Foreword

Your Responsibility

Any misuse of the information provided on this page or elsewhere on this site is the sole responsibility of the user. Please always act ethically and obtain signed authorization before testing any system or network that is not your own.

Good Notetaking

Your notes are going to be one of the defining factors of your success in ethical hacking. You can't remember everything, so you will need to rely heavily on your notes. The quality of your notes will directly impact your ability to recall the information you need.

How to Take Bad Notes

❌ Writing down everything you hear, read, or watch

• You're spending more time transcribing than actually learning

❌ Including too many screenshots and pictures

• Pictures are not searchable on the page
• You're polluting your field manual with too much information

🤔 And you likely do this because

• You are learning something for the first time
• Everything is new and exciting and every little detail seems significant

How to Take Good Notes

Notes with a Purpose

✅ Your notes are your pocket guide, your field manual, not a novel or textbook

✅ The information should be available at a moment's notice

✅ The information should be searchable and easy to find

Questions to Ask Yourself

Am I just blindly transcribing?

• Will this information be valuable to me months from now?

Am I making more work for myself?

• If the information is documented elsewhere
  • Capture the essential information and link back to the original source
  • Don't rewrite it

Has the instructor said to write this down?

• Then write it down, obviously

Has this information come up multiple times?

• It's probably important if it's mentioned multiple times

Is this likely to come up in an exam?

• Oftentimes, exams will test on information such as trivia, factoids

Is this information going to be useful?

• Many of my notes written months and years ago continue to be useful to me even now

High Impact Note Formats

Diagramming

Dealing with a Complex Topic?

• Make a diagram of it: https://draw.io — 100% free
• Here's an example of a diagram I've made using draw.io

Commands and Code Blocks

Need to capture commands, code snippets, or entire scripts?
Use code blocks with syntax highlighting

```
Write-Host -ForegroundColor Green "Hello, World!"
```

Write-Host -ForegroundColor Green "Hello, World!"

```powershell
Write-Host -ForegroundColor Green "Hello, World!"
```

Write-Host -ForegroundColor Green "Hello, World!"

Collapsible Content

Need to Add Long Passages for Important Context?
Use a collapsible toggle so that it doesn't occupy too much space on the page.

Drawing Attention

Something You Really Want to Remember Later?
Use "callouts" on the page to draw your attention or point something out.

Note-Taking Products

Notes Versus Write-Ups

Notes

As stressed before, your notes are:

• Your field manual, your pocket guide
• Highly searchable, concise summaries and snippets

Write-Ups

• Write-ups are where you document in greater detail the things you're learning and doing (screenshots recommended)
• Have a template that you can clone and fill out and have a scratchpad to store random details while you work
• If you transfer information from your writeups to your notes, ensure you keep the information concise and searchable

Prerequisites to Ethical Hacking

Realistic Expectations

In the age of the dopamine reward loop, the modern human brain has been wired to seek gratification and reward that is instant, low-effort, and high-return.

• No one is gatekeeping, I promise
• You can't help that you don't know something and you can't make yourself instantly know it
• You're NOT going to learn ethical hacking in a day, a month, or maybe even a year
• The field is too broad, covers too many topics, and requires continuous learning
• Your skill will be a direct reflection of time + effort + repetition

Four Core Skill Areas

It is a matter of my opinion that in order to be a proficient ethical hacker, you should build up four core skill areas:

1. Operating Systems
2. Computer Networking
3. Web Technologies
4. Computer Programming

Learning Resources

IT and Cybersecurity Learning Path

In this post, I suggest a path of free resources that newcomers to IT and cybersecurity can follow to build a solid set of foundational skills to secure their careers

0xBEN0xBEN

Will ${cert_name} Help Me?

Certification Pros and Cons

Cons:

• Expenses for study materials and vouchers
• Time-consuming
• Fees for renewal (and sometimes membership dues)

Pros:

• May improve prospects when hunting for jobs
• Offer the student an A-to-Z roadmap of topics to study

The Most Important Question

Considering the time and costs involved with getting certifications, this should really be your sole motivation for pursuing them.

