Journey of a newbie

First, thank you for having time to read (and even comment!) on my topic today. The whole topic of coding, programming, and cybersecurity has been astronomically increasing in trend over the last couple of years. Here’s the issue, trends are typically and eventually hogged by online revenue makers - aka content creators- leaving all the useful information like a needle in a sh*t load of useless content. Why am I bringing this up? Because I want to share my findings of some sources that were quiet interesting, and I would love if I get recommendations in return!
The goal here, and as it was for me 6 months ago, was to be well rounded and informed in the cybersecurity topic. In addition to that, I wanted to learn a computer “language”; thus my choice was Python for different personal reasons!

  • TryHackme : very interesting website, I consider myself fairly informed, and found how these people treat you amazing. They’re literally acting like they have a journey to teach, a stick. Literally!! This really helps them put every little detail you should have known or will be knowing upfront. Starting out with the simplest terms and ideas, and building upon it. With great paths to choose from, and even many rooms and topics to try. Finally they have their own vm for you to experiment with, very interactive!
    For python, to be honest I’ve been jumping from YouTube videos to browser links, trying to scrape as much useful info as I can on a note sheet. If you have some good resources and recommendations, I would highly appreciate it.

Overall, after 6 months between being lost and slowly progressing, I ended up on this forum, still motivated and hungry for help :sweat_smile:
So my advice, watch for the time wasting content, schedule your time and track your progress, good luck!
(None of my writings are an ad or any form of marketing)

6 Likes

For web app security I recommend Portswigger Academy; its got a lot of writeups for everything from SQL injections to business logic errors and has several labs for each topic - all completely free.

For Linux/binary exploitation practice I got started with Exploit Education, really well made labs that you run as a virtual machine. They teach you about basic lower-level exploitation techniques (for Linux) in increasing difficulty, like SUID, race conditions, and buffer overflows. The Nebula box is the “easier” one, then you can move on to Phoenix for more of a challenge.

And it’s fairly well known but my go-to for general infosec information is the online HackTricks book, it’s a great place to start when learning about a specific topic.

For python I’d recommend just sticking to one course or book, a comprehensive free resource I used in the past is this one by ForrestKnight that sort of compiles together a bunch of free courses in one place so you can pick and choose.

I hope it helps! And good luck :slight_smile:

5 Likes

I have put in many years. I was an old member from a (very old) website (elitehackers.com, confine.com) which is well over 20 years ago. I am still learning. The best advice I can give is; even if you don’t understand what you are reading, keep reading. Don’t stop in the middle of a tutorial, article, or book simply because it is long and you don’t understand it. Most people never make it out of the script kiddie phase because they find out that it can be difficult and takes a long time to master (I’m talking about hacking…). I have worked in the (cyber) security industry and the software industry, and now I don’t work in either. It’s good money but it’s for sheep.

Learning is repetition and nobody wants to repeat something if they don’t like it. If you don’t like programming this is not for you. If you don’t like solving problems, this is not for you. etcetera. etc… Right now you should be spending 12 hours a day buried in a console reading manpages and trying to touch and discover every inch of a UNIX box, yes, it should be installed as your primary OS immediately. (xfce is preferred but theys always haters in the branches bruh). Nothing wrong with any other operating systems, it’s whatever makes you more comfortable when you have to bear down on some neighborhood noob trying to scan your shit… anyway…

Don’t limit yourself to one tutorial or article on a topic. You can’t get the whole news about something with just one news channel or newspaper. The same with learning about xss, heap sprays, nop sleds, and all that other gnarly cool stuff that makes digital wizardry an attractive force to behold, you can’t just read or watch something from one person or one source. If there is an article in Phrack about some overflow and they break it down, you can always read more articles about the same exploit in another source (that’s how WE ALL learn). Don’t be a noob, rtfm, then read some more.

With all the haterade being tossed in your face (whether you know it or not) I leave you with a few links you may not know about, the internet is huge, start searching and poking around:

and stop being an asshole. you know you are. haha. na i dont care what they say about you youre cool.

11 Likes

Hahaha thank you for the help! Will definitely snoop around the links shared!

我是一个小白 什么也不会 我该从哪里学起 大神指点一下 ?

Same here for me. I am fascinated by cybersecurity/hacking. I started with java, because people told me that this would be a good starting point. I got myself a few books and started learning. after finishing them, I joined tryhackme and also started learning python basics (still on it), but I feel like I´m not doing big progess. Im into tryhackme like 3 months and I keep forgetting things and have to watch walkthroughs or look up the internet, but I feel my hunger for new knowledge never ends. If you want to exchange some thoughts or so you can write me a message and I would send you my discord

1 Like