The best way to learn Cybersecurity | Beginner Tips

Hey guys, what's up everyone? Welcome back to a new video. It has been a while

There was the holiday time and New Year's and everything that has kept me

from producing new content. But now it's time for a new year and it's time for new

content. That being said, a question I get asked a lot is what is the best way

to learn hacking? This question is very hard to answer because there are many

different ways of how to learn hacking and there is no right and no wrong way

it's more about which way works best for you. I had previously written an huge

article about how to get started with cyber security which I will link in the

upper right corner right now so you may also check that out that's more of a

guideline that you can follow through on and there's also a lot of my history of how I learned

hacking it's a very very curvy path so you go through many different things that bring you from

one thing to the other thing and that might be interesting for you to read in that regard that's

way too much to cover for this video so I will just go over a couple of points that I found most

important and also that I find most worth mentioning and there are also things included

in this video that I would have done differently if I would have known this information that I know

now back then when I started out myself. So before we dive in I want to mention one thing and this is

I will not go through all of the prerequisites that you need for hacking like basic networking

and stuff like this. This is all what you can read in the article that I have linked previously

There are all the basic requirements that you need as a prerequisite to learn hacking. This is really

about the best way to learn actual hacking not going through all the

prerequisites but actually going through the methods of how to practice actual

hacking so as I said before there are many different ways on how to learn

hacking the first point I've listed here is take a course at your current

location and what I mean by that is simply that some whatever you have in

your location like community colleges or something like this they sometimes offer courses on hacking or cyber security or something like this. If you are still in school, of course

it's an option for you to study computer science or study a field that eventually will bring you

towards the direction of hacking or being a hacker in the future. And so there is this option. And

this is not an option I would choose because I more like to compose my own curriculum when it

comes to those things. So I like to choose my own material to study. So I don't really like to sit

in school and listen to somebody talk. I rather do it on my own pace. Which brings us to the next

point, which is take an online course. So I did many online courses, but none of them was in

hacking. Most of the online courses I took were on programming, web development, photography

I think writing and web design SEO stuff like this I never found a course that I liked

with the topic of hacking so I never really did a online course there might be good courses out

there I did not find any and with online courses I mean stuff like Skillshare and Udemy there is

not too much content out there like there is for programming where professional boot camp

directors are actually teaching online courses and stuff like this so real high quality stuff

i don't know about hacking you would have to look into that yourself i generally like online courses

but i don't know if it would work for learning hacking because there's so many different things

to it and the disadvantage of following an online course entirely is just that you just follow along

and you I don't know you don't really learn all that much if you don't put in

the practice yourself but there is definitely an advantage to taking an

online course I just can't point you in the direction to a specific course

because I haven't taken any myself so look that up if you like a teacher just

watch some preview videos or something like this and maybe you want to enroll

in a course there's also a course provided by Kali the developers of Kali

linux or oscp or whatever i don't know exactly what it's called i think it's called the oscp

course where you study you pay quite a lot of money i think it's a thousand bucks and you have

to learn on your own pace you watch some videos you get access to labs and stuff like this i

haven't taken this either but a friend of mine took it and he was quite satisfied with the course

so you might look at that as well of course you can also go ahead and in the quotation mark sense

of an online course you can also just go to youtube and look up videos of people who produce

hacking content like myself or nullbyte or something like that or we get to that a little

bit later the next point is read hacking books i personally really like reading hacking books i

link an article of my favorite hacking books in the upper right corner for you to check out and

i like studying by books because you can follow through and you have everything written down and

You can reread it, which for me is an advantage over an online course where you have to rewatch

stuff, which takes much longer than just rereading a line of text, in my opinion

And I like to follow through well-structured books. There are good books out there

There are also very shitty books out there that are not very helpful because the structure

is just not good or the author is assuming that you have some pre-knowledge to the material

that he is teaching so you once you get stuck at a certain point you can't follow through anymore

because there is some information missing or something like this so there's this possibility

but in general i really like studying with hacking books i think they definitely have their place and

they're a great material to learn hacking the next point is start playing ctfs and do hacking

challenges we will go over this in the next slide i just want to mention the last point here that's

read through my articles on seosec.com and also watch my youtube videos on this youtube channel

you can if you want subscribe to the channel and hit the notification bell so to get notified when

i release new content all the content that i do is very beginner friendly i struggled very much in

the beginning of my own journey that people who produced cybersecurity content were mostly assuming

that you know all the prerequisites for a certain tutorial like that you know all the Linux commands

by heart and stuff like this. If I do a tutorial I will explain everything to you in a beginner

friendly way so that you are able to fully understand the material that I'm giving to you