Search job boards for the target certification and assess what kind of demand there is for it by employers. If the demand is high, then it may be a wise investment of your time and money.

Learning to Hack

Curiosity: The Most Important Attribute

You need to have the mentality of:

• What if ________ ?
• What would happen if I ________ ?
• I wonder what caused ________ to happen.
• I don't know what ________ is. Let me research it.

To the curious, nothing is inconsequential. Hackers want to understand how things work, how things are controlled, and how those control systems can be manipulated in unintended ways.

Learn to Love Research

Your FIRST INSTINCT – when you encounter something you don't know – should be to do some research on:

• Your favorite LLM
• Google
• GitHub
• Stack Overflow
• etc.

There's a good chance someone on the Internet has already asked about it or written about it.

Google Dorks

Google Search Operators: 40 Commands to Know (Improve Research, Competitive Analysis, and SEO)

Google search operators are your secret tools to get enhanced info you can use for SEO, content research, & more. Get the full list here!

KinstaMatteo Duò

Google Hacking Database

Offensive Security’s Exploit Database Archive

The GHDB is an index of search queries (we call them dorks) used to find publicly available information, intended for pentesters and security researchers.

Exploit Database

Embracing the Road Ahead

At the risk of oversimplifying, three things will make you a better hacker:

• Experience
• Time
• Repeated application of learned concepts

This is true for any hobby or profession, really. As you build incremental experience, you naturally become better at it. It just takes time.

Try different things to see what interests you:

• Programming
• Computer networking
• Bug bounty
• Active Directory
• Binary exploitation and reverse engineering
• Etc.

Nothing is really time wasted if you're continuously learning and adding skills to your repertoire.

Where to Practice Safely

Knowledge without practice is useless. Practice without knowledge is dangerous.

– Confucius

CTF Varieties

• Binary Exploitation / Pwn
• Boot2Root
• Cryptography
• Forensics
• Hardware
• Mobile
• OSINT (Open Source Intelligence)
• PCAP Analysis
• Reverse Engineering
• Steganography
• Web Exploitation
• Etc.

Hosted Services

Home Lab

How to Start Your Home Lab

How to Start Your Home Lab

In this post, I cover the perks of running a home lab, scouting for equipment, and home lab design.

0xBEN0xBEN

• One of the single greatest way to develop core IT skills
• You build it, you break it, you research it, you fix it
• It's all yours and incredibly empowering

VMware Workstation and VirtualBox Security Labs

Building a Security Lab in VMware Workstation Pro

In this project, broken up into multiple modules, you will build a comprehensive cybersecurity home lab using VMware Workstation Pro. Upon completion, you will have an environment where you can safely practice penetration testing against a wide variety of targets, as well as detection in your SIEM.

0xBEN0xBEN

Building a Security Lab in VirtualBox

In this project, broken up into multiple modules, you will build a comprehensive cybersecurity home lab using VirtualBox. Upon completion, you will have an environment where you can safely practice penetration testing against a wide variety of targets, as well as detection in your SIEM.

0xBEN0xBEN

• These guides are great for beginners and you'll get plenty of hands on experience with a wide array of topics
  • Systems and network administration
  • Internal penetration testing
  • External penetration testing
  • SIEM

Proxmox Security Lab

Installing Proxmox on a Laptop and Building a Cybersecurity Lab

In this project, broken up into multiple modules, you will build a comprehensive cybersecurity home lab using Proxmox VE. Upon completion, you will have an environment where you can safely practice penetration testing against a wide variety of targets, as well as detection in your SIEM.

