Ask HN: How to start learning about information security and hacking?

12 points by cthuluforprez ↗ HN
I would like to learn more about information security and hacking in general. Any recommendations to where should I start?

Edit: I would like to know about resources which are generally free. Thanks!

5 comments

[ 0.21 ms ] story [ 17.5 ms ] thread
owasp website is the #1 resource for this.
PentesterLab, make sure you check the bootcamp and the free stuff first
I once found cybrary.it but have no idea how good they are
Here are a few resources:

https://www.reddit.com/r/netsec/ General news about netsec

https://github.com/enaqx/awesome-pentest List of tools and resources

https://github.com/wtsxDev/Penetration-Testing Another list of tools and resources

https://www.hackthebox.eu/ Hands on hacking (OSCP style) but free, unless you want to pay for a VIP version and get access to even more machines.

https://www.vulnhub.com/ Individual VMs you can hack into, most of them providing walkthroughs.

Web application wise I'd suggest starting with https://www.owasp.org/index.php/OWASP_Juice_Shop_Project which is a modern version of the "damn vulnerable web app (DVWA)".

These may look quite "massive" for a beginner but I think it's the best way to start. The approach I would suggest would be to go download a VM from vulnhub and read its walkthrough. Then learn to use the tools in that walkthrough (each machine may use a tool in a different way) until you're confident enough to make an attempt on your own.

Hope this is helpful!