A simple guide to become a Hacker 👨🏻‍💻

scr1pt_k1dd1e starter pack

Before we start

I do not pretend to be a master hacker !

However, I think that my point of view can be useful to anyone wanting to begin in cybersecurity.

Yes, cybersecurity is a small word to represent such a huge field.

To be more precise, this post is aimed to people wanting to jump into Ethical Hacking at any level.

I made several mistakes in my learning path but this made me grow up. 📈

I’ll list every step I would take if I had to restart from the beginning !

One more thing, feel free to make any suggestion to this post by contacting me on Discord / LinkedIn.

What do we aim to be ? 🎯

We aim to be someone who knows how to cleverly break things in the most efficient way.

Moreover, this is even better if we know how to repair the things we broke !

To do so, we want to [be able to] understand what we come across.

i.e : “How can I dev a cheat for my favorite video-game ?”

Reverse engineer it, understand how things interacts with each other, write a program that modifies the behaviour of the game…

All of this would not be possible if you weren’t curious and fully involved.

A hacker doesn’t care how much time he’s working if he knows that this will help him to do what he needs to do.

To be a hacker is a way of life (like DevOps would say).

Be interested, ask yourself questions, answer those questions ! 🤓

👶🏻 Level 0 : let’s setup your workspace

First, let’s setup your h4x0r workspace.

This is important that you learn how to set it up by doing it yourself.

Your setup will evolve with what you’ll feel the most interested (web hacking, reverse engineering, malware development…).

In general, everything you’ll need to start is a Linux/MacOS machine + a Windows machine !

This doesn’t mean that you need 2 PCs, I invite you to use VMs (virtual machines).

I am using a Linux machine with some VMs and it’s all I need 🙋🏻.

Of course, if you are starting from the bottom, you should go for Kali Linux…

Why shouldn’t you start with Kali Linux ?

Because a black dragon as a wallpaper will not make you a hacker.

This kind of distro is aimed to people who need something with everything preinstalled.

You don’t need this because you don’t know how to setup your workspace and what tools you need, don’t skip steps.

What should you install then ?

You should install a simple and minimalist Linux distro that you will customize as things progress.

If you are using MacOS, you’ll not need to install Linux as MacOS is a UNIX-based Operating System.

Some distro that I usually advise to a beginner :

• Debian
• Linux Mint, PopOS! + every Debian based distro.
• Manjaro (is Arch-based)
• yes I didn’t advised Arch and that was hard as a Arch user.

I invite you to learn what are the differences between these distros and choose the one that fits the best to your needs.

You can now give it a name, mine is called katanarch 🤠.

Keep notes

This is very important for you to keep notes !

Your brain cannot memorize everything, feed a notebook with what you learn and keep it carefully.

I’ve been using cherrytree for 2 years but I recently discovered Notion which is accessible from anywhere.

Choose what you prefer (but please, not Microsoft Word) ! 📒

🙇🏻 Level 1 : get some prerequisites

Now, you have Linux and you are ready to hack NASA !

Actually not, because you don’t have enough IT background.

To cleverly break something, you have to know how it is structured.

Your first task will be to learn the basics of the following themes :

• Programming (start with Python, Bash and then JavaScript) 🐍
• Linux basics 🐧
• Computer networking 🌐
• Cryptography basics 🔒
• Database basics (what is SQL and some basic queries) 💽

Trust me, this isn’t a waste of time !

The skills you will gain by exploring these fields will serve you a lot.

This is very important to go step by step and to take your time to fully understand what you learn.

You may ask me “where am I supposed to go to learn this ??”… use your Google-FU !

Once you feel pretty comfortable with every subject mentionned above, you can go to the next step !

🥷🏻 Level 2 : hacking courses

You now have some knowledge in IT, let’s start hacking !

I will mention some ethical hacking courses for beginners that I have done in the past and that I liked.

Practical Ethical Hacker, TCM Security

This course has been designed so that you can begin without any knowledge in ethical hacking.

Heath Adams, the instructor, has a really good approach over cybersecurity.

Topics addressed :

• IT Basics (programming, networking, linux…)
• Five steps in a Pentest
• Exploit development
• Active Directory
• Web Hacking
• Wireless Hacking

Count 24 hours to finish it.

This course is not free (about $35 and definitly worth it) but you can find the first 12 hours on YouTube (50% of the course).

Also, Heath Adams gives some coupons sometimes.

To be alerted, follow him on LinkedIn and Twitter.

Penetration Testing Student, INE

This one is free and is also designed for people beginning from scratch.

If for any reason you don’t choose the previous course, then go for this one.

TryHackMe

TryHackMe is not a course but a challenge website (we will talk about this in the next step).

It’s perfect for anyone wanting to start and it covers (almost) every subject in cybersecurity.

I invite you to create an account and to start practicing on it, you can do a lot without subscribing.

💪 Level 3 : Challenge yourself

Here is my favorite part !

You gained some skills and you need to challenge yourself to keep learning and become stronger !

You may ask me : “how am I supposed to train myself legally ?”

In cybersecurity, the most common way to train is by doing what we call CTFs (Capture the Flag).

The goal is to find a way to hack something (a file, a system, a website…) to retrieve a hidden string called a flag.

Sign up on one of the websites below and start training :

• TryHackMe (very easy, guided, new content very often)
• Root-me (a reference, a good feeling when you validate a challenge, competitive)
• HackTheBox (a reference, considered the hardest, the most complete, its content is the closest to true pentest)

These websites must become your best-friend.

The more you will have time on these, the more you will get stronger : it’s like going to gym.

🏆 Level 4 : Competition time !

The final step is to go compete !

IRL or not, solo or with a team, these are an awesome way to challenge yourself and meet people with the same passion.

I personally love CTFs and I try to take part as many as I can with my friends or solo !

The best way to find CTFs online is to keep an eye on CTFTime.org.

To find IRL CTFs, check Discord, get closer to Universities and stay tuned.

my team and I after a CTF night at HackSecuReims

🦸🏻‍♂️ Level 5 : Help the society (+ conclusion)

This is the final step of this “guide”.

You have skills and you know where to go to become stronger.

If you’ve come this far, you love cybersecurity.

However, some companies need your skills to defend against evildoers 👺.

Use your powers to help, not for personal interests.

With great power comes great responsibility

There are many ways to do so, one of the coolest way is Bug Bounty.

Companies register on platforms like YesWeHack or HackerOne, help them by reporting their vulnerabilities and earn money for that.

You could also try to find a job, there is no shortage of space in cybersecurity (but I know that it is easy to say).

Whatever, be proud of yourself because you became a H4CK3RM4N.

I hope that this post helped you.

The hardest thing is to start when it comes to begin something new, believe in yourself and break everything ! 💥