0xBEN0xBEN

• The Proxmox guide is going to require separate server hardware
• Proxmox allows for much more robust designs and solutions
• Following along with this project, you'll learn:
  • Systems and network administration, including 802.1q VLANs
  • Internal penetration testing
  • External penetration testing
  • SIEM
• I have even documented getting GOAD setup in this environment

Developing an Attack Methodology

Boot2Root Methodology

Boot2Root is my personal favorite, since it represents the opportunity to practice full system compromise. My favorite platforms to practice against Boot2Root targets are:

• HackTheBox
• TryHackMe
• Home Lab

Boot2Root Process

The process is typically the same no matter which platform you're practicing on:

1. Boot up the target
2. Get the target's IP address
3. Run a nmap scan
4. Begin your assessment

sudo nmap -Pn -p- -T4 -sC -sV -oN nmap_scan.txt 10.10.10.25

I Ran Nmap, Now What?

A More Detailed Boot2Root Methodology

When you're ready:

1. Pick an easy target on one of the platforms listed above
2. Boot it up and follow along with the process

It's OK if your first attempt is not successful. Just keep working at it and you will get better.

My CTF Methodology

In this post, I examine the steps I take to approach a typical CTF in the form of a vulnerable target (also known as boot2root), and elaborate on steps at each phase.

0xBEN0xBEN

Is It OK to Use Walkthroughs?

Unequivocally, yes!

If you've been stuck for 30 minutes and you're not getting anywhere, just read enough to get unstuck and put it away until you need it again.

Don't let your pride get in the way. You can't help that you don't know something. Add the knowledge to your notes and make an effort to remember it for next time.

It is Okay to Use Writeups

The path to becoming an self-sufficient learner

Hack The Boxippsec

Ethical Hacker Roadmap

1) Core Skills Checklist

This is not an exhaustive list of everything you need to know, but it should be a good basis of building and determining your proficiency.

2) Pentesting Methodology

Applying it to Boot2Root CTFs

• It is important to follow proven methodologies when conducting a penetration test, even when doing CTFs
• The Penetration Testing Execution Standard (PTES) and Penetration Testing Framework (PTF) detail the core steps of a penetration test

3) Individual Challenges

4) Active Directory Methodology

Active Directory presents a bit more of a challenge from what you saw with individual boxes in step 3. Generally speaking, Active Directory typically involves network penetration testing:

• Initial foothold
• Privilege escalation
• Credential mining
• Pivoting
• Etc.

Active Directory is just an extension of Windows fundamentals

• Get comfortable with the Active Directory exploit chain
• You'll need your Windows methodologies
• And, you'll need to understand the core function of Active Directory

5) Real-World Targets

At some point, you're going to want to move beyond CTFs and vulnerable boxes and test your skills against real-life and hardened targets on:

• Vulnerability Disclosure Programs (VDP)
• Bug Bounty Platforms

Once you've become comfortable with the skillset, workflow, and the tools involved with the trade, you should consider graduating up to VDP and / or bug bounty programs.

Open-Sourced Collection of Bug Bounty Platforms

Open-Sourced Collection of Bug Bounty Platforms Part of The @disclose_io Project.

Bug Bounty Platforms

Finding Your Niche

The learning path on this page covers a wide variety of topics in the computer security field. You should try a little bit of everything in order to find what interests you the most. That may end up being:

• Web App
• Hardware (IoT / Drone / Automotive / ICS)
• Pwn (Binary Exploitation)
• Active Directory
• OS (Kernel / Driver / Firmware)
• Etc.

You can't remain a generalist forever, simply for the fact that:

• The computer security industry is constantly evolving
• It's impossible to master all of the niches

What you should do instead is:

• Find one niche that's very interesting to you
• Spend 70% — 80% of your focus becoming proficient there
• Spend the remainder of your time outside of this niche to keep things interesting

Impostor Syndrome

When it comes to any profession — not just computer security — it's perfectly normal to experience feelings of inadequacy, especially when comparing yourself to someone very skilled.