So if you like this kind of stuff just read through it or watch through my videos also my

older videos they probably lack a little bit in quality but I mean quality

production wise because I didn't have this good equipment back then that I have now but definitely content wise they are same in as my most recent videos so I recommend you to check that out now we get to the fun part my favorite way to learn hacking which is learning by doing This in fact is my favorite

way to really learn anything. I always like to learn by doing. So far I had the best experiences

with this method just to get started with something and just fiddle around with it until

you figure out how it works which brings us to the first point in this list which is play ctfs

ctfs are capture the flags and capture the flags you probably heard this term before in gaming where

you have to capture the enemy flag from a base and bring it back to your own base to get the point

that's not really how capture the flags work in hacking kind of but in capture the flags your goal

is to capture a flag and the flag in capture the flag in a hacking ctf is mostly some hash

hashed key or something in a text file hidden somewhere on a vulnerable machine there are also

ctfs that are still named ctfs but are really boot to root machines which are machines where

your goal is to acquire root access and maybe they have a flag as well somewhere hidden but

really the main goal of the machine can be that you have to root the machine

which you most of the times have to do anyway to acquire the flag or the root flag

So there are a couple of options on how to get started and we will get more in-depth into that in the next slide

But in general it is like downloading a vulnerable machine and try to break something and if it doesn't work read a CTF walkthrough

if you really get stuck at some point and you cannot figure it out yourself for the heck of it

then as a last resort you would read through a walkthrough but more on that on the next slide

where do you start to practice ctfs or hacking challenges or something like this i think the

best way on how to start is over the wire and specifically the bandit game i think the game

has 30 levels and it starts really easy basically with the first challenge being you just need to

connect via ssh to their machine and you have to read the password for the next level so how it

works is you go from level to level and you learn a lot of basic linux commands in the beginning

which are very important for hacking and by the way i have a walkthrough on my youtube channel and

also on the website i think up to level 20 or something like this but there are definitely

uh walkthroughs out there which go through the whole thing i wouldn't recommend you looking it up

too early like if you get stuck spend a little time google a possible solution like

if let's say you can't for the heck figure out uh how to how to um open a text file or something

then don't look for bandit level two solution or something but look for how to open a text file on

linux and try to figure it out yourself only look up the really the real solution when you really

get stuck and you really cannot figure out how to continue if you go to my website seosec.com

the write-up that i have there for over the wire it actually contains spoilers so i give you some

tips and then if you really get stuck you can like flip down the spoiler window which will reveal

the solution so you don't just get the solution by going to the page you actually have to click

an extra button to reveal it so you that that you don't accidentally read the solution but in

general the over the wire tutorials or the over the wire challenges are I think a really great

way on how to get started that was actually the way how I get started after doing some research

back in the day when I started and it really helped me to understand the most important Linux commands

and how to use them in a hacking context. Next on the list is Vulnhub. Vulnhub is a website that

provides vulnerable virtual machines so you need to download a image file from their server or from

their website and you need to open it either in VMware which has a free VMware player I think

or in VirtualBox which is my preferred way. VirtualBox is a free virtualization platform

from Oracle you just need to download and install it and then you need to import the image that you

have downloaded from Vulnhub. That's really easy to do I also have a tutorial on how to do that on

seosec.com i think i'll leave it in the upper right corner if i can find it right now

and so on volhub some of dvms are sorted by difficulty like there is written beginner

intermediate or expert or something like this some aren't but on all of them you have if you

click on them you have a description on kind of what you need to do or what dvm is about a little

introduction to the machine but there is definitely a lot of available machines up there and I really

like them because they have beginner stuff they have intermediate stuff and they have really really

hard stuff too and the best VMs I would start with the easiest ones would be DVVA that's a damn

vulnerable web applications that's an older VM but it's really easy to penetrate nowadays with all

the tools we have at our repository and the next thing I would do would be the basic pen testing

machine one and two they have two levels maybe they have three already I think actually they

have three and I haven't tried the third one myself yet but I really enjoyed all of those

three machines they are really beginner friendly and they show you kind of like how to move

through a network and stuff like this so definitely worth checking out

Voln hub and over the wire for beginners next up how to practice how should you practice hacking so

Just start playing around. That's basically all you can do As I said, I really I

Really discourage you from just looking up solutions because because that way you don't actually learn anything

Just play around and and like really search for if you just fire up a machine and you don't know what to do

then just search for how to do reconnaissance on Kali Linux or how to find usernames with Nmap

how to run vulnerability scans with Nmap. Then you dig in, you search for Nmap tutorial series

I actually have that on the website too. You can check it out as well. Really beginner-friendly stuff

