Anyone with basic computer skills and a high degree of curiosity has got what it takes to get started hacking a computer system. There are a number of tips and tricks to kickstart your journey to become a hacker.
Online and offline peers
There are many other like minded people who are getting started with hacking. The best online and supportive community I’ve seen is the Hacker101 Discord, which has over 6,000 members. Being able to celebrate achievements, discuss vulnerability classes, collaborate in Capture The Flag challenges, and getting to know people in the industry is very valuable. Solving a problem together is always easier than solving it alone.
The Hacker101 Discord was started by community members who participated in Hacker101, a free online course that teaches you how to hack. There are over 100 security vulnerabilities to be exploited, each of which come with materials to dive into a particular vulnerability class. These range from trivial to expert-level challenges (full disclosure: I’m struggling with some of them as well!). Recently, PortSwigger, the company behind Burp Suite, also released some great content: PortSwigger Academy. I’m biased, but I also enjoy reading publicly disclosed security vulnerabilities on the HackerOne Hacktivity. One of Peter Yaworski’s books, Web Hacking 101, uses these publicly disclosed vulnerabilities to explore vulnerability classes (great read!).
Interact with the community
Many top hackers have a strong presence on social media. They use it to share their experiences and knowledge and engage with newcomers to help them get going. Some great examples are Rachel Tobac, Nemesis, STÖK, d0nut, Aliia, NahamSec, and Jhaddix. Follow them on their journey to continuously learn new things about security and realize that the successful hackers are real and approachable people.
Build vulnerable applications
The beauty of hacking is that no system is exactly the same. What works in one system, may not work in another. Capture The Flag (CTF) challenges are great, but won’t ever cover all situations you will encounter in the wild. I think it is helpful to invest in familiarizing yourself with some light coding skills that allow you to introduce a security vulnerability. This teaches you what a developer had to do to introduce the security vulnerability in the first place, but also gives you complete control over adding any kind of roadblock you could possibly encounter in a real system. Check out this blog post how I go about exploring a particular vulnerability class. Because not everybody is ready to invest in coding, I built a game earlier this year that tries to overcome this by randomly generating a CTF: the unescape() room, which is specifically focussed on reflected and DOM Cross-Site Scripting (XSS) vulnerabilities.
Focus on learning, not money
A common pitfall of getting started with hacking is the overwhelming amount of information that is available. Many people get started with hacking because they think it’s an easy way to make money. There is a lot of money involved in bug bounty programs (over $19,000,000 paid to hackers in 2018 alone). To avoid being discouraged by seeing what others make, focus on something invaluable: the learning experience.