Introduction:
1、How to learn hacking: The (step-by-step) beginner's bible for 2024
2、Hacker for Hire [2023]: How Easy is it to Find a Professional Hacker?
How to learn hacking: The (step-by-step) beginner's bible for 2024 ♂
Who doesn’t want to learn how to hack? ??
Who doesn’t want to learn a skill-based superpower that could be wielded for good…or bad (mwahaha)?
That was my initial reaction to realizing that hacking was officially a “thing” while studying for my Computer Science BSc degree. My first probe of a target system for exploitable information (aka enumeration) marked the point of no return for me. I was all in.
From then on, all-night hacking events with friends filled many weekends. We even formed an intense cybersecurity study group to learn and share knowledge. And, to cut a long story short, I became an ethical hacker who is now part of a one-of-a-kind community that makes the skill of hacking accessible to anyone willing to learn it.??
In this post, I’m sharing the truth behind the wonderful wizardry that is hacking. You’ll see what it takes to learn hacking from scratch and the necessary steps to get started!
A textbook definition of “hacking” is the act of finding exploitable weaknesses in computer systems, digital devices, or networks to gain unauthorized access to systems and data. Real hacking, however, is more than that.
It’s a technical discipline and mindset that requires outside-the-box thinking, creativity, and persistence in the face of evolving and unforeseen challenges. What happens when you follow an established path to exposing a vulnerability or flaw, and there’s nothing to find? How do you avoid detection once you’ve infiltrated a secure system? How can defenses be improved for the target you’re hacking?
This outside-the-box mindset applies to the different types of hacking that even include physical (testing the security of a physical location) and social (exploiting human errors or vulnerabilities).
Many references to hacking portray it as a malicious activity orchestrated by rogue hoodie-wearing tech wizards. This is not the case. At Hack The Box, we champion ethical hacking because it’s akin to a technical superpower that can be used for the greater good: to help protect modern infrastructure and people.
Ethical hacking requires the knowledge and permission of the business before infiltration. It’s about finding the weak spots before the bad guys do and fixing any flaws before they become exploitable by malicious hackers.
Related read: Best entry level cybersecurity jobs for aspiring hackers.
Organizations hire Ethical Hackers or Penetration Testers (the common term used in industry to describe the job description of professional hackers in the corporate world), to proactively simulate attacks against their networks, devices, software, users, applications, and just about anything that could expose them. This allows them to be a step ahead of any nefarious hacker by gaining insight into and improving on weaknesses.
At the end of the day, these security professionals are there to help businesses and do everything in their power to keep them as protected as possible. Having a set of guidelines distinguishes the good guys from the cybercriminals, and also lets businesses employ hackers with more confidence.
Haris Pylarinos, CEO, Hack The Box
Recommended read: How to become an ethical hacker.
Hacking isn’t innately “good” or “bad.” Like the internet itself, or any digital device available to us all, it could be used for both purposes depending on the user's intention and how they perform their actions. This is why hackers are typically grouped by their intent:
White hat hackers: White hat or ethical hackers are often described as the “good guys.” They strengthen security by assessing a computer system, network, infrastructure, or application with the intention of finding vulnerabilities and security flaws that developers or other security professionals may overlook.
Script kiddies: Low-skill hackers who use scripts or programs developed by others to conduct attacks, but do not truly understand how things work. Script kiddies use pre-made exploit kits or separate programs because they are unable to write malicious tools on their own. Their motives for hacking are usually personal, such as to impress friends, get revenge, or have fun.
Black hat hacker: Black hat hackers are cybercriminals who break into networks and systems with malicious intent. An example of a (former) black hat hacker is Kevin Mitnick, who is notorious for hacking large organizations such as IBM, Motorola, and the US National Defense system. Kevin is now on team white hat, fortunately.
Gray hat hacker: In his guide on how to become a pentester, Ben Rolling, our Head of Security shares how a gray hat “friend of a friend” found a major flaw in a big (Fortune 500) company. This friend, with good intentions, reported it to the organization suffering from the flaw, which resulted in him being arrested and sent to prison. This is a cautionary example of gray hat hacking. Gray hat hackers fall somewhere between white and black hat hackers. While their intentions are generally good-natured, their actions are often illegal because infiltrating systems and networks without authorized access is illegal.
