Practical Hacking Skills | Beginners

InfoSec General

First big step: Go and search for HackTricks Book.

That will open the gates of many things, with proper and updated links for tools and videos.

We are talking about Hacking Web, Internal and External networks/services, Mobile applications, and Reverse Engineering on the top level.

Talking about Tools to cover all this topics plus: Privilege Escalation, dropping Shell, pivoting, exfiltration, persistence, etc.

WebApp hacking? search for OWASP cheet sheets.

I can’t stress enough that this must be on your check list, or always RTFM for web.

Want to practice? Get this Virtual Machines to play with:

OWASP Juice Shop

Damn Vulnerable Web Application (DVWA)

Need more juice for practice almost ANY target?

On Github: awesome-vulnerable-apps

With these links you will be covering a huge % of that you need, just download your fav infosec distro, like kali.

Looking for other paid tools? Dr FarFar web

Reverse Engineering material?

First, acknowledge which path you are interested into, mostly we can divide it by architecture: x86/x64 or ARM, for example. Bear in mind that you have IL languages as .NET and Java for example, that provides a layer of abstraction for the architecture. And you can directly work with specific tools for them.

Best approach? look for cheat sheets.

Long one? download Intel and Arm arch / IL SDK manuals.

Middle/Grey area:

OS Protections. From NX to ALSR, CFG,

Examples:

  • hxxps://wiki.ubuntu.com/Security/Features

  • hxxps://docs.microsoft.com/en-us/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10

App Protections. Mostly used in Paid Software / Games

Themida, VMProtect, etc

Then we can divide in what are you interested on?

  • Exploits

  • Malware RE

  • Cracking Software

  • Mobile Hacking

Each topic is huge, there are lot of tools we can say are used as base for anything, like disassemblers, debuggers, and specific tools/frameworks designed to cover and give you the tools to write your own stuff.

One first step would be this book, and their practice materials:

hxxps://beginners.re/

hxxps://challenges.re/

HackadayU: Reverse Engineering with Ghidra (videos)

hxxps://www.youtube.com/playlist?list=PL_tws4AXg7auglkFo6ZRoWGXnWL0FHAEi
This a huge topic and a lot to cover up. Please ask within the thread any specific question.

A lot of guys do Capture The Flags, which include a huge set of skills, and play with new challenges.

You can start with hxxps://overthewire.org/wargames/

There are no shortcuts, move your ass if you want to really learn and practice.

NOTE: I am not related to any of the specific links, tools, sites and people mentioned in this topic. Is Public Information.

NOTE2: Don’t DM me. Ask here so everyone can brainstorm and contribute.

Happy learning!

6 Likes