Ask HN: How to start learning about information security and hacking?
I would like to learn more about information security and hacking in general. Any recommendations to where should I start?
Edit: I would like to know about resources which are generally free. Thanks!
5 comments
[ 0.21 ms ] story [ 17.5 ms ] threadhttps://www.reddit.com/r/netsec/ General news about netsec
https://github.com/enaqx/awesome-pentest List of tools and resources
https://github.com/wtsxDev/Penetration-Testing Another list of tools and resources
https://www.hackthebox.eu/ Hands on hacking (OSCP style) but free, unless you want to pay for a VIP version and get access to even more machines.
https://www.vulnhub.com/ Individual VMs you can hack into, most of them providing walkthroughs.
Web application wise I'd suggest starting with https://www.owasp.org/index.php/OWASP_Juice_Shop_Project which is a modern version of the "damn vulnerable web app (DVWA)".
These may look quite "massive" for a beginner but I think it's the best way to start. The approach I would suggest would be to go download a VM from vulnhub and read its walkthrough. Then learn to use the tools in that walkthrough (each machine may use a tool in a different way) until you're confident enough to make an attempt on your own.
Hope this is helpful!
For practical learning there is a great list of tools here: https://news.ycombinator.com/item?id=17166545
Also join an open source project you like and help out for hands on experience, eventually you'll do well and build a reputation for yourself. (this is worth more than any certification in case it's a job you're after)