Fun fact: These terms are inspired by symbolism from Western films in which heroes wore white hats and villains wore black hats.
Interested in landing a job as a pentester or hacker? Brush up on these 30 critical cybersecurity interview questions and answers!
The short answer is: yes, most people can learn how to hack provided that they give themselves enough time, have the right attitude, and commit to the process ahead. We’ve witnessed stories from the community of hard-working people who took an interest in hacking (despite not having technically-relevant backgrounds) and are now good enough to get paid to hack ethically and professionally:
Jeremy Chisamore was hit by layoffs and events outside his control and still carved out a career in cybersecurity; going from struggling poker player to Senior Penetration Tester at Oracle.
Chuck Woolson, a former United States Marine changed careers in his 50s and became a Red Team Operator with little prior experience.
Josiah Beverton started off studying physics, but his passion for cybersecurity lead him to become a professional Penetration Tester with experience in Blue and Red Team roles.
Gary Ruddell left the military to pursue a cybersecurity career and become the Regional head of Cyber Threat Intelligence at a global financial organization.
With that said, there are shared traits among successful hackers that indicate how much enjoyment you’ll get from learning how to hack:
A passion for problem-solving: A college or recognized training certification certainly helps you acquire the knowledge, skills, and abilities required to work as a pentester; but a great hacker is a tenacious problem-solver at heart!
The ability to think outside the box: To defend against an attacker, you must think and act like one. This requires the ability to not only respect, but also think beyond routine practices like firewall reviews and scanning for known vulnerabilities.
A love of learning: Most professional hackers I know enjoy learning, which makes sense considering how fast the digital world moves. And that’s one of the many beauties of learning how to hack; there’s always new hardware, applications, concepts, and vulnerabilities to explore. You’re free to specialize, upskill, or pursue a career (it’s no secret that professional hackers/penetration testers are in extremely high demand) in whatever specialty you want.
When I started, there were fewer publicly available resources than there are now. Most of our learning was done via internet relay chat forums (IRCs) and learning from others in the community. You also had to download your own virtual machine or build a hacking lab at home for target practice. Nowadays, content and training are more accessible with cybersecurity training and upskilling platforms like Hack The Box (HTB).
Beginners should start with the fundamental cybersecurity skills one will always need when hacking: Networking, Linux, Windows, and scripting. Regardless of how advanced or basic your exploits become, you’ll always call upon the knowledge and skills related to these core domains. Mastering these fundamentals will also accelerate your ability to learn more advanced hacking concepts, techniques, and tools.
Most things in hacking or cybersecurity revolve around a network. This is why a firm grasp of networking fundamentals is foundational for beginner hackers who are learning the ropes. Understanding how networks are structured and how devices communicate means you can identify, protect, exploit, and of course, remediate weaknesses in networks. With this knowledge, you’ll know what services are running on a server, what ports and protocols they’re using, and how the traffic behaves.
Related read: Learn cybersecurity for free.
An operating system (OS) is software that manages all of the hardware resources associated with a computer. That means that an OS manages the communication between software and hardware. Learning Linux operating systems is an essential and inevitable step in cybersecurity because Linux covers about two-thirds of the world's servers, including macOS, which is also based on Linux. Linux-based operating systems run on servers, mainframes, desktops, embedded systems such as routers, televisions, video game consoles, and more.
It is important to understand how to navigate the Windows file system and command line as it is heavily used across corporate environments of all sizes. During penetration testing (or ethical hacking) engagements, hackers will often need to gain access to a Windows host. Additionally, many servers run on Windows, and most companies deploy Windows workstations to their employees due to the ease of use for individuals and centralized administration that can be leveraged using Active Directory.
Related read: How to become a cybersecurity analyst.
Bash is a command-line interface language used to make instructions and requests to operating systems like Linux. As hacker, learning how to create bash scripts (which are a collection of commands) will help you harness the full power of the Linux OS by automating tasks and enabling you to work with tools.
