Learning resources
I've included website links in every section, but here's a list of other things I've found helpful for overall learning. Yes, there are lots of great video tutorials but I can't seem to watch videos because I zone out, so you won't find any video recommendations here.
You can't really learn hacking without doing it. Books are great for theory, but you'll pick up techniques a lot faster by trying them out. You'll also learn a bunch of extra stuff unintentionally because things never work exactly like the documentation and extra research is usually required.
I started out trying to build my own vulnerable virtual machines for practice, but 90% of my time was spent troubleshooting VMWare, downloading operating systems and configuring things - not actual hacking. Not saying it was a waste of time, but it did slow me down. Pre-built labs remove that step entirely and let you focus on hacking techniques, so that's why I recommend them.
Virtual Hacking Labs - This is an amazing lab platform because you can go in barely knowing how to use Linux and come out with a lot of confidence and huge bag of hacking tricks. The textbook is great and the lab machines are diverse and interesting. I got my certificate (20 boxes solved) in about 3 months.
Hack The Box - Another great site to practice hacking techniques, but I wouldn't recommend it for total noobs. After solving about 25 boxes on VHL, I felt pretty comfortable doing puzzles on HTB. And the points system is really addictive...
I like learning from books, so I bought a lot of them. Most of them were useful right away, some became useful only after I'd learned some fundamentals.
CompTIA Security+ All-in-One Exam Guide, Fourth Edition - I passed Security+ a couple of months after I started working in cybersecurity, and this book was a huge help. You can check out my study notes here. Even if you don't take the exam, this book is a great overview of different security disciplines. It helps you understand where penetration testing and red teaming fit in with areas like compliance, physical security and enterprise governance. If you're studying for Security+, you should probably check out a later edition.
CompTIA Network+ Certification All-in-One Exam Guide, Seventh Edition - I didn't take the Network+ exam, but I read this book cover to cover while I was studying Security+, because a lot of OG hackers were saying the young whippersnappers didn't understand networking. Knowing networks is fundamental for mastering later concepts and tools quickly, such as service enumeration and nmap.
The Code Book: The Science of Secrecy from Ancient Egypt to Quantum Cryptography - This book was recommended to me while I was studying cryptography for Security+. It covers all the same concepts, but is way more interesting with historical context, especially the Enigma machine and the impact of quantum cryptography.
How Linux Works - Don't try to read this book cover to cover, you'll go insane. Instead, when you start working on kernel exploits and other Linux privilege escalation techniques, flip to the relevant chapter and have a bunch of aha moments. That's what I did.
Advanced Penetration Testing: Hacking the World's Most Secure Networks - I started reading this book after I'd done some basic reverse shell and privesc stuff. All the cool kids were talking about C2s and moving laterally, and I just wanted to know how all the techniques fit together. This book explains the process in detail, but stays technology-agnostic because tools go out of date so quickly.
Deep Work: Rules for Focused Success in a Distracted World - This book will help you organize your time and environment to learn hard things quickly (hacking or otherwise). I'm already pretty disciplined, but I picked up some good tips. The main one: get away from social media.
Last modified 6mo ago