the CHEAPEST path to becoming an ethical hacker

00:00

what's up YouTube TCM here back with

00:02

another video and today we're going to

00:04

be talking about the cheapest path you

00:05

can take to become an ethical hacker

00:07

everything you're going to see in this

00:09

video is either going to be a free

00:10

resource or a resource that is no more

00:13

than 30 dollars total I've got lots of

00:16

resources to show you we're going to

00:17

take you from zero to here we're going

00:19

to talk about all the skills that you

00:21

need and the resources that are out

00:22

there in order to make you successful as

00:25

an ethical hacker now we're going to

00:27

take a quick word from our sponsor which

00:28

you should honestly watch because it's

00:30

about ethical hacking and another free

00:32

resource to get into ethical hacking

00:34

which is the reason why we're doing this

00:35

whole video today so if you like the

00:38

video like subscribe comment down below

00:39

all that fun stuff quick word from our

00:42

sponsor then we're going to jump into

00:43

all these amazing resources to get into

00:45

ethical hacking on the cheap if you're

00:48

familiar with my channel you know that

00:49

this channel is primarily about ethical

00:51

hacking and a lot of the newcomers that

00:53

come to the channel think that ethical

00:54

hacking is about just breaking into

00:56

systems and causing as much chaos as you

00:58

can and in reality that's not the truth

01:01

of it what we're trying to do is we're

01:02

trying to find vulnerabilities before

01:04

the bad people do and Report those to

01:06

clients ethically if you're one of those

01:08

people that are new to ethical hacking

01:10

and you're looking to get started sneak

01:12

is offering and ethical hacking 101

01:14

workshop on June 21st not only will you

01:17

get to learn about the tools and

01:18

resources to use to get started but

01:20

you'll also learn about how to

01:22

proactively identify and fix security

01:24

vulnerabilities such as prototype

01:26

pollution or path traversal before they

01:28

can actually be exploited and perhaps

01:30

most importantly you're going to get to

01:32

walk through the process of responsible

01:34

disclosure how do you actually disclose

01:36

findings to somebody that means you're

01:39

going to be able to identify and find

01:41

vulnerabilities but you're also going to

01:43

be able to know what to do if you come

01:45

across one the sneak team will be

01:46

helping you every step of the way

01:48

offering Live support and walkthroughs

01:50

so join sneak's ethical hacking 101

01:53

workshop and June 21st at 11 A.M eastern

01:56

daylight time it's free it's virtual and

01:59

you can register using my link in the

02:00

description below or as seen on the

02:02

screen here okay so let's talk about

02:04

this road map this roadmap is going to

02:06

be from Zero to Hero you need to figure

02:08

out where you're at on this roadmap and

02:10

place yourself there to move forward

02:12

we're going to start with the very

02:13

Basics and move down so we'll start at

02:16

the top of the list and as we progress

02:18

further things get a little bit more

02:19

complex so first things first you need

02:22

to have basic computer knowledge this is

02:24

the equivalent to the CompTIA a plus

02:26

certification any certification I name

02:29

in this video by the way you do not need

02:30

to get though it can be helpful so what

02:33

does basic computer knowledge look like

02:34

well this means hey can you build a

02:36

computer can you fix a computer can you

02:39

identify it by its parts if the answer

02:41

is no you probably need some training in

02:43

this now this type of knowledge is what

02:45

is considered help desk level knowledge

02:46

meaning that if you did get this

02:48

knowledge you could go work on a help

02:50

desk and answer tickets solve problems

02:52

for clients or customers now I'm all

02:54

about cheap or free resources so

02:56

Professor Messer or Mike Myers for all

02:59

the Tia that I'm going to show you is

03:01

highly recommended for Professor Messer

03:03

there are a ton of videos there I do

03:06

find them a little bit dry but hey it's

03:08

free you can't pass that up for CompTIA

03:10

there are two sections there's a 101 and

03:13

a 102 that you need to pass first

03:15

section here does cover all the basics

03:18

hey what's a mobile device what's

03:19

networking what are these basics of

03:22