Python is a powerful entry-level programming language to learn for hacking because it’s versatile, relatively easy to learn, and plays an important part in compromising systems and networks. You’ll use it to:
Automate tasks
Write custom scripts
Scrape data from the web
Analyse packets and data
Identify and develop malware
Reminder: We have a welcoming community, so if you have more questions about hacking feel free to ask us directly on Discord.
Related read: 7 Powerful pentesting tools (and why you should stop pedestalizing them).
Most (normal) humans won’t sufficiently understand all this new information overnight if they learn to hack from scratch. So give yourself enough time to develop a firm grasp of the fundamentals. Continuing the magic analogy, don’t just memorize spells and wave a wand; know why you’re casting the spell, how it works, its weakness, and strengths to adapt it to any scenario and target!
The importance of this can’t be emphasized enough; you will rely on this base of knowledge and skills repeatedly throughout your hacking journey.
So while you might be bursting with enthusiasm to get started with the wonderful wizardry of hacking, I’d suggest that you take a little bit of time to develop an organized plan or schedule for studying to master the basics. This will help you:
Prevent feelings of overwhelm and burnout.
Measure your progress and keep track of your journey.
Overcome the inevitable frustration and hurdles that are perfectly normal when learning new skills.
Let’s say you have two hours per day to study, I would say spend at least four-eight months on the fundamentals while watching some retired content videos on YT. Give yourself two months for each domain: Networking, Linux, Windows, and Python plus any scripting like bash/powershell (optional) to build a strong foundation. This realistic approach combined with guided cybersecurity courses and practical cybersecurity exercises means you’ll hit the ground running!
(A scan of the open ports on a network. Executed on a live practice target via our Academy's in-browser tool, Pwnbox. Click here to try it yourself.)
Below are two different potential training plans from two hackers and content creators here at HTB, IppSec, and 0xdf. The purpose of showing both is to demonstrate there is no absolute answer that applies to everyone. Find what works for you and adapt as you go!
Ippsec’s recommendations
Establish your methodology: Use the guided step-by-step learning, read write-ups (tutorials), or watch videos and work alongside them. Don’t worry about “spoilers” ruining your learning experience, there will always be more challenges and opportunities to learn.
Validate the methodology: Watch a video in its entirety, then immediately do a challenge. If you are short on time, then divide the machines parts, for example watching up to the user flag and then solving the machine.
Work on memory retention: Add some time between watching the video and solving the machine. Start off with a few hour break between the video and solving the machine. Eventually, graduate up to waiting a day between. Don’t be afraid to go back and watch the video when you are stuck on a part for 20-30 minutes.
Make hacking muscle memory: Watch multiple videos but solve the machine yourself days later. Having watched multiple videos or read write-ups before solving the box will really test your skills.
0xdf’s recommendations
Note-taking is key. Writing something down is a great way to lock in information. Create some key sections in a way that works for you. I use markdown files in Typora, but find what works best for you.
When you first start, you are missing a lot of the information needed to complete a machine. Work alongside write-ups / video solutions, but don’t copy and paste. Type commands in, and make sure you understand what they do. Quiz yourself about what would happen if you changed various arguments in the commands, and then check if you are correct. Record the tools and syntax you learned in your notes for future reference.
Once you start being able to predict what the write-up author will do next, start working out ahead of the write-up/video. Try the various techniques from your notes, and you may start to see vectors to explore. When you get stuck, go back to the write-up and read/watch up to the point where you’re stuck and get a nudge forward. Make sure to update your notes with the new techniques you’ve learned.
Over time, you’ll find your notes contain more and more of what you need to explore a box. The secret is to find the balance. The more you practice, the less you want to rely on walkthroughs. That said, even the most talented hackers will often work in teams because anyone can get stuck.
From absolute beginners to high-level cybersecurity professionals, Hack The Box makes learning how to hack a fun, gamified experience for millions of hackers around the globe. You can start by learning the foundational fundamentals, transition into hands-on training that forces you to compromise realistic environments, compete in Capture The Flag events, and even land your first cybersecurity job. (I got my first ethical hacking job thanks to my public HTB rank.)
