So, this is my first post on this platform, and I haven’t really figured everything out yet so this might contain a lot of rambling (I’m kind of just letting out my inner thoughts here). When I was young, my dad sat me down and told me a life lesson that basically shaped the way I’ve viewed achieving my dreams my entire life.
A beautiful quote, feel free to have it framed and make sure to let them know it came from my blog so that I’ll be able to add it to my OSCP fund and afford that after being on here for a decade or two. Either way, breaking down complex problems into simple steps is kind of how my brain works at understanding things so I’m going to write them off in a nice numerical list and we’re going to figure this out together.
- Figure out what you want to do
- Find what you need to get there
- Find how to get those things
- Do them
1. Figuring out what you want to do
So you want to be a Penetration Tester
… or a “hacker”. In that case I would recommend you get a stick and head towards the nearest bush and start trying to see if you can knock it in just the right way to where it looks nicer than when you started because it will save you a lot of time and effort compared to the other way I’m going to start yapping about.
First off, I should probably explain what a Penetration Tester is.
So there’s kind of a pyramid when it comes to the whole “find vulnerabilities and show how a malicious actor might break in to your system” kind of thing. Enjoy a beautiful visual cooked up by me in Paint.NET:
Starting at the bottom is the vulnerability scan. Here we’re trying to DETECT vulnerabilities by scanning our hosts. This can be done using automated tools, check out Nessus some time (You’ll use it for your Pentest reports too).
If you don’t feel like googling Nessus, you probably won’t like Penetration Testing because 90% of it is “Oh this website is made with [Insert_CMS_Here], let me google exploits for it” etc. etc.
Here’s a David Bombal video i found after a few seconds though:
(Woah, cool embed)
Anyways, Penetration Testing is the step after that where you try to do Reconnaissance and gain Publicly available or Open-Source information (OSINT) on a target, scan target systems for ports, services and vulnerabilities. Going past the Vulnerability scan they attempt to gain unauthorized access to target systems and networks, exploiting the vulnerabilities they found while they were in the scanning phase. Finding ways to maintain persistent access to a system to assess the impact of a successful compromise, and then trying to clear their tracks (deleting logs, removing or modifying files, etc.). Just don’t go deleting important company files and such, because I don’t think they’ll appreciate it if you do.
And would you look at that, we covered the FIVE STAGES OF ETHICAL HACKING, woooooo. Also, you write a report at the end, TCM’s Practical Ethical Hacking course covers this pretty well, their training is pretty good, I did all of their PNPT training prep and dedicated a large chunk of my Notion notes to it. Good stuff, though out of everything I’ve learned, I still find OSINT the scariest.
Going past Pentesting we have Red Team Engagements, which are like Penetration Tests, but you’re trying to be very quiet, sneaky, and realistic. Maybe you’re doing social engineering or trying physical methods. The engagements are much longer than Penetration Tests and are more to be as realistic as possible.
BOTTOM LINE:
- Vulnerability Scans are AUTOMATED
- Penetration Tests are SHORT and LOUD
- Red Team Engagements are LONG and QUIET
So, Penetration Testers find information that leads to finding vulnerabilities that leads to finding out how to exploit those vulnerabilities that leads to maintaining access and testing how a company’s defenses react, and then writing a report on it.
And now, I’m going to ask you to watch this video (if you haven’t already):
Still interested? Cool! Now we know WHAT our Goal is and what they do. We want to be a Penetration Tester, test vulnerabilities, spend 80% of our time enumerating, exploit vulnerabilities and feel awesome for a bit and then write up some reports.
Lets move onto step 2
2. Finding what you need to get there
If you did the little homework assignment I gave you above, you know that Heath Adams described Pentesters as “Three Headed Beasts”
Penetration Testers must:
- Write & Perform Technically
- Write & Communicate at a High (Non-Technical) Level
I kind of fit that into two points but it still gets the point across. In a report you’ll have a section that goes over everything at a high level for the executives and other non-technical people before going into the technical details section where you go through each vulnerability and provide screenshots and explanations so that the security people know exactly what you did, how to recreate that, and how to fix those things.