Because Nmap is an essential tool, you could search for how to find vulnerabilities on Kali Linux

or how to find exploits for hacking, how to find this and that

Always check if the vulnerable machine has a web server running so just open a web browser and enter its IP address

the IP address of the machine into your web browser and see if a website comes up And from there on you just take notes and you you you see what works and you write down what worked what what methods work for you

you take notes and um yeah that's that's basically how you start and that's the second point there

right there document everything you find this is really important i use a tool called evernote

and that's really nice to structure your findings basically so you can make notes about reconnaissance

about vulnerability scanning, stuff like this. You can write it all down very nicely categorized

because the commands that you find work for you most often. You want to be able to find them over and over again

until you memorize them. So you want to quickly find your notes in this well-structured place

or you can use any other note-taking app, like OneNote as well. If you do find something, also take notes on how you found it

because some vulnerabilities will come up over and over again, and when you stumble over the same vulnerability for three times

and you have to search for a tutorial how to abuse it

or how to exploit it over and over again, it really messes with your head instead of just looking up your notes

and seeing, oh, okay, I came over this already and here's how to exploit it or here's how to use it

The same goes for how to use tools. You can create a second notebook in Evernote, for example

Only for Nmap, you can have another notebook for Nikto where the most important commands are written in

or Metasploit or whatever. Like just that you have a place where you can take notes

your own notes, and you can write down stuff that you found working and that you can reuse later on

because this is really the way how to do it. I think this is really important

My next tip, that's a personal favorite of mine. You don't have to do it, but I found it works really well for my style of learning

because I really have a hard time concentrating on stuff for a long time

So I get distracted very, very easily. And what I found working for me is the Pomodoro method

And if you Google that, you will find articles about that. it's basically a method where you set a timer for 25 minutes that it originated from some italian guy

who set a cooking timer for 25 minutes and used that for studying and it was like a little tomato

themed timer so that's already name actually came from and what you do is you put this timer on 25

minutes you put your phone out of reach you close your web browser you close facebook and all this

shit and you start focusing for 25 minutes which should be doable for most of us if it's not start

with a lower time like 10 minutes and work your way up to 25 minutes ideally and after those 25

minutes you allow yourself a break from 5 to 15 minutes you just do something else then you check

your facebook you check your phone and once the break is over you put your stuff away again and

you do another pomodoro timer i found this works really well for me you can try it out if it helps

you great that's just i think another additional tip here that is very useful for you when you get

started and as i've mentioned before if you get stuck look for a walkthrough and don't just look

up a solution too early i can't stress this enough i'm struggling with this right now in programming

because I'm learning web development and programming. And it's really easy to look up a solution

but it's not easy to figure out a way of how it actually works. So the more you spend time on finding a solution

and you really cannot find it for the heck of it. And let's say you, I don't know, you spend 20 minutes, 30 minutes on it

and just can't figure it out. and you look it up then it's way more likely that you understand how it works than when you just

look it up right away and you just give up right away without struggling a little bit because

hacking is really struggling same like programming you will just struggle all the time because you

search for new information all the time and you can't just remember everything it's impossible

so you will need to look stuff up and if you just look it up too early then you definitely

are in disadvantage and you will not learn as much as if you would struggle a little bit and

then look up a solution. You could also use the Pomodoro method for that. Like if you think like

you're stuck, hit that Pomodoro timer for 25 minutes. If you cannot figure it out within 25

minutes, look for a solution or look for hints for the problem. All right, where to go from here

moving forward other practice resources that i like very very much one of my favorite practice

resources is hack the box.eu i think is the address and what hack the box is is basically it's also a

collection of vulnerable machines but everything is online so you don't need to download anything

and they usually have three to four available machines for free that you can use for free

but there is a little there's a little challenge right from the start because if you go to their

website and you want to sign up you first need to solve a challenge to be even able to sign up which

i found absolutely amazing it was great to go through this challenge i actually learned a lot

just from this one challenge and i couldn't figure it out myself in the beginning so i

was kind of struggling but definitely teaches you a lesson of how hard the machines in hectabox

are or can be it's it's more of a little bit of an advanced thing i think

i would do that after doing bandit and after doing the bullhub machines i recommend it

but once you're logged in you have access to three or four machines that are publicly available

until they retire and some of them will be unbelievably hard for you you don't even need

try them but the good thing is they have like eight different difficulty levels

and each machine gets rated by the users so you have a really good overview of

how hard the machine is and if a machine gets rated like medium to hard you don't

even need to try that as a beginner like it's really really hard there are a lot

of pros on there and there are really a lot of hard machines up there but they

They also have a subscription model which is £10 a month and I'm actually a subscriber

I took the yearly subscription directly when it came out. And it's definitely worth it because you can go through all the retired machines and you

can sort them by difficulty. And most of the machines they have like, I don't know, like more than 3000 ratings or

something like that or more than something like in the 1000 range of users who played

the machine and also rated it afterwards. you get a really good idea of how hard a machine is and the the easiest machines

are definitely worth checking out and you can just work your way through all of

the retired machines and have a couple of other things like you get a more

stable VPN connection when you are a VIP or when you subscribe and you have

some other benefits which I don't know of yet but other than that they also

have challenges up there and all kinds of really hard stuff which I haven looked into they have a forum it a really really great place uh to practice hacking I do it on a weekly basis

or sometimes daily and evening I just sit there and try to hack a box and then I'm just like

that's my my equivalent of Netflix like I'm not watching Netflix I'm just doing the 10 dollars or