But where should you start based on all the different options that we offer?
HTB Academy: If you’re starting from scratch, the Academy will get you upto speed with step-by-step training on different hacking skills and topics. So if for example you have zero knowledge of networking, or want to master a specific network reconnaissance tool, like Nmap, the Academy will provide you with guided theoretical training and interactive exercises on live targets to reinforce your skills.
HTB Labs: Test, grow, and prove your practical skills with a massive pool of hackable environments that simulate up-to-date security vulnerabilities and misconfigurations. New labs are added every week, ensuring the content is always up-to-date and the fun unlimited. Players can learn all the latest attack paths and exploit techniques. (If you’re new to HTB Labs, use the Starting Point Labs to familiarize yourself with our platform and the Machines they contain.
HTB CTFs: Compete with other hackers around the globe. Capture the flag events are gamified competitive hacking events that are based on different challenges or aspects of information security. They are excellent for experienced hackers looking to develop, test, and prove their skills because they gamify hacking concepts.
Our community is the core purpose of everything we do! We are hackers at heart.
1.8M+ Members Around The World
195 Countries & Territories
3.5k Discord Messages Every Day
5.1k Forum Threads - For Any Box
First of all, here is the Community Manifesto, how hackers behave with each other.
We believe in making an inclusive, equal-opportunity, and diverse community. We try our best to provide a safe and happy place to all of our hackers, where the only thing that matters is a passion for cyber!
To enjoy Hack The Box to the fullest, you certainly cannot miss our main communication channels, where the real magic is happening! Join our Discord and forum. We normally disclose the latest updates and new features on Discord first, so…you better be part of it.
Also on Discord, we have targeted channels per topic or skill level. Plus we are the biggest InfoSec Server with more than 200K members from all around the world. Join the discussions, ask any questions, find a study buddy, and get inspired.
HTB Team Tip: Make sure to verify your Discord account. To do that, check the #welcome channel. For the forum, you must already have an active HTB account to join.
Learn more about the HTB Community.
In order to begin your hacking journey with the platform, let’s start by setting up your own hacking machine. It will be a virtual environment running on top of your base operating system to be able to play and practice with Hack The Box. (This is the most important step for every hacker in the making.)
You can make it quick and easy by installing one of the following virtualization applications:
VMWare Workstation Player
Oracle VirtualBox
After installing your preferred virtualization software, select your operating system of choice. Here, you can learn everything about Parrot OS.
HTB Team Tip: Always install a stable version!
How to install Parrot on Virtual Box - Are you having difficulties with the installation process, or don’t have the necessary hardware or networking capabilities to run a virtual machine? Don’t give up, there is a solution. The answer is Pwnbox! Pwnbox is a Hack The Box customized ParrotOS VM hosted in the cloud. It can be accessed via any web browser, 24/7. It’s HTB customized and maintained, and you can hack all HTB labs directly. Intro to Pwnbox
Wanna see how others use Pwnbox?
How to play machines with Pwnbox by HackerSploit
How to play Pwnbox video by ST?K
Now if you still have questions we got you covered! For 99.99% of your HTB questions we have an answer and you can find them all in our Knowledge Base. This is a must visit resource for anyone who’s getting started with our platform.
Here are some friendly suggestions for something that might be crucial for you at this point:
Getting started - Introduction to HTB
Getting started - Setting up your account
Getting started - VPN access
Getting started - How to play machines
These are the must-have tools you will need to master before you dive into hacking!
Nmap: Scan the network like a pro! Add your target IP, range of ports, type of scan and hit enter!
Recommended: Free Academy Module Network Enumeration with Nmap
Metasploit: A framework that makes hacking simple. Set your target, pick an exploit and payload and hit run!
Recommended: HTB Track Pwn With Metasploit
Curl/Burp: Inspect, modify and interact with web requests like an expert.
Recommended: Free Academy Module Web Requests
Ffuf/GoBuster/Seclists: Web application fuzzing to find hidden directories, files and more is a must.
Recommended: Free Academy Module Attacking Web Applications with Ffuf
Windows OS: Popular operating system for personal and corporate use. Learn the fundamentals to hack it.
