What I’ve learned in 3 months of hacking
What I’ve Learned In 3 months of hacking
Knowledge I already had
I don’t want to create an unrealistic goal for what you personally can do In 3 months of hacking, As I see it I’m not even ready to be a Junior Pentester now. However I want to address what I already knew so it’s more clear what I’ve really learned in this 3 months.
First of all I would consider myself an advanced linux user which is something really crucial for hacking, I’ve been using linux for over 3 years now so anything related to it wasn’t much of a problem for me. Additionally basic tools and techniques like nmap, fuzzing , sql injection , LFI’s or RCE’s were already known to me since I looked at them out of curiosity in the hack the box academy platform I will later give my opinion on. So with this previous knowledge I jumped into the hacking/ctf (capture the flag) world.
What platforms I used and what I’ve learned
Let’s start with hackthebox since is the platform I used the most. I did 8 machines and 9 challenges, all the machines were easy-medium difficultty linux machines and all the challenges were from the web category. However for most of this I needed writeups at some point except with really easy challenges like Templated or machines like Trick. Overall this is the platform I learned the most from but it was also the most advanced of them all.
Next is vulnhub, I did 4 machines labeled in the page as easy-medium that felt like a piece of cake for me. I started using vulnhub when I ran out of easy-medium linux machines in hackthebox. I would say Vulnhub is a way easier platform yet I have also learned from it and it also helped me to get a confidence boost.
Now in terms of courses platforms I used hackthebox academy and tryhackme and honestly I regret not having tried tryhackme before. In my opinion tryhackme is a way better platform than hackthebox academy and is also more beginner friendly and has way more free courses. I also wanted to mention picoctf since I used it, however I didn’t get much out of it since challenges were either a piece of cake or I didn’t knew where to start, I think the general knowledge challenges are great and help you in most cases learn basic linux but I already had that covered.
Lastly I wanted to mention I also learned Bash scripting which “changed my life” I strongly advice everyone to learn it because is such a powerful tool. To learn it I just used a couple youtube videos and then I just coded by myself some ideas I had. Some examples are a bitcoin tool or a quick script to automate a mpdf LFI vulnerability that was present in the faculty hackthebox machine.
Advice
Now after this three months, what would I recommend my past self to do?. Well First of all start with tryhackme and leave hackthebox for later because is way more advanced. Also learn about windows because I’m still quite new to the windows hacking scene. I would also say not to use Kali or Parrot, I feel way more conformable with my daily drive linux and just installing the tools I need. Nevertheless you should give them both a try because you may like them, I just don’t stand debian-based distros (Although I have to use them to manage my servers).
However the most important piece of advice is to take notes of mostly everything new you learn or things you know but you have to search on the internet because maybe you forgot a parameter of something like that. I just create markdown files related to a topic/tool I feel is a easy and really comfortable way of note taking and they are also easy to read.
Conclusion
I have improved a lot in this 3 months even though I am still a noob. However I’m looking forward to keep improving and doing ctf’s. Also I’ve learned to cope with frustration and procrastination a lot. I honestly recommend everyone to get off social media, stop listening to music while working and just focus on what you’re doing. Now sadly I’m going to be more inactive as college is starting soon but I will now migrate all my writeups to this platform and I will also add new ones. Keep on grinding!
TL;DR
If you are a newcomer use tryhackme before hackthebox,learn linux but don’t let windows rust and most important of all take notes.