How to become an ethical hacker for free in 2024

What even is “hacking”?

Whenever I mention the word “hacker”, or “hacking”, people with no knowledge in the domain of IT, would picture something like the image from above.

A wizard techie that can break into any systems while random greenish characters fall on their black terminal.

While Google states that the definition of hacking is simply “the gaining of unauthorized access to data in a system or computer” , I’d say that is not always the case. From my point of view, the definition of hacking is “getting something (typically a computer system but not limited to this) to perform an action it was not supposed to”.

Picture, there’s an ATM at the local gas station. The ATM is supposed to receive and dispense money. However, that has to happen under a set of conditions. Firstly you put in the credit card. Then, you provide a sort of password to prove that you in fact, own that credit card, which in this case is a PIN number. Then, the amount of money you want the ATM to dispense , needs to be aligned with the number of money you have on the credit card (obviously it is more complicated than that, but let’s just keep things simple). However, what would happen if I were to ask the machine to dispense 250$ , while my credit card’s balance is 200$. That is the mindset of a hacker, and if you manage to get the ATM to dispense more money than you actually have, you have successfully hacked that system.

That is how a hacker thinks. You are dealt with a piece of software/hardware (really, anything), and you must get that system to do something it was not meant to do. Obviously , the desired goal is to pop a shell like , but that is NOT the definition of hacking. Hacking is not only about popping shells and “gaining unauthorized access to computer systems”. It is about tinkering,testing and finding logic flaws inside software/hardware and even people.

The reason why I am rambling about this, is because I want you to know what you’re getting yourself into before committing to it. Hacking is hard, it requires a lot of hard work and dedication , and unfortunately it’s not like the Hollywood scenes. (for a more accurate portrayal of hacking , check out the T.V show : Mr. Robot)

How to become a hacker?

In order to hack something, you must understand it very well. This is why, before you start studying and practicing the art of offensive security, you have to understand basic technologies to begin with.

Self-plug here :

You can skip ahead reading through this article by joining my Discord community . There , I have put together a free “Foundations for Hackers” course that will teach you everything you need to know before getting started into hacking.

Basic computer knowledge

This one should be pretty obvious. You gotta’ be good with computers. Personally, when I first started getting into hacking, I was already pretty good and knowledgeable about computers, however that is not the case with everyone.

The equivalent to this , is probably the Comptia A+ certification. You don’t need the cert, you just need the knowledge that you need to pass the certification.

The go-to free resource to learn for the Comtpia certifications for absolutely no cost, is definitely Professor Messer

-> bit.ly/comptiaacourse

Networking knowledge

Networking,networking,networking. You need to understand how computer systems communicate with each other. You need to know different protocols and how they work.

For this , you can go for the Comptia Network+ certification.

-> bit.ly/3OesJka

Linux skills

Operating systems based on the Linux kernel, is what we use on a day-to-day basis as hackers. Probably 99% of the tools and software we use in penetration testing engagements are meant to run on Linux.

Most web servers run Linux. There are multiple reasons for this, however, for now it’s just important to know that Linux powers a lot on the internet. You are running Linux and you don’t even know it. If you own an Android, you run Linux. It’s very crucial to be fluent in Linux and to be able to navigate this wonderful operating system.

In my opinion, the best way to learn it , and this is how I did as well, is to just wipe Windows off your computer, and load a bootable USB flash drive with Ubuntu/Linux Mint. (You should start off with one of these two because they aim to bring beginners into the world of Linux, so you might find it easier to use them) . If you want a desktop environment change, then opt for Ubuntu. If you still want that Windows “feel”, then go for Linux Mint.

Resources to learn Linux :

Home | Linux Journey

Security basics

Before you delve into the world of hacking, you must first understand the basic concepts and technologies implied with cybersecurity.

A great place to learn this for zero cost, is still , Professor Messer. There is another Comptia certification, known as Security+. It aims to teach you the basics of cybersecurity, which is exactly what you need at the moment.

bit.ly/3JYCyjv

Coding??

While I personally know how to code, and have developed software in the past (I’m currently working on new tools), I would say that coding is not necessary to be a good hacker.

Is it a good skill to have? Sure. Is it necessary? Not really.

What you will need to learn however, is basic scripting. This can be basic bash/powershell scripting, or even Python. You need to know a little bit of scripting.

However, the most important part in this field, is not to write code but to be able to read and understand it. So you will need to understand code. There’s a big difference between being able to code software , and to analyze and read code from another programmer. This is important, due to the common security practice known as “code analysis”.

For this, you can just look up coding tutorials on YouTube and you’ll find what you seek.

Hacking

Finally, the good stuff. A lot of hard work to get here, yes, but it is worth it.