computers and then in section two we

03:25

start to cover a operating systems how

03:28

do we actually fix some of this stuff

03:30

and we get into the Hands-On break fix

03:33

items which is pretty nice now again

03:36

Professor Messer is free Mike Myers is

03:38

cheap if you go to udemy and I'll link

03:40

all these in the description below by

03:41

the way but if you go to udemy you'll

03:42

see that's 94.99 that's not true udemy

03:45

always runs deals hey courses from 14.99

03:48

you can enroll and get this for 14.99

03:51

when you're looking at udemy courses for

03:53

any course if they have a rating of 4.7

03:56

or better that's usually my threshold

03:58

4.6 maybe the cut off you kind of want

04:01

the higher ratings now Mike Myers is a

04:03

great teacher nothing against Professor

04:05

Messer it's great and he's free it's

04:07

just a little dry Mike Myers explains it

04:09

in a explain like I'm five type way and

04:12

I've always appreciated that about him

04:13

all right moving down the list we've got

04:15

computer networking knowledge so when we

04:18

talk about computer networking can you

04:19

tell me what the OSI model is do you

04:21

know what service runs on Port 22 can

04:24

you tell me what cider notation is or

04:26

can you describe a three-way handshake

04:28

if you thought the last item was a dirty

04:30

joke you do not know what computer

04:32

networking is and that's all right

04:33

because guess what there's training out

04:36

there in terms of resources this is

04:38

going to build you up for what is called

04:39

the network plus now Network plus

04:41

certification could land you a job as a

04:43

junior network engineer this is a

04:45

certification that I got along with the

04:47

a plus and the Security Plus which we'll

04:49

talk about here in just a second and

04:51

this exam only has one exam unlike the a

04:55

plus which had two exams so you come

04:57

through here it teaches you everything

04:58

you need to know about computer network

04:59

working again Professor Messer free Mike

05:03

Myers up here not free but still great

05:05

and then there's also Cisco Packet

05:08

Tracer which allows you to download and

05:11

play with fake networks you can build

05:12

out your own networks it's actually

05:14

really cool and they have training for

05:16

it highly recommend checking this out

05:18

and getting your computer networking

05:20

skills built up you're gonna need these

05:22

if you ever become an ethical hacker

05:23

because a lot of things that we do do

05:25

revolve around networks and hacking

05:27

networks so please do not skip over the

05:29

networking knowledge all right next up

05:31

is the security knowledge or the cyber

05:34

security knowledge we're talking about

05:35

the CompTIA Security Plus here and if

05:38

you get all three of these

05:39

certifications this is what's called the

05:40

Triad this is what I did and again you

05:44

need to know this knowledge but we start

05:45

layering on from what we learned before

05:47

I like to think of the Security Plus as

05:49

the network plus plus it takes a lot of

05:51

Concepts from networking and then layer

05:53

Security on top of them so do you know

05:55

why telnet is insecure same question

05:57

here but do you know what the difference

05:58

between Port 20 21 in Port 22 is what

06:01

about Port 80 and 4043 do you know the

06:04

difference between TLS and SSL which

06:05

one's better which one's newer more

06:07

modern if you don't know that that's

06:09

okay you just need to learn this before

06:12

you try to jump into the deep end for

06:14

ethical hacking this is building on that

06:16

ladder and you need this to get to the

06:18

next step again great resources out

06:20

there I'm sure you guessed it for this

06:22

one again it's Mike Myers and is

06:24

Professor Messer you can't go wrong with

06:26

either of these people for your training

06:29

now it sounds repetitive but these guys

06:31

dominate the a plus net plus Security

06:34

Plus the CompTIA Triad Market all right

06:36

so we're going to get into different

06:37

training vendors here but again you

06:40

cannot go wrong with either of these

06:42

courses and there's just one exam for

06:44

Security Plus okay next up is Linux

06:47

knowledge now we use Linux in ethical

06:50

hacking quite a bit in fact you're going

06:52

to be very well versed in something

06:53

called Kali Linux most likely there's

06:55

also other distributions of Linux

06:57