So we need to be technical enough to do the job, and we need to be able to communicate and explain what we did technically and non-technically, but HOW do we get the job in the first place?
I will preface this by saying I do not have a penetration testing job, but I HAVE been trying to get there for a few years now so I know a thing or two about the “industry standard requirements,” and for the field of Information Technology, Networking, and Cyber Security….
Welcome to the wonderful world of Certifications!
The main industry standard certification for penetration testers at the time of this article is the OSCP, also known as OffSec’s PEN-200 (Those are the Try Harder people)
They even have a song: https://www.offsec.com/blog/say-try-harder/
but yeah, that cert is going to dump over $1000 from your wallet to grab it unless you find some discounts, so may I recommend another growing certification:
TCM Security’s PNPT: https://certifications.tcm-sec.com/pnpt/
I was going for this one first because it includes 50 hours of training material and its $500 instead of >$1000, and THEN going into the OSCP to get the industry seal of approval, and the self confidence boost of “I actually did it, now I can feel like I actually know my stuff and people will act like I do and I could get hired for the thing I’ve been preparing myself to do for years”
But yeah, TCM also has a cert called the PJPT, basically just the Practical Ethical Hacker course, I DO have that certification actually, and if you’re interested in cyber security I recommend getting that cert either way just because it dips your toes in the water a bit and really helps you understand the Penetration Testing methodology and how they work.
TCM also has a lot of other certifications, a SOC Analyst focused one coming soon from what I hear, so that is very cool. Overall their content is very good.
So to get to be a Pentesting job we need:
- 1337 H4x0r Sk1llz
- Written & Verbal Communication skills
- Technical and Non-Technical Communication skills
- OSCP most likely (Which requires the technical skills mentioned in the first bullet point)
3. How do we get those things?
So, now we know what we want to do, and what we need to get there. How do we get the things we need?
Like anything else, we need practice. We need to gain knowledge and practice the skills we gain using the knowledge we have and put that into practice. When we have a good enough understanding of said knowledge, we can explain to others.
When learning literally anything, practice makes perfect. Riding a bike, driving a car, shooting a bow, doing a backflip, getting all of the golden strawberries in Celeste, all of these things require time invested into just doing that thing over and over and over and over and over until it sticks, and then you keep doing that thing so you don’t become rusty or forget how to do it.
So, while I probably won’t be giving any classes on communication skills besides practice makes perfect, and “practice explaining things to other people” (which is part of what I’m trying to do to here, helps make sure I know my stuff), I can provide some FREE resources.
Yes, FREE. Hacking doesn’t require a 10 grand down payment to teach you how to do an nmap scan, truly incredible.
I have heard soooooo many people say they want to be an ethical hacker. I go to a class in university and at least half of the people want to do it, but I only know a few who actually know what they’re doing. This is fine, college is a place to learn after all, and not everyone gets as obsessed over their future 9 to 5 as I do. However, being obsessed over your 9 to 5 is part of the Pentesting experience so here I go introducing you to what could very well become your next obsession as you try to complete Tryhackme boxes to see that silly rank number go up and be like “man I’m getting good at this” and then get stumped on a box labeled “Easy” that used an obscure exploit involving the Almquist shell (Which sounds like some kind of relic from Harry Potter or Lord of the Rings, but I digress). Either way, you learn from that stumped-ness, write it down in your notes (YES YOU HAVE TO TAKE NOTES, there is no way you’re memorizing all of this information and having it all on an easy to search document that isn’t google searching to find the same page for 10 years scrolling through useless pages that don’t help you in the slightest)
If you want to do Pentesting, you want a solid base of the fundamentals: Windows & Linux, Networking, and Programming. It is upon this rock that you build everything else upon.
Or 5 pillars, here’s your fancy github article (Has lots of resources): https://github.com/DFIRmadness/5pillars/blob/master/5-Pillars.md
Step one: NOTE TAKING APP
TAKE GOOD NOTES, DO IT, YOU WILL THANK YOURSELF LATER
whatever works for you, you don’t have to make a college textbook, just write a little line that says “reverse shell listener” and under that say “nc -lnvp [port]” and you’re good to go.
