
Ask HN: How to start learning about information security and hacking? - cthuluforprez
I would like to learn more about information security and hacking in general. Any recommendations to where should I start?<p>Edit: I would like to know about resources which are generally free. Thanks!
======
howlett
Here are a few resources:

[https://www.reddit.com/r/netsec/](https://www.reddit.com/r/netsec/) General
news about netsec

[https://github.com/enaqx/awesome-pentest](https://github.com/enaqx/awesome-
pentest) List of tools and resources

[https://github.com/wtsxDev/Penetration-
Testing](https://github.com/wtsxDev/Penetration-Testing) Another list of tools
and resources

[https://www.hackthebox.eu/](https://www.hackthebox.eu/) Hands on hacking
(OSCP style) but free, unless you want to pay for a VIP version and get access
to even more machines.

[https://www.vulnhub.com/](https://www.vulnhub.com/) Individual VMs you can
hack into, most of them providing walkthroughs.

Web application wise I'd suggest starting with
[https://www.owasp.org/index.php/OWASP_Juice_Shop_Project](https://www.owasp.org/index.php/OWASP_Juice_Shop_Project)
which is a modern version of the "damn vulnerable web app (DVWA)".

These may look quite "massive" for a beginner but I think it's the best way to
start. The approach I would suggest would be to go download a VM from vulnhub
and read its walkthrough. Then learn to use the tools in that walkthrough
(each machine may use a tool in a different way) until you're confident enough
to make an attempt on your own.

Hope this is helpful!

------
DyslexicAtheist
my favorite infosec book is no doubt
[https://www.cl.cam.ac.uk/~rja14/book.html](https://www.cl.cam.ac.uk/~rja14/book.html)

For practical learning there is a great list of tools here:
[https://news.ycombinator.com/item?id=17166545](https://news.ycombinator.com/item?id=17166545)

Also join an open source project you like and help out for hands on
experience, eventually you'll do well and build a reputation for yourself.
(this is worth more than any certification in case it's a job you're after)

------
video-host
PentesterLab, make sure you check the bootcamp and the free stuff first

------
O_H_E
I once found cybrary.it but have no idea how good they are

------
gcb0
owasp website is the #1 resource for this.