regardless you're going to need to know

06:59

how to use Linux now Linux to me is like

07:01

learning a foreign language you can go

07:03

and study it all you want and I'm going

07:05

to provide resources but you can study

07:08

and only learn a little bit or you can

07:10

immerse yourself in the environment so

07:11

if you're learning a foreign language

07:12

going to another country and trying to

07:14

learn their language and speak the

07:16

language with them is a lot better than

07:17

just doing Duolingo or some other app

07:19

and just saying hey I know the language

07:21

same thing with Linux you want to

07:23

immerse yourself in the environment

07:24

download Linux use it as your main

07:26

operating system for a week and just see

07:28

the results that you get out of it when

07:30

you have to struggle a little bit to

07:32

learn your way around things now how can

07:34

we learn Linux here's some great

07:36

resources again we're sticking with free

07:37

or very cheap Linux journey is great you

07:40

can come in here and just hey what

07:42

happens if I want to get started command

07:43

line all these things you just click on

07:45

one and it takes you through all this it

07:47

gives you exercises Linux journey is

07:50

fantastic if you want some more practice

07:52

there's something called Over The Wire

07:54

now they have different War Games Bandit

07:56

is one that's made for beginners for

07:58

Linux you you can come in here it gives

08:00

you different challenges hey level zero

08:02

level one and kind of teaches you along

08:04

the way what you need to do to solve

08:07

these problems and even gives you some

08:08

hints you can look these up and find out

08:11

Solutions and that way you can kind of

08:12

game the system a little bit and learn

08:14

along the way which is great and then of

08:16

course full disclosure this is one of

08:18

our courses but we do have a Linux 101

08:20

at TCM Security Academy where it covers

08:23

all of this stuff as well it has five

08:25

and a half hours now Linux is very

08:27

popular you can go out there and learn

08:29

Debian based Linux and just pick it up

08:31

you can actually honestly just learn it

08:33

from YouTube or anywhere else if you

08:35

just pick it up immerse yourself you're

08:37

going to be great but you need to know

08:38

Linux in order to be successful in this

08:40

field okay next up is coding and do not

08:42

let this scare you you do not need to be

08:45

a developer by any means to have a

08:47

successful career in cyber security or

08:49

ethical hacking if you go out and you

08:52

get a computer science degree or you

08:53

have a development background good job a

08:56

plus to you it helps a lot however if

08:59

you are going to be an ethical hacker

09:01

you do need to be able to read code that

09:04

is because we often download code from

09:06

the internet and we do run that against

09:08

systems you need to understand what that

09:10

code does and make sure it's not

09:11

malicious or going to take down a system

09:13

so in order to do that we have to be

09:15

able to read you do not need to be a

09:17

developer to be successful let's take a

09:19

look at some of the resources that are

09:20

available to learn coding okay now for

09:22

coding I do recommend starting with

09:24

python it's a very easy language to pick

09:26

up and be able to read and it's a great

09:28

first language so much so that colleges

09:30

are all switching to python for their

09:32

introductory coding courses and it just

09:34

helps ease you into it so First Resource

09:36

is free code cam fantastic you can come

09:39

here and just search for like python big

09:41

caveat here is make sure that you are

09:44

learning Python 3 if you see anything

09:46

that says python 2 you want to make sure

09:48

that you are not doing that because that

09:51

is now deprecated alright so it shows

09:53

you the dates that these came through

09:54

like hey Learn Python from Harvard

09:56

University that's awesome there are full

09:58

python courses on on here you might have

10:00

to do a little bit of digging this is

10:02

arranged by date so you may have to just

10:04

search a little bit on free codecamp but

10:06

it's fantastic other resources that are

10:09

paid code academy is great they have a

10:11

ton of python resources in here and it

10:13

allows you to actually just type into

10:15

the code onto the screen here in the web

10:19

browser and utilize it that way you

10:21