Now, how can you learn hacking by yourself, for absolutely free? Just google it lol.

But seriously though , here is objectively the best resource that will hands down teach you everything we had talked about + the hacking knowledge.

The first part will teach you the foundations we had talked about earlier and the second part will teach you the basics of hacking. OSINT (passive recon), active recon, vulnerability scanning, exploitation and even Buffer Overflow exploit development. Hands down, the greatest free resource .

Where to go from here??

If you have studied and mastered the basics of the subjects from above, you are now stepping into the advanced territory .

Honestly, there are a lot of areas in hacking that I might have not even heard of. It ranges from hardware exploitation , to exploit development , to hacking cars and planes.

In my opinion, there are two main types of pentesters:

• Generalists
• Specialists

Here are the most common penetration testing roles and activities :

• Network Penetration Testing (external and/or internal)
• Web Application Penetration Testing
• Physical Penetration Testing
• Social Engineering Testing (it typically falls hand-in-hand with physical pentesting)

Disclaimer : I acknowledge the fact that there are many more niches in the pentesting/ethical hacking field, however, these are the ones that are most common.

These are the most common job roles you’ll have to do as a penetration tester. Now, I myself try to learn as much as possible everyday about this subject, so I am on my way of becoming a generalist. This means I have and am still learning about all of these subjects, be it : website hacking or AD hacking (active directory), I am trying to learn as much as I can. However, this doesn’t have to be the case for you since there are many specific jobs out there (i.e “Looking for WebApp Pentester”/”Looking for network pentester”).

The choice is yours and yours only!

As for the resources available to study these advanced topics, unfortunately , there aren’t many. However, there are some that will get you started into the advanced territory. Here are some for each category :

Network Pentesting :

• Again, from The Cyber Mentor, here is a free course on YouTube that aims to teach you the basics of network penetration testing
• hausec ; great blog to learn from regarding AD pentesting
• AD hacking training is not really that available for free in a nice , easy to digest format. You will have to either : spend a lot of time , read a lot of articles, watch a lot of youtube videos etc. , or spend a some money on paid training. do your own research here

Web Application Pentesting:

• When it comes to website hacking, by far the greatest free resource that cannot be surpassed and hasn’t been surpassed for the past years , which is 100% FREE and has labs included is the PortSwigger Academy . It is truly amazing and I can’t seem to understand how they are sustaining this project without charging any fees , and from what I recall , there are no ads there either. Absolutely great resource from the creators of BurpSuite and it’s one that you should first check out.
• If you still want that “video-course” format, then you should check out , once again, TCM’s free course on YT teaching the basics of web hacking.
• Also , you should check out the following content creators : NahamSec, Rana Khalil , STÖK and other creators that specialize in web hacking.

Physical Pentesting & Social Engineering :

• I’ll put these ones into the same category. I am not really knowledgeable about physical pentesting, however I do have skills in SE (social engineering).
• Social Engineering is one of my favorite fields in hacking. It is amazing how you can literally hack people. It is the art of human hacking.
• I don’t free resources on this topic, however I can recommend to you the following books & course :

By far the greatest books of all time covering this topic , has to be Christopher Hadnagy’s , “Social Engineering: The art of human hacking” .

Another book that I’d like to recommend to you which is not necessarily about social engineering, rather dark psychology. You might of heard of it, it’s “The 48 laws of power” by Robert Greene.

Like I said, it does NOT cover any technical details you will need to be a successful social engineer (to be a good SE , you must also know the technical portion of the equation), but it will help you understand human psychology and the dark ways in which people operate, giving you the upper hand in the presumed manipulation and tricking tactics that you might use in a social engineer attack. This especially works in combination with physical pentesting, since the social engineer attacks will be IN-PERSON. I would like to mention once again that this book does NOT teach you hacking .

• A great course by zSecurity teaching social engineering. It teaches you tactics and techniques that hackers might use in real life scenarios in order to gain unauthorized access to any sort of data,accounts and computer systems (sky is the limit).

And here we come to the end of the article. I would like to remind you that this is by no means an all-inclusive guide to becoming a “master hacker” (incredibly cringe terms used by actual teachers and content creators in this field). The purpose of this article is to get you into good shape in the most common fields in the world of hacking! The sky is the limit. If you decide to learn how to hack automobiles , then you shall do that. The information that is absolutely required for ANY kind of hacking, is “Basic Computer skills (A+), Computer Networking (Network+), Linux and basic hacking. After you are comfortable in these areas, then you can consider choosing in which area you want to specialise in / become a generalist.

I hope this article helped you and good luck in your , hopefully ethical hacking career .