Hello there, I have been thinking about getting a career in computers, I want to do penetration testing, but I do not know where to start. There are articles saying to start networking, others say to start to learn C, and some arguing that python is best for beginners. Then there are also articles saying to learn to use Kali Linux and start hacking. My only argument to starting to hack on linux is that I will most likely not know what I am doing. What is it that you started doing while starting your computer career?
Really all you need to do is start doing things that are interesting to you, whether it is coding, networking, tinkering with hardware, etc. You could get a Raspberry Pi for pretty cheap and play around with that. Or install Kali on a machine and just play around with the tools. Just don't hack anybody else (like your friends, family, neighbors), stick to your own things.
Let's start with the fact that you've gotten some pretty good advice. Red Teamers use what they know to get what they want. Someone who's a network genius will look to break in that way. Software vulnerability hackers will go in that way. Cryptography experts will get in via encryption vulnerabilities. Social engineers just ask for the password. If you ever want to get past being really good at running scripts, you should plan on being expert in at least one area. And that's why you're getting so much different advice.
Every good pen tester should have at least a fundamental knowledge of networking. Port scanning may be basic, but it remains an easy way into many networks. Keep in mind that the most money spent on security is in networking.
If you only learn one language, learn Python. Not that it's the best. It's just the best documented and the de facto standard used for scripting, codebreaking, etc. Go, C#, etc. are all great languages, too. If you like programming, get really good at what you like and just adapt it to your testing.
Linux knowledge, also, will only help you. Many of the tools pen testers use are Linux-based, so get really good at it, especially from the command line.
Wait for a $10 sale and hit Udemy for one of their really great online courses. Also, I can't recommend No Starch Press enough. Their products are painstakingly edited and proofed for accuracy.
Good luck!
The beauty of this era of computing/IT is that as long as you have access to the Internet you can ask google. I would suggest you go pick up some cheap computers and learn how to install and fail at installing linux. This will teach you important information on how to get stuff working. There are several flavors of Linux that you can play with and each has its own challenges in installing it. Probably the easiest would be Ubuntu. Kali can be a little troublesome if you have no experience with IT. Do this and then set up your own network. Download a virtual machine emulator like VMWare Player or Oracle's Virtual Box and practice with virtual machines.
The basic thing is to get experience installing operating systems so you will know how they work. If you have a network setup then you can practice attacking it without having to worry about permission, because you own it. You will need to get experience with nmap and other tools and you really need hands-on experience.
Thank you. What would you recommend to do first TCP/IP or Networking first?
Thank you, I will see if I can get my hands on a Raspberry pi soon.
Thank you, and I am starting to use Kali, and learning some of the applications.
@Chaotic wrote:Thank you. What would you recommend to do first TCP/IP or Networking first?
Both. Networking involves TCP/IP so they can be learned together. Go to insecure.org and read about the tools the security community uses. Download them and use them on networks you have permission to use them on (i.e. your own networks). Do not use them on work or public networks.
If you have the resources, find an inexpensive laptop that you wouldn't mind bricking. Then start experimenting. Install Kali. Then overwrite it and install Ubuntu or Mint. Then overwrite and install Fedora. Figure out how to set it up to boot from multiple images. Experiment with Gnome and KDE or other desktop environments. Figure which flavors you like and why. Doing these things will provide you with a foundation to build upon. Then you can start experimenting with networking. There are also tons of "how do I" videos on YouTube.