don't have to download python or

10:22

anything also fantastic they've got a

10:24

lot of resources here you can do a seven

10:26

day free trial without using your credit

10:28

card which is fantastic so also worth

10:30

signing up for I think the pricing

10:32

overall is around thirty dollars a month

10:34

same with Team Treehouse fantastic it's

10:37

free for seven days I do think you need

10:39

to actually use a credit card here is 25

10:42

a month afterwards but they have so many

10:44

different courses and tracks and even

10:46

like degree plans that they have in here

10:48

it's great it's high quality I think

10:51

it's better than codecademy because they

10:53

do teach you video bass but you can try

10:55

both of these for free and see which

10:56

ones you like

10:57

again a little bit of self-promotion we

11:00

do have python courses geared towards

11:02

ethical hacking python 101 is a great

11:04

resource teaches you all the basics and

11:06

then you can move into python 201 and

11:08

get more advanced as you go so just

11:10

depending on the platform your budget

11:12

everything else all these are 30 or less

11:15

and fantastic resources for your coding

11:17

knowledge okay we got all the

11:19

foundationals down we can start moving

11:21

into actually learning ethical hacking

11:23

so let's start with basic hacking

11:25

knowledge we need to understand the

11:27

concepts and just start getting our feet

11:29

wet a little bit when it comes to

11:31

ethical hacking let's look at some

11:32

resources available for that all right

11:34

first and foremost again a little bit of

11:36

self-promotion this is a hundred percent

11:38

free by the way we have a couple

11:40

different versions of our ethical

11:41

hacking course on YouTube so this is

11:44

practical ethical hacking in 15 hours

11:46

this is the most recent this will teach

11:48

you a lot of the basics everything you

11:51

actually need for your basic knowledge

11:52

before you start getting into advanced

11:54

items and we'll talk about Advanced

11:55

hacking in just a little bit but this is

11:57

is hey what do I need for the

11:59

foundational groundwork now this is a

12:02

great course it's broken into two

12:03

sections due to upload limitations but

12:06

it's fantastic this is a branch off of

12:09

the 2022 version which has almost 4

12:12

million views just to let you know the

12:15

quality that goes behind this what goes

12:17

into this is actually the first half of

12:19

our course we have a 25 plus I think

12:21

it's actually up to 27 hours now of

12:23

ethical hacking course and again no more

12:26

than thirty dollars for this you go in

12:28

and you can see all the things that you

12:30

learn and this actually does get into

12:31

advanced hacking more so than just basic

12:34

hacking so we've got hey again here what

12:38

do you do for computer networking what

12:39

do you do with Linux what do you do with

12:41

python we cover a lot of that

12:43

introductory stuff and then we get into

12:45

ethical hacking we get into a lot of

12:47

this stuff here in order to get through

12:49

this and then we get into active

12:50

directory hacking and web application

12:53

hacking and if all this sounds foreign

12:54

that's okay but there's a lot of

12:56

resources available to you and this is

12:58

the type of course that you need in

13:00

order to get into the field and type of

13:02

foundations that you need in order to

13:03

get into the field of work now there are

13:05

some other resources that are free or

13:07

very cheap uh try hack me is my favorite

13:09

out of the two uh try Hackney is great

13:11

it is free to join they do limit you in

13:15

some of the rooms that you can do but

13:16

basically it's like a capture the flag

13:18

style though with some handheld learning

13:20

it kind of walks you through and says

13:22

hey here's your mission go find this

13:25

flag or go figure this out and it's

13:27

fantastic so

13:29

um I think that try hack me is fantastic

13:30

another resource like this is hack the

13:33

Box both of these are free to use and

13:36

then have some premium upgrades involved

13:38

with them a lot of it is CTF style

13:40

meaning Capture the Flag it's not as

13:42

practical but it still allows you to get

13:44

Hands-On keyboard it's a little bit

13:45

gamified and allows you to just get some

13:48

practice and experience and I think

13:49

they're great learning resources if I

13:51

had to give you one try hack me is great