Recommended: Free Academy Module Windows Fundamentals
Linux OS: Popular operating system in the security/InfoSec scene but also for many sysadmins.
Recommended: Free Academy Module Linux Fundamentals
Starting Point is a series of free beginner-friendly Machines paired with write-ups that give you a strong base of cybersecurity knowledge and introduce you to the HTB app. You’ll train on operating systems, networking, and all the juicy fundamentals of hacking.
It is time for the classics! Pwn the following list of machines, capture the user and root flags, and complete the Beginner Track today! You’ll be feeling like a hacker. You’re almost there! Click here to get started.
The Beginner Track was a nice first hands-on taste, right? The best is coming now. There are plenty of additional resources to explore and engage before getting the 100% out of all HTB training.
Write-ups & Video Walkthroughs
Active & Retired Boxes
Other cool Tracks including: Intro to Dante, The Classics, OWASP TOP 10
HTB Team Tip: Start on your own, explore the tools, watch the videos below and then level up your hacking with our subscriptions!
HTB Watch List ??
Some recommended video walkthroughs to get started:
Active: Watch Video | Play Machine
Forest: Watch Video | Play Machine
Access: Watch Video | Play Machine
Traceback: Watch Video | Play Machine
OpenAdmin: Watch Video | Play Machine
Writeup: Watch Video | Play Machine
Author bio: Author Bio: Sotiria Giannitsari (r0adrunn3r), Head of Community, Hack The Box
Sotiria is an experienced Cybersecurity Professional and a successful Community Manager, having created engaged communities over 1 million members. Driven by technology, hacking, and growth, she has earned a BSc in Computer Science, an MSc in Cybersecurity, and is a devoted Hack The Box CTF player for over 6 years. Her past work experience includes penetration testing at Ernest and Young for 2 years, and she has been leading community efforts at Hack The Box for 3.5 years.
Hacker for Hire [2023]: How Easy is it to Find a Professional Hacker? ♂
In today’s interconnected world, the demand for hacking services has given rise to a controversial practice: hiring a hacker for illicit purposes. The phrase “hacker for hire” captures the attention of individuals and businesses seeking unconventional means to address their cybersecurity concerns. With the escalating threat of cyberattacks, protecting sensitive information has become paramount. While the majority prioritize safeguarding their digital assets through legal and ethical means, a subset may be tempted to explore the world of professional hackers.
This article aims to delve into the ease with which one can find a professional hacker and the implications that come with it. By examining the underground marketplace and the risks involved, we shed light on this highly debated topic. Join us as we navigate the intricate landscape of hacking for hire, exploring the motivations, consequences, and potential alternatives for those seeking protection against cyber threats.
The realm of professional hackers operates within the shadows, away from the prying eyes of the law. It’s a clandestine world where individuals with advanced computer skills offer their services to those seeking to exploit vulnerabilities in computer systems. These hackers possess a deep understanding of technology and exploit it to gain unauthorized access or perform malicious activities.
To find a professional hacker, one must navigate the dark web—a hidden part of the internet where illicit activities flourish. On the dark web, hacker marketplaces serve as hubs where hackers and clients can connect discreetly. These marketplaces offer a range of services, including hacking into social media accounts, retrieving lost passwords, or even carrying out targeted cyberattacks.
While it may be tempting to hire a hacker to fulfill one’s personal or professional agenda, there are significant risks involved. Illegal activities can have severe consequences, like legal repercussions and reputational damage. Furthermore, hiring a hacker can perpetuate a vicious cycle, fueling the growth of cybercrime and undermining the security of innocent individuals. Understanding the legal aspects of hacking is crucial when considering the risks involved. If you’re wondering about the legality of hacking and want to learn more, check out our article ‘Is hacking legal? 7 important questions answered’ for in-depth insights on this topic.
Hackers are of two types i.e., white hat and black hat hackers. White hat hackers, also known as ethical hackers, use their skills to uncover vulnerabilities and assist organizations in strengthening their security systems. In contrast, black hat hackers engage in illegal activities, exploiting vulnerabilities for personal gain or to harm others. The choice between hiring an ethical hacker or a malicious one carries ethical and legal implications.
