That’s my take on it as well.
Type your comment> @Cyb0Mancer said:
That’s my take on it as well.
I haven’t ever checked out the starting point machines, but from the amount and type of questions that regularly appear here it’s been my takeaway.
There are a lot of great resources to learn from though: IppSec, THM, and various YT videos. Where are you skill wise? I could probably give you a good place to go based on your level of knowledge.
I have a background in games development. Started out on a ZX81 then a C64 and Amiga, before moving onto PC where I did web design for a bit before moving back into games. I know BASIC, 6502 assembly, GML and C#. I’ve used Windows and DOS primarily during my time with PC’s, but have limited knowledge of Linux. I’m kinda bored with games development and fancied learning something new, so I signed up here. I’ve always had an interest in hacking, but never attempted it before. With the hacking/pentesting stuff, my knowledge is basically what I’ve learned from here, TryHackMe and the OverTheWire CTF over the last few weeks, so my knowledge is quite limited at the moment.
Thats a hard shift, welcome to the community though!
I’m suprised you were a gave dev and didn’t use linux tbh, UE and Autodesk’s suite all support linux I believe. The only thing I can recommend for getting used to it is immersion, and for the love of god don’t use Kali. Parrot is far, far superior in every regard. I prefer a dual boot to a VM as well, it forces you to use the linux system and pretty soon it all just clicks. One day you’ll find yourself exclusively using the terminal to do pretty much anything and that’s when you’ve got it.
As for learning hacking stuff, THM is pretty good so glad you found that. I would recommend picking up python and bash but you shouldn’t have any issue with that. Really, I find learning how a process works before learning to exploit it helps tremendously. Take SQLi for example, assuming you wanted to learn to exploit an SQL db i’d start by learning to use it, make a db, query a db, etc. Then it’s kinda like common sense as to how to break it.
Ippsec is also really good, after I finish a box I’m always waiting for it to retire so I can watch his video. There’s always some trick to pick up on that he shares.
I’ve only every developed for Windows on PC, so never felt the need to use Linux. I only tried Linux for the first time a few years ago as I installed Ubuntu on an old laptop I had to try it out.
As for the hacking. Like I said, I’ve always had an interest in it, right from the early days of my C64. Unfortunately, though, I never had anywhere to try it out legally, so I never bothered. The closest I got was the old Hacker and Hacker 2 video games and Uplink.
I’m subscribed to Ippsec and a few others. I’ve been watching Pentesting for N00bs by
The Cyber Mentor. He has a few videos walking through some older boxes that he’s geared towards people like myself who are very new to this. it’s a sort of follow along series, but I’ve only watched them so far and not actually worked through them. I have a VIP account so I can do the retired boxes with walkthroughs, but I wanted to complete starting point before I moved onto anything else.
I find THM is a lot better explained for newbies than HTB is. THM is a bit more like “Here’s a recipe to make a pie, the ingredients are all labeled for you, and he’s a nice video to show you what to do”, where as HTB is more like “Here’s some flour, water and butter. There’s a field of vegetables outside and a live cow in the yard… Make me a pie!”
THM is a bit more like “Here’s a recipe to make a pie, the ingredients are all labeled for you, and he’s a nice video to show you what to do”, where as HTB is more like “Here’s some flour, water and butter. There’s a field of vegetables outside and a live cow in the yard… Make me a pie!”
Yea pretty much lol. HtB is a lot like programming, you’re always gonna be looking up syntax and weird esoteric nuances of the configuration of a specific PHP version. There’s only been one box that I can think of where I immediately knew what to do from start to finish and coasted through it. The rest involved banging my head against my desk for several hours at each step.
I enjoy a challenge. I’m sure I’ll figure it out over time. Like I said, I got the VIP subscription so that I could follow along with some walkthroughs of the older boxes and maybe pick up a few ideas that way.