10 pounds and hack the box and I'm sitting there and hacking some boxes and I found this to be the

best way on how to practice because that's actually you are hacking right you're like you

are doing it and you try to solve some machines enough praise for a hack the box this video is

by the way not sponsored by hack the box unfortunately i'd love to have that but

maybe in the future and the next thing i like to recommend is a life overflow life overflows

channel is um i would not say it's for beginners he is also a fellow german so you will have some

accent there as well like in my videos but his videos are excellent and thoroughly and and

not really for 100 beginners but you can learn a lot from him he has some very advanced videos

and he has some more towards beginner friendly videos but i don't even understand most of the

stuff that he is doing and he has a lot of like buffer overflow stuff and hardware hacking I think

and stuff like this but he explains the material really well so if that's your thing definitely

check him out. The next guy on YouTube is Ipsec and Ipsec is doing actually hack the box

walkthroughs and he is doing it so well and he explains everything he does so well that this is

my new favorite channel I was binge watching his CTF walkthroughs the other day and I'm impressed

of how good he is first of it and second of it is how much I still have to learn myself

but what I found really valuable on his channel is that while you watch his videos I recommend you

to take notes because the mythology that he is using is really really valuable if you want to

learn hacking just like the scans he's using the tools he's using because he explains it so well

you kind of understand of why he's using them and then you can also implement them in your own

workflow so I really highly recommend his channel great work what he's putting out there and I

really love his content next of course my own channel as I said before I do a lot of beginner

friendly very beginner friendly stuff and I will keep doing it in the future I try to explain

everything for everyone so that the biggest noob basically can follow my

videos but also a more advanced a guy will get something out of it so if you

like again subscribe to my channel would be great I'll produce a lot of content

and put it out there so I'll be happy for you if you come to my channel and

subscribe alright the next thing is nullbyte I learned a lot from Cody from

nullbyte they have a website which is nullbyte.wonderhowto.com or something like that

just google nullbyte but he also has a youtube channel where he does hacking tutorials and he is

also doing it in a very very beginner friendly way so i think all of his videos are actually very

beginner friendly and i really like his content when i started to look into hacking in like 2016

I think I started out in like 2016 to get more interested in it

And I started doing his tutorials on how to hack Wi-Fi. That's how I got started

And since that day, I keep coming back to his site and to his YouTube channel

because I really like his style of explaining things and how he's putting out content as well

I really highly recommend checking out his channel and his blog as well

The last thing we are going to talk about are books again. Just shortly though, I already went over books, but I want to mention it again on the end

Books are a big part of my own practice of learning hacking

I use books, I buy books, I like to buy books, I like to hold them, something physical in

my hand to go through to take notes and stuff like this, but I went over that before, so

I won't budge you again with that. Alright, we're almost through. one of the most important advices I can give you is don't get frustrated and keep going because you

will get frustrated and you will want to quit many many times so what I recommend doing is

take breaks and I don't mean the pomodoro five minute to 15 minutes breaks I mean real breaks

like take a day off in between studying I know it can get exciting when you just get started and

you start to figure out how stuff works and you start to have some success in CTFs and stuff like

this but don't overdo it like plan your week take a break day do something nice find a fun hobby

away from the computer whatever that might be I like personally doing exercise and that really

helps to clear out your head so implement the exercise regime while you're studying and just

to get away from the computer and get your head cleared because you are actually learning passively

anyway when you step away from actively doing something it's passive learning it's a big thing

so you definitely have to put breaks into there into that and also i recommend meditation if you

can put up with it start with one minute of the day work your way up but it also really helps

because you need to retain a lot of information in this field and there are so many things like

syntax and and whatever code maybe if you're into programming and you learn programming at the same

time you have to remember a lot of stuff and if you don't organize everything in your head it can

get overwhelming you can get burnout and stuff like this so it's no joke like take breaks and

don't overdo it yeah i think this can be the end of this video it should sum up everything

i hope it helps and if it does please subscribe to the channel of course hit the notification

bell check out seosec.com lots of tutorials up there lots of beginner tutorials then also check

youtube facebook twitter instagram all seosec and subscribe to those channels and if you have

any questions leave them in the comment below if I can I'm happy to answer them

and please let me know if this information was helpful for you guys and

yeah good luck don't overdo it and keep practicing and definitely physical or

actual practice is my favorite way of doing hence it's the best way to learn

hacking at least for me alright guys see you back in the next video and thanks