• The only comparison to make is your current self versus your past self
  • Do I sometimes feel inadequate when comparing myself with others? Yes!
  • Have I made progress more quickly than I thought I would? Also, yes!
• There is a lot to learn in this field and there will always be new things to learn
• Be kind to yourself and remember to give yourself time to relax too
  • Constantly grinding and learning will lead to burnout
  • You have a finite attention span, give yourself time to do non-study things

Seeking Help from the Community

Asking Good Questions

When seeking help from the community, there is a reasonable expectation that you are going to ask questions that reflect:

Effort

• Is the answer easily found with a quick Google search?
• Show that you at least tried some things
• What did you try? What was the result?

Clarity of the Problem

• Bad question: Anyone around for a Python question?
• Better question: I'm working on a Python script to scan TCP ports. When I run the script, I get this error message. Here's a screenshot of the output for additional clarity.
• Why This Works: It's clear what you're working on, what the problem is, and anyone potentially interested in helping out has a general idea of how much time they're going to need to invest in helping you out.
• See also: https://dontasktoask.com/

Respect for Others' Time

• Posting your question in one forum / channel and then posting again in another forum / channel five minutes later is bad etiquette
• Be patient, people may or may not be immediately available to assist you
• When someone helps you with your question, they are volunteering their time to help you

If you ask a question that does not reflect these principles, or ask lazy questions, most people are going to correct you, or possibly refuse to answer at all.

Mentorship

Bring the Right Mindset

• Mentorship is voluntary, no one owes this to you
• If you are fortunate enough to receive mentorship:
  • Understand that your mentors have lives — work, family, personal interests
  • Don't take your mentor's time for granted

Mentorship Styles

Mentorship styles differ from person to person, mainly as a reflection of the mentor's personality.

• Active: More involved in the day-to-day activities of the mentee and approaching the mentee proactively
• Passive: Available when the mentee has questions, but may engage first if they find something that the mentee could benefit from

Finding the Right Mentor

Also, in my experience, mentors come and go. I've mentored people for days, weeks, and months at a time. Then, when they've gotten to a certain point that I'm no longer needed, I don't hear from them any longer. And, that's fine. That's the way it should be. I'm still around if they want to ask questions.

Where You Can Find Your Peers

I would encourage you to seek out a mentor or a community of your peers. It is an immense help to have others to learn from and learn with. It's not a zero-sum game, we all give and take to and from each other.

• Discord
  • HackTheBox Discord server
  • TryHackMe Discord server
• Local Meetups
• Mastodon
• Reddit
• Etc

More Pages to Check Out

Free IT and Cybersecurity Resources

I will try to keep this list continuously updated with training and informational resources for different areas that could benefit students and professionals of cybersecurity and IT

0xBEN0xBEN

CTF - 0xBEN

Capture the Flag (cybersecurity)

0xBEN0xBEN

Offensive Cybersecurity | 0xBEN | Notes

0xBEN | Notes

The Secret step-by-step Guide to learn Hacking

totally clickbait. but also not clickbait. I don’t know where to start hacking, there is no guide to learn this stuff. But I hope you still have a plan now!G…

YouTube

How the Best Hackers Learn Their Craft

Presenter: David Brumley, CEO, ForAllSecureDo you want to know how to build a top-ranked competitive hacking team? It’s all about the system. In sports, we u…

YouTube

How to learn hacking: The (step-by-step) beginner’s bible

The truth behind learning the wonderful wizardry that is hacking. You’ll learn what it takes to learn hacking from scratch and the necessary steps to get started!

Hack The Boxr0adrunn3r

Penetration Tester Job Role Path | HTB Academy

The Penetration Tester Job Role Path is for newcomers to information security who aspire to become professional penetration testers. This path covers core se…

HTB Academy LogoHTB Academy

Introduction to Pentesting

Understand what a penetration test involves, including testing techniques and methodologies every pentester should know.

TryHackMe

Roadmaps

Community driven roadmaps, articles and guides for developers to grow in their career.

roadmap.sh