get started.
Step 1: Learning Linux
Why should you use linux?
- Linux is free and open source
- There are thousands of open source hacking tools available for linux
- You can customise it to however you like, visit r/unixporn/ to explore more
- There are useful utilities which will help you in handling data, managing multiple terminals & keeping things organised
- Works fast even on low end systems
Resources for learning linux:
OverTheWire Bandit | https://overthewire.org/wargames/bandit/ |
The Linux Command Handbook | https://www.freecodecamp.org/news/the-linux-commands-handbook/ |
Introduction to Linux and Basic Linux Commands for Beginners | https://www.youtube.com/watch?v=IVquJh3DXUA&ab_channel=sakitech |
Linux - Tutorial for Beginners in 13 MINUTES! | https://www.youtube.com/watch?v=BMGixkvJ-6w&ab_channel=SkillsFactory |
How to Install Ubuntu 20.04 LTS on VirtualBox in Windows 10 | https://www.youtube.com/watch?v=x5MhydijWmc&ab_channel=ProgrammingKnowledge |
OverTheWire Bandit Walkthrough | https://www.youtube.com/watch?v=ff2Au8BIy_A&list=PLBf0hzazHTGOIn_vuuuCzRFVhYiDBnJID&ab_channel=HackerSploit |
Step 2: Becoming a Jack of All Trades
After learning basic linux, now you have to study basic full stack web development (html, css, javascript, php, python, mysql), cryptography, networking, information security fundamentals - CIA triad, AWS basics, digital forensics. The thing is when you will learn how to build stuff, that’s how you will become able to break stuff as well.
There are thousands of youtube videos, udemy courses and a lot of free resources for these. Explore and try out multiple sources see what works for you. This step is all about building a strong foundation, this ofcourse will require you to dedicate a good amount of time, but just know that having this knowledge is going to help you in finding vulnerabilities, understanding exploits written by other researchers, help understand cyber security more.
It’s completely fine to have even a basic understanding of these things, you don’t have to be an expert just the better you understand these things, further things will become easier for you to understand.
When it comes to hacking & cyber security, understand that the more knowledge you have about a target system or network, the more options you have available. Knowledge == Power
Step 3: Welcome TryHackMe
After you have built a sound foundation, visit https://tryhackme.com and dive into the world of cyber security. Create an account, read the instructions carefully then complete the following rooms:
- https://tryhackme.com/room/beginnerpathintro
- https://tryhackme.com/room/linuxfundamentalspart1
- https://tryhackme.com/room/linuxstrengthtraining
- https://tryhackme.com/room/furthernmap
- https://tryhackme.com/room/webfundamentals
- https://tryhackme.com/room/vulnversity
- https://tryhackme.com/room/basicpentestingjt
- https://tryhackme.com/room/owasptop10
- https://tryhackme.com/room/mrrobot
- https://tryhackme.com/room/lazyadmin
Step 4: Reading bug bounty writeups
Now that you have basic cyber security knowledge and solved some rooms on tryhackme you should now learn about how real life security vulnerabilities were found, best way to do this is by reading bug bounty writeups written by other security researchers. Visit Pentester Land, read how the security researchers found the bugs, and this way you will learn different kind of security bugs and how you can chain several vulnerabilites and build exploit chains to increase impact.
Step 5: Become a security researcher, welcome hackerone
Now it’s time to put your skills to the test visit https://hackerone.com create an account, pick a program, read the rules and start hacking and get paid for it. Ofcourse you will not find bugs easily, but if you keep learning new concepts, read writeups written by other security researchers you will with hardwork and dedication find your first bug. Also contribute to open source by finding security bugs, you can find a lot of projects on github.com, I personally find this as a great way to practice white box pentesting.
Step 6: Eat, Sleep, Hack, Repeat!
Now you have to keep on learning about different technologies, new security vulnerabilities being found, play ctfs, solve hackthebox, tryhackme boxes and vulnhub boxes, improve your programming skills, take courses on udemy about privilege escalation, study about active directory security, block chain security, binary exploitation, reverse engineering, malware analysis, detection and incident response, auditing, digitial forensics, application security, data security and more!
Go through the following youtube channels:
Step 7: Turning your passion into profession
After you have good knowledge start applying for jobs, you can be a:
- Penetration Tester
- Security Engineer
- Malware Analyst
- SOC Analyst
- Information Security consultant
- Red/Blue/Purple Teamer
- Exploit Developer
- Security Architect
- Vulnerable Lab Designer
- Content Creator
Well that’s all from me, if you have any queries feel free to reach out to me via twitter @siddhantc_ and happy hacking!