13:53

A hack the box is still not too far

13:55

behind in my opinion okay we've built up

13:57

to the this which is Advanced hacking

13:59

knowledge what do we do above and beyond

14:01

the basics that we've already learned

14:03

well there's a few things we want to

14:05

learn what's called active directory

14:06

hacking we want to learn web application

14:08

pen testing and we want to kind of tie

14:10

those together those are some of the

14:11

expectations you'll need as a junior

14:13

level ethical hacker more so on the

14:16

active directory side than the web

14:18

application side but you will still need

14:20

to know the web application side of

14:22

things let's talk about resources there

14:24

as well all right so the active

14:26

directory stuff I think honestly without

14:28

bias our course covers that better than

14:30

any course that's out there right now so

14:33

I would highly recommend taking that

14:34

course in order to learn active

14:36

directory you can find a lot of

14:37

information out there from blogs like

14:39

this one's from 2018 and it's actually

14:40

surprising how a lot of the basics for

14:43

active directory still work like this

14:45

lmnr attack is still very very common

14:47

really attacks very common So reading

14:50

blogs like this is fantastic as well you

14:52

need to pick up active directory

14:54

knowledge if you're going to be

14:54

successful as an ethical hacker moving

14:57

on to to web application pen testing

14:59

this is very important so it's a

15:01

fantastic resource called portswiger

15:03

Academy and this Academy is a hundred

15:06

percent free it teaches you all kinds of

15:08

attacks through these different modules

15:09

and it even guides you through them and

15:13

if you do want to go through all this

15:14

you can end up actually taking an exam

15:16

if you wanted to as well it's fantastic

15:19

and again like it says 100 free I don't

15:21

think there's a better web application

15:22

resource out there and that's from

15:25

somebody that teaches web application

15:26

pen testing this is just fantastic for

15:28

Hands-On material here another thing for

15:30

web app pen testing that you need to

15:31

know is that the OAS top 10 is out there

15:33

it exists and you should learn it so OAS

15:36

top 10 is the top 10 most common

15:39

vulnerabilities no it is the top 10 most

15:41

critical vulnerabilities that are out

15:43

there so when we do these by security

15:46

risk you look at this there was 2017

15:48

list there's a 2021 list and there's

15:50

going to be a new list coming out very

15:51

soon and it talks about hey what is

15:54

broken access control that's number one

15:55

okay number three is injection what is

15:57

that that mean you can click into these

15:59

how do I fix this you will be quizzed on

16:01

this multiple times I'm sure during

16:04

interviews so make sure you understand

16:05

this what they mean how to prevent it

16:07

those kinds of things because it will

16:09

come up in your interview okay so that

16:11

is a quick rundown of all the things

16:12

that you need to do to study for this

16:14

we're not getting into certifications or

16:16

any of that stuff you just need to put

16:18

in the work and study the foundations

16:20

all the way through hacking and you can

16:22

worry about the rest on your journey

16:23

later this is what you need in the

16:25

resources that are out there and that

16:27

you can do all of which I showed you

16:29

today for under thirty dollars you

16:32

cannot complain about that most of these

16:34

resources are free it's fantastic go out

16:37

there if you want to be an ethical

16:38

hacker jump into some of this free

16:39

training see if you like it get your

16:42

foundational knowledge and just boost it

16:43

up at worst You Come Away with some more

16:45

knowledge you may want to get into cyber

16:47

security down the road somewhere else

16:49

maybe it's not ethical hacking maybe

16:50

it's blue team maybe it's incident

16:52

response maybe it's forensics maybe it's

16:53

something else right maybe it's not

16:55

ethical hacking but a lot of these core

16:57

Concepts apply to other fields of cyber

16:59

security so hopefully you found this

17:01

video useful if you did please do like

17:03

the video comment subscribe let me know

17:05

what other videos you want to see and

17:07

until next time my name is Heath Adams

17:10

AKA The Cyber mentor and I do thank you

17:12

for joining me peace out