Getting started with ethical hacking

Table of contents

• ITUnderground
• What’s a CTF?
• CTF Categories
  • Cryptography
  • Forensics
  • Web Hacking
  • Binary Exploitation - Cybersecurity subject
• Resources to learn hacking
  • ITUnderground CTF
  • PicoCTF - Hands on with CTF challenges
  • Hack The Box
  • TryHackMe
• Mentality
  • Operating systems
    • Virtual machine
    • WSL
    • Linux and why we use Kali

ITUnderground

Who are we and what do we do? Read the “Who Are We” page here. At itunderground we mostly look at CTFs so this page will explain what CTFs are, and where you can get started. Feel free to ask about anything either in real life or on discord.

What’s a CTF?

A CTF (Capture The Flag) is a jeopardy style hacking competition. Jeopardy style means that there are a number of challenges in different categories, each with a number of points. The more difficult the challenge, the more points you get for solving it.

The goal of each challenge is to capture the flag. “Flag” usually means a short string in the format "name{flag}" where name is the name of the competition, and flag is some text related to the challenge solution. In a challenge where you have to hack into a server for example, the flag might be located in /home/user/flag.txt, and in a crypography challenge you would get the flag upon decoding some string.

Tip: Since almost all flags are in the format name{flag}, a common tactic is to look for substrings like name{.

CTF Categories

CTF challenges are almost always divided into categories, and people often pick challenges based on the category and difficulty that they like. Here are some of the most common ones.

Cryptography

The art of sending secret messages.

It’s basically math. If you are good at math, you will probably be good at cryptography. ComputerPhile has interesting videos on the subject. But here hands on is super important. See the PicoCTF for challenges.

Forensics

Looking through data dumps and being able to locate important data among massive amounts of garbage.
This could be something like digging through a hard drive backup or recovering data from deleted files.

Web Hacking

Web hacking is probably one of the easier categories to get into. The only tool you need to get started is your browser.

Burpsuite is a great tool for web hacking, and it’s free to use. It’s a proxy that allows you to intercept and modify requests. If you don’t know what that means, NetworkChuck has a great playlist on networking and how the web works.

Binary Exploitation - Cybersecurity subject

LiveOverflow is a YouTuber that specializes in ethical hacking, and he has a lot of great videos on his channel. This playlist is a great place to start if you want to learn binary exploitation.

Note that this is probably one of the harder categories to get into.
Common tools include Ghidra and gdb.

Resources to learn hacking

These are some of the good places to get stated or improve at ethical hacking.

ITUnderground CTF

This is our own CTF that we always have open. The best part about starting here is that we can always help out, since we made the challenges. We don’t have a ton of challenges in every category, so make sure to also check out other resources.

PicoCTF - Hands on with CTF challenges

PicoCTF is a great place to start if you are new to CTFs. It’s a giant collection of CTF challenges, and it’s free to sign up. - hint that sorting by most solves is a good way to start.

Hack The Box

Getting hands on is super important. HackTheBox is a great way to try hacking into realistic systems. Be aware that this is not the most beginner friendly site. Start here once you’ve made an account.

If you can solve medium to hard HackTheBox machines you can probably hack real things too.

You can sign up for free, and there are a lot of great resources online to get started. Ippsec is a YouTuber that specializes in HackTheBox, and he has a lot of great videos on his channel.

TryHackMe

Kind of like HackTheBox, but more reading. It’s a great place to start if you are new to hacking.

Mentality

Here at ITUnderground we try to be as helpful as we possibly can, but the best way to learn cybersecurity (or just programming for that sake), is not hand-holding. Trying things yourself, Googling, reading documentation and ChatGPT when everything else fails is the best way to learn. We will try to provide you with the tools to get started, and we will help you, but you have to put in the work yourself.

You should not feel the need to learn these things, but the want to.

Be curious!

Operating systems

We do not want to decide what operating system you use for your own machine. But when we are doing ethical hacking, pentesting, ctf and so on. We do recommend using either a virtual machine, wsl or just running a linux distro on your machine.
We will usually recommend having an installation of Kali Linux, whether that be in a VM, dual-boot or in WSL.

Virtual machine

For Windows we recommend either VMware or VirtualBox. Personally I like VMware more. On MacOS we recommend UTM.

Kali can be installed in VMware, VirtualBox and UTM.

WSL

For Windows, WSL the most convenient way to get started. You can follow our Kali Linux WSL setup guide to get started.

Linux and why we use Kali

r33l br0s use arch btw. Just kidding, but understanding linux is a very sought after skill in the IT industry. The easiest way to learn Linux is to use it. So if you are up for it, you can install a Linux distro on your main machine, but it’s not a steadfast requirement for learning to hack.

Dont install Kali as your main distro - just use a vm (see the two sections above).

Kali is designed exclusively for hacking, not for daily use.

If you want to run Linux and are just getting started, Linux Mint or Ubuntu is probably for you. If you want to go hardcore and build your operating system from scratch, you can try Arch Linux.

If you’re fine with current OS and just want to use Linux for hacking, refer to the above sections.

Dual booting is also an option, there are plenty of guides online.