Businesses and individuals should focus on proactive methods to protect their digital assets rather than using illegal techniques. Investing in robust cybersecurity systems, regularly updating software, and training employees in cyber hygiene are crucial steps to safeguard against potential attacks. One can reduce the possibility of becoming a victim of cybercrime and avoid the negative effects of hiring hackers by taking a proactive strategy. You can look into the National Cyber Security Centre’s website for those protective measures.
Governments all across the world are establishing stricter laws to tackle cybercrime as they become more aware of the risks it poses. Law enforcement organizations are trying to take down hacker networks and prosecute cybercriminals. By cooperating with authorities and reporting suspicious activities, individuals can contribute to the collective effort to maintain a safer digital environment.
For individuals or businesses seeking assistance with cybersecurity, ethical hacking services offer a legal and responsible solution. Ethical hackers can be engaged to conduct security audits, identify vulnerabilities, and provide recommendations to enhance digital defenses. By employing ethical hacking practices, organizations can stay one step ahead of potential threats without resorting to illegal means.
Promoting cybersecurity education and awareness is vital to reducing the demand for hackers-for-hire services. By empowering individuals with knowledge about cybersecurity best practices, we can collectively foster a more secure online environment. Education initiatives, public awareness campaigns, and industry collaboration are crucial components of combating cybercrime effectively.
As technology continues to advance, the world of hacking and cybersecurity evolves alongside it. New threats and vulnerabilities emerge, challenging security professionals to adapt and develop innovative defenses. To stay protected in this ever-evolving world, it is crucial for individuals and organizations to stay up to date on the latest trends in cybersecurity.
The ease of finding a professional hacker in today’s digital landscape is a concerning reality. However, it is crucial to understand the risks and consequences associated with such actions. Instead of resorting to illegal means, individuals and businesses should focus on proactive cybersecurity measures and ethical hacking services. By prioritizing education, awareness, and collaboration, we can collectively mitigate the demand for hackers and build a safer digital world. Let us remember that security and ethical responsibility go hand in hand when navigating the complex realm of cybersecurity.
Hiring a hacker for illegal activities is against the law in most jurisdictions. Engaging in unauthorized access to computer systems, stealing personal information, or carrying out cyberattacks is a criminal offense. It is essential to abide by the laws and seek legal and ethical alternatives to address your cybersecurity concerns.
There are legitimate scenarios where hiring a hacker, known as an ethical hacker or a penetration tester, can be justified. Ethical hackers help organizations identify vulnerabilities in their systems and assist in strengthening their security measures. However, it is crucial to ensure that the hacker you hire is certified, reputable, and operates within legal and ethical boundaries.
To protect yourself from hackers, it is essential to implement strong cybersecurity practices. These include regularly updating your software and operating systems, using strong and unique passwords, enabling two-factor authentication, being cautious of suspicious emails and attachments, and avoiding sharing sensitive information online. Additionally, investing in reliable antivirus and firewall software can help detect and prevent potential attacks.
Hiring a hacker for illegal activities can have severe consequences. You not only expose yourself to legal repercussions but also risk damage to your reputation and financial loss. Moreover, engaging with hackers can perpetuate cybercrime and contribute to the overall insecurity of the digital environment. It is crucial to consider the ethical and legal implications before considering such actions.
To find ethical hacking services, it is recommended to engage with reputable cybersecurity firms or individuals who specialize in ethical hacking. Look for certifications such as Certified Ethical Hacker (CEH) or Offensive Security Certified Professional (OSCP) as indicators of expertise and professionalism. Conduct thorough research, read reviews, and ask for recommendations to ensure you are working with trustworthy and legitimate ethical hackers.
Related questions
I don’t have the ability to access external databases or websites, including Hacker News. However, you can find the "Who’s Hiring" thread for July 2019 by searching on the Hacker News website under the "Ask HN" section or checking the archives for that month. This thread typically features job listings from various tech companies and startup positions. If you need help with something specific, feel free to ask!
评论已关闭