Hacking can be easy, agreed. It’s just that most of the times, it is not. You should take your time to develop your technical skills, else you’ll get lost.
Decided to put together a straight forward roadmap if you find hacking fascinating.
Stage 1: Get your hands on keys
- Learn HTML and Javascript (see, w3schools.com).
- Learn Bash scripting (and CLI).
- Learn SQL (even if it’s the basic stuff).
- Learn Python (or Java, C#).
Stage 2: Learn networking
There are some free networking resources on Hackers Arise, you should check them out.
You can as well look online for things like “Network basics for hackers” and go through as much contents as you want (nobody’s stopping you).
Okay, I recall that you’ll have to understand TCP/IP basics, HTTP, network masks, subnetting, DNS, and similar stuff.
They might seem boring, and overwhelming but knowledge of these things would be helpful, really.
Stage 3: Try some shortcuts
Well, they are not really shortcuts. 😀 You should consider downloading Burp Suite and configure it with your browser.
Also, this is the time to learn how to use the proxy and the Repeater (it’ll shock you what you’ll get done with them over time).
For practice purposes, whenever you visit a website, you should look at the real HTTP requests of the site (you might find something fascinating, I always do).
Stage 4: Build a web application
If you’ve got to this point, you must be someone with coconut head. It’s time to build a web application with HTML/JS/Python(Flask)/SQL. Remember, I asked you to learn them earlier, right?
It is okay to search online for tutorials to build a web app with that stack though, maybe Youtube.
Whilst building your web app, make sure to implement functionalities like creating posts, logins, storing data…and other shii like that.
See, just implement anything that helps you understand how these components work together; because to break any web app, you must first understand how they actually work.
Stage 5: Study web vulnerabilities
You are really serious fam, for you to have built a web app…I greet you chief. Now that you are confident you understand how web applications work, it is time for you to study web vulnerability types.
- Search online for “Owasp Top 10”.
- Read Web hacking 101 by Yaworsk.
- Go through HackerOne’s Hacktivity page.
Stage 6: Keep Studying
You think you’re done studying? Your knowledge gets obsolete if you stop studying.
- Go through PentesterLab.
- Go through the Hacker101 free course.
- Learn about reconnaissance (don’t call me to help here though).
Highlights on Cybersecurity Reconnaissance:
- directory bruteforcing: ffuf.
- subdomain enumeration: subfinder, findomain, amass.
- portscanning: nmap, masscan.
Stage 7: Do the hacking
Make ah no lie you chief if you learn everything and you no do am, na waste.
For starters, I always recommend trying government vulnerability programs to build confidence. In this case, the most structured I have seen is the US DC3DVP.
I advice you to ACTUALLY develop your technical skills by learning from others and by doing. DOn’t be tempted to even use Vulnerability scanners. If you do, you are a cheat, a lazy ass fool, and not ready to learn or grow and You will surely fail in this path.
Stage 8: Have patience
You don’t learn to cook in a day. This thing is a process, you start with someone else’s cooking tutorials and gradually, overtime, you become proficient to make your own recipes. Learn to love the learning process.
Omooor…I’m tired of typing already o…but let me refresh your memory on the process:
- Learn to code.
- Learn networking.
- Learn web vulnerability types.
- Practice through studying.
- Learn how to do reconnaissance.
- Try VDPs or bug bounties.
I can as well wish you the best. Just be consistent, I’m not too cool a person.
If you need help, you can send me a message on Twitter.