One question that has been coming my way recently is how would those that are interested in InfoSec actually get started in this field of white-hat hacking. This page is a collection of suggestions that have been given to me by friends and colleagues in an attempt to answer that question. It is in no way supposed to be a concise list, nor would I want it to be. Start with what’s below and then reach out and find more.
Courses
Pluralsight
Pluralsight is a fantastic collection of online courses covering many topics. They have a great collection of Ethical Hacking courses.
Challenges
OverTheWire
This site is a fantastic collection of games and challenges. They start off assuming no knowledge at all with the great Bandit game. It teaches you the basics needed through a series of 26 levels, each one teaching you something new.
Exploit-Exercises
Five virtual machines available from Exploit-Exercises cover everything from Linux privilege escalation to memory corruption. Each come with a set of challenges and documentation.
PentesterLab
An easy and great way to learn penetration testing by providing systems that can be used to test and understand vulnerability. Start with Web for Pentester and Web for Pentester II.
VulnHub
A collection of VMs setup for the purposes of training and learning. Each VM has an aim and a set of instructions to start you out.
Bookmarks
This GitHub page by “jhaddix” covers everything from PenTesting blogs to conferences, from videos to cheatsheets. It can be overwhelming to those who are starting out but take it easy, don’t try to learn everything at once.