I use Notion: https://www.notion.so/
It has a nice sorted directory structure that reminds me of how folders were laid out in IntelliJ Idea on my little sidebar and that’s how I like it.
But also, it has cloud storage, and I find that very convenient.
Sometimes when you say this, people will tell you to just create and host your own cloud. Sure, you can if you want to and you have the resources for it, go ahead. I’m planning on doing that as my own little lab as a little treat for myself, but I need more computers so I can have a server running all the time (You can never have enough)
Anyways, a lot of people also like Obsidian: https://obsidian.md/
Obsidian has this cool mind map thing that if I used would probably have enough wrinkles to look like an actual brain at this point. Very fun.
I also heard about cherrytree: https://www.giuspen.net/cherrytree/
Writing notes is cool because later you can check through them and it’s like you have your own little google and its great.
To be honest you can use google docs for all I care as long as it works for YOU.
But now that you have that taken care of…
If you want to get into hacking and have som FREE Resources, I would start here:
- Full-Length Hacking Courses by The Cyber Mentor (YouTube): https://www.youtube.com/playlist?list=PLLKT__MCUeixqHJ1TRqrHsEd6_EdEvo47
- Watch Part one and two of the Ethical Hacking in 15 Hours 2023 edition. It’s the first 15 hours of their PEH course for their PJPT certification, just not updated frequently like they do for their PEH course (But it’s still good and its free and this is what we want).
2. Free TryHackme Stuff:
- https://tryhackme.com/r/resources/blog/free_path — Official “Free Path” post
- https://github.com/winterrdog/tryhackme-free-rooms— 392 Free Rooms in Tryhackme sorted into categories
- Tryhackme is the ultimate beginner’s hacking spot next to The Cyber Mentor. Contains a bunch of walkthroughs and labs and plenty of information to start learning and understanding this material.
By this point you have had 15 hours of video content, and many hours of labs and written content to go through at no cost to you. The idea that you need to spend a bunch of money to learn hacking is a myth, all you need is a functioning computer that can run kali linux (The recommended specs are 2GB of RAM and 50GB of hard disk space, though most people’s VMs will have way less hard disk space than that, you only NEED 20GB)
For learning how to set up a kali linux virtual machine, might I recommend Virtualbox
Have a 6 minute video (3 Minutes at 2x speed, just like the doctor ordered):
Anyways if you particularly like web hacking:
3. PortSwigger Labs: https://portswigger.net/web-security
- Web stuff, web labs, all the web stuff, wowsers
Also, I’m going to put a few extra resources out here that are free for other things:
CCNA Network Engineering Course by Jeremy’s IT Lab (YouTube): https://www.youtube.com/playlist?list=PLxbwE86jKRgMpuZuLBivzlM8s2Dk5lXBQ
- Do you LOVE networking and want to get into the nitty gritty details and learn all the routing and switching? Here’s 122 videos including a bunch of packet tracer labs and enough Anki notecards for you to go crazy with. Basically a college course on its own, if not two.
CompTIA Cert Training by Professor Messer (YouTube): https://www.youtube.com/@professormesser
- These are industry standard certs, for cyber we mostly care about Security+ but the other two are also industry standard. All of them together help you get a well-rounded “I know IT stuff” mindset to get a help desk job or what have you.
Hack The Box: https://www.hackthebox.com/
- I would say jump here after you’ve done some Tryhackme and you know you want to get into the field, then try out the TJ Null list to prep for OSCP (Most likely after you do the PNPT courses because those are just great courses)
- TJ Null List: https://docs.google.com/spreadsheets/u/1/d/1dwSMIAPIam0PuRBkCiDI88pU3yzrqqHkDtBngUHNCw8/htmlview
- Look he has his own OSCP prep guide: https://www.netsecfocus.com/oscp/2021/05/06/The_Journey_to_Try_Harder-_TJnull-s_Preparation_Guide_for_PEN-200_PWK_OSCP_2.0.html
I listed a lot of stuff, which might seem overwhelming, but if nothing else just start with the Ethical Hacking course videos and chip them away bit by bit, maybe an hour or so a day over two weeks, or two hours over one or however long works for you.
Then go to the free Tryhackme Material and do some of that if you’re still interested and see if you’re still interested after that.
