I am new to web Hacking. (NOOB)

Need someone to guide me or show me the right path

There are a ton of beginner friendly web challenges in the retired challenges section.

Hackerone has a free ebook that is pretty good as well as some good challenges

the “bible” is “The Web application hackers handbook”, it’s several years old, but the methodology and content is still invaluable


There are many very solid learning resources

pentesterlab.com (some free stuff content, the best and bulk will cost you a membership, but it’s very worth it)

Web Security Academy: Free Online Training from PortSwigger (free, exceptionally good)

tryhackme.com (some free, otherwise paid, not as good as HTB imo, but still has good content

root-me.org (free)

Juice Shop - Insecure Web Application for Training | OWASP (free, and an absolutely exceptional setup to practice finding vulns, there are also lots of great walkthroughs and tutorials on it)

https://www.thecybermentor.com/ (has great free video content, as well as some very well reviewed paid courses (I have no personally experience, but I can’t imagine them not being good)

There are lots of others as well, google is your friend

What @Hilbert mentioned is very good.
Would also like to add:
@ippsec video tutorials on solving challenges as well as one he explains about Deserializations.

Practice Practice :slight_smile:

Building on what Hilbert said -

I HIGHLY recommend The Cyber Mentor’s courses. I have taken PEH (Practical Ethical Hacking), and both Priv Esc courses. I learned a TON. Back then, those were the only courses he had, now he has a website (https://www.thecybermentor.com) with some great free stuff you should check out immediately. https://www.thecybermentor.com/beginner-linux-for-ethical-hackers

I’m serious dude - 2 years ago I was an analyst, knew NOTHING about hacking. I remember watching a stream of some dude do HackTheBox (geohotz) and I was completely enamored, I felt like I knew nothing about security.
Now I’m a junior penetration tester working towards OSCP and then subsequent certs. TheCyberMentor, Tib3rius (https://www.udemy.com/user/tib3rius/), and Ippsec (and Google) have taught me a lot, nearly everything I know.

Also, when I was starting out, I found HTB to be lacking in the fundamentals. TryHackMe is similar to HTB in that it’s free, but their machines focus heavily on the fundamentals, I’ve learned more there than ANYWHERE else. They have learning paths and you could go there literally knowing nothing about hacking and leave with an OSCP at the least.

Feel free to reach out if you need advice (same goes for anyone reading this)!

Thanks, really helpful advice guys! I found https://www.hacker101.com/ (free) from the Hackerone ebook mentioned above.