Taking as opportunity the recent re-design of my site, I decided to answer (or at least try) one of the most repeated question I get: How can I switch my career to IT security / "hacking"?
Learn all the things
A good friend of mine game me that answer for question about a particular research on hardware security. I was so frustrated that didn't understand a thing about and was looking for a way out with the thought: "Would be worthy to learn this?".
Frustration is one of the things that we must deal on a daily basis on this path, because there is so much learning involved on everything you want to test or achieve, but its so rewarding when you, at the end of all the pain, get a shell, or just get a program to act contrary of its original purpose.
Lets workout the bases first
Before jumping into Virtual machines and CTF's, make sure that you have a strong programming language, specially with the Python language. Its more easy than you may think, since python is one of the most "easy to learn" languages you can see around. You can visit my old Python Crash Course where you can actually learn the language by doing.
Once you are done, the next in the list is to catch up with some networking knowledge. Just grab a simple networking basics tutorial, where you can learn from what is an IP address, to what are sockets and ports, and how can you play with them. Will try to post soon a tutorial for this on a "learning by doing" way.
Don't forget about Linux
Yes, you will need to polish your Linux powers, and specially the command line. But of course, there are so many tutorials around that you will up and running in no time.
My suggestion, the Kali Free course where you can also get a free copy of the Kali Revealed Book.
Take your time with the course, since it contains a LOT of information and complete all the exercises (you can see the solutions there). This will grant you the required knowledge for one of the most used tools in the IT Security Industry.
If you are already done (but seriously, no skipping allowed), lets continue the learning with your first vulnerable application for research and fun:
DVWA - Damn Vulnerable Web Application.
After you complete the challenges of this site, the next "Level Up" will be complete your first CTF's (capture the flag) at:
Vulnerable By Design ~ VulnHub
Let's talk about!
Do you like my selection for starters? Do you have a better approach / idea? Hit me on twitter, will love to get more points of view in this popular question.