Then I’d recommend doing the PJPT from TCM Security.
After all that if you still want to do this, then hit the PNPT and OSCP, get an IT job and you’ll get there eventually, I believe in you, I am right there with you and so is everyone else.
Additionally, getting involved in communities is always nice, The Cyber Mentor, HacktheBox, and Tryhackme all have discord servers. So do youtubers like NetworkChuck and Professor Messer. I’m sure you can find somewhere to fit in.
Some YouTube channels for IT and hacking in no particular order:
- TheCyberMentor: https://www.youtube.com/c/thecybermentor — Lots of hacking content
- John Hammond: https://www.youtube.com/@_JohnHammond/videos — Cybersecurity & Hacking content, has done a few Tryhackme streams
- NetworkChuck: https://www.youtube.com/@NetworkChuck — Lots of IT / Networking / Hacking content all over, very entertaining
- Loi Liang Yang: https://www.youtube.com/loiliangyang — Hacking stuff, also some AWS stuff (Cloud stuff)
- David Bombal: https://www.youtube.com/channel/UCP7WmQ_U4GB3K51Od9QvM0w — Networking, hacking, I like to listen to his interviews in the background sometimes
- Professer Messer: https://www.youtube.com/c/professormesser — Used his video playlists to get my CompTIA certifications
- Unknown Artists — Cyber Threat Division: https://www.youtube.com/watch?v=Z4LgOJvCudc — Hackthebox / Malware Dev / other Pentesting stuff
- IppSec: https://www.youtube.com/@ippsec — THE Hackthebox OSCP prep walkthrough guy, very cool stuff
- JackRhysider: https://www.youtube.com/@JackRhysider — Very cool Darknet Diaries podcast full of stories and stuff
- Jeremy’s IT Lab: https://www.youtube.com/@JeremysITLab — Mostly Cisco courses, great CCNA content for networking enthusiasts
- Rhana Khalil: https://www.youtube.com/c/ranakhalil101 — LOTS of Web Hacking
You don’t have to watch all or even any of these, but people like watching YouTube videos, and these talented people might give you ideas or help spark the fires of your passion for cybersecurity and IT even more, so I suggest finding who interests you and checking on their stuff once in a while to keep that passion going.
4. Now do it!
And now, my dear reader, if you have made it this far I just want to say thank you. I am still very new to this whole blogging thing and even though I’ve been studying and working hard for years I’m still new at this cybersecurity thing too (or I think I am because of my lack of work experience, but either way). I’m just out here trying to do my best to channel my passions into something that can help people, and so that maybe I’ll be able to get my job and look back and be like “wow, I’ve come really far”.
I came into tech because I wanted to help people, because advancements in tech can help thousands if not millions of people worldwide. So I hope, even if it wasn’t for tech that I could help you, or maybe you can apply the goal making strategy I’ve found to other goals in your life, I apply it to fitness and everything else as well.
You know you want to be a penetration tester
You know you need the technical and communication skills to perform a penetration test, write a report, and explain it to an audience of technical and non-technical people
You know that jobs want the OSCP certification
You know what free resources you can use to gain the knowledge you need to pass the OSCP exam and get the technical skills required for becoming a Penetration tester
And now…
The rest is up to you. So go out there, tackle whatever dreams you have with all you’ve got, even on those days when what you have is no motivation, imposter syndrome, a lack of confidence in your abilities even after years of practice, and a desperate need for coffee and some good food.
Get out there and do a little bit every day. Don’t make it your whole life, I’ve made that mistake and it can lead to burnout or forgetting important parts of your life outside of the whole cybersecurity thing. Because life isn’t just cyber, or hacking, or the money you get after finally landing that sweet cyber security 9–5 job. We work hard to get knowledge so that we can work to get a degree so that we can work to get a job that we can work in to get a better job so that we can work in to make a living until we retire and have a bunch of money when we’re too old to make the most of the funds we have.
What I’m saying is, go after your dreams, but don’t make it your whole life. Make time for your family, friends, loved ones, and for yourself! Don’t forget to have fun!
And with that, I hope you have a wonderful day, thank you for reading, and good luck.