First things first, dispose of any conception you have of what a hacker is. At its most fundamental level I think a hacker can be defined as: Someone who accomplishes a task in an unexpected manner. This is the definition I will be sticking to here.
You might be asking yourself, why should I trust you? Who am I? What have I done? All great questions. Well I’m not some elite pentester, or got a lot of vulns under my belt. But I do have a decent grasp on the basics to be sure.
Ok everyone gone? Cool, the basics are what allows you to succeed. The difference between a “script kiddie” and a “hacker” is understanding what they are doing, why, and how it works.
A lot of people seem so interested in the what, or the how, but not as much the why. That’s because the why is often the part that makes you learn everything from C to python, from linux to Windows, from udp to tcp/ip. But I will tell you this. If have an appetite for knowledge and are ready to jump in then follow me down this rabbit hole.
To get started my suggestion is to learn how to use Windows better. Specifically learn the command prompt, PowerShell, registry editor, group policy editor, and if you can, the api calls for windows itself. why windows first? because most of you are probably most familiar with it.
next you will want to study mac and see how it works, get a hang of the terminal. then move onto linux, learn the tools and its pros and cons, find out why rm -rf / is a bad idea. install and uninstall programs, break linux and fix it. absorb all tje knowledge you can, and stay away from kali, your not going to need it.
now that you know windows, macos, and linux we can move on to programming. here you want to learn a few languages. i suggest one scripting language, a database language, and a compiled language to start. some scripting languages are: python and perl. as for database, i highly suggest SQL and for the compiling language i wholeheartedly prefer C. No i dont mean C++ I mean C. The reason being that C has far less overhead thus making it easier to decode your code when it comes to disassembly and reverse engineering.
Once you have a decent grasp on that, dive head first into the wonderful world of networking. learn the most common ports, learn the protocols, and find how to make your own computer and network secure. if you want to get into security, we must first know what a well secured network looks like, only then might we be able to spot what a vulnerable one looks like. more importantly, then we can understand why it is vulnerable.
so far thats a lot of stuff to learn right? yeah it is. this isnt something you can pick up in a day, a week, or months. its a process. does that sound like too much work?
if it does, and you are looking for a shortcut and dont want to go through all that, then go take your udemy courses, go read your book on just pentesting, good luck to you. but you wont ever be able to get a job like that sorry. if you decide to follow this advice than you have the respect of every computer security expert out there i know, because you are finally on the right track.
now for some more interesting stuff i suggest looking into assembly for x86 and 64bit architecture. to make it more interesting, set up a honeypot with your new skills and RE some malware. that will teach you assembly. learn how computers really work on the machine code level. this is the skill you need for developing your own payloads and exploits.
then move on to kali finally. learn how buffer overflows can be exploited, how do structured exception handling exploits work? can you make your program crash and display deadbeef? Great, your almost there. start reading more vulnerabilities, not just for info on how to exploit it, but how and why they work.
Eat, sleep, and breath all of what you have learned and never stop consuming information. find a preference for vim or emacs (required) and learn mfsvenom, learn apache, iis, and any other servers you can. have fun with nmap and dont be stupid. Master metasploit and go crack some boxes on ctf sites.
continue to always look for more books to read, more videos to watch, more bugs to exploit, and new tools to use. but never forget why you are doing something.
if youve gotten to this point you have gotten farther than probably 99.99% of all people who ever venture out to learn hacking. now is when you can begin to consider yourself not just another noob fumbling in the darkness.
from this point onwards, your education isnt so rigid, you can choose a specialty, learn more, and never stop doing so. And always remember, everything can be hacked, so good luck.
i hope you enjoyed this admitedly ranting and probably full of typos post. I hope it helps set some of you on the right path. as for resources to use? well i always prefer books, especially the longer ones that explain more.
specific books? sorry but i dont got a ton of reccomendations, i will tell you that you dont always want to rely on one source for anything.
Thanks again and good luck.
edit: will add resources when i have time in a few hours. sorry i wrote this on the way to work