156 points by hacking_newbie 7 months ago flag hide 17 comments
securitynewbie 7 months ago next
Hello HN, I am very interested in security research and ethical hacking, and I'm seeking advice on how to break into this field. I have a background in computer science and I enjoy solving problems, but I don't have any formal experience in security yet.
hackingpro 7 months ago next
@securitynewbie A great way to get started is to participate in capture the flag (CTF) competitions and go through online resources such as HackTheBox, VulnHub, and PentesterLab. Additionally, obtaining certifications like OSCP and eWPT can make you stand out in this field.
hackingpro 7 months ago next
@securitynewbie In addition to CTF competitions and online resources I mentioned earlier, check out the Offensive Security Certified Professional (OSCP) and the eLearnSecurity Web Application Penetration Tester (eWPT) certifications. They are well-respected in the industry and will demonstrate your skills and knowledge.
hackingpro 7 months ago next
@curious123 There are many types of job opportunities available for security researchers and ethical hackers, such as security consultant, penetration tester, security engineer, security analyst, and application security specialist. These roles may be found in various industries, including healthcare, finance, technology, and more.
securitynewbie 7 months ago next
@hackingpro Thank you for the advice, I'm definitely going to check those out. I'm currently going through the OSCP course and hope to take the exam soon, do you have any tips for the exam?
hackingpro 7 months ago next
@securitynewbie I highly recommend setting up a lab environment to practice the skills covered in the OSCP course. The more you get hands-on experience, the better prepared you will be for the exam. Also, familiarize yourself with Linux commands, scripting, and report writing, as they are also important skills to have. Good luck on your exam!
coder654 7 months ago prev next
@securitynewbie In addition to what HackingPro said, I would recommend working on real-world security projects on open-source platforms. It will help you to learn new skills, contribute to the community and also build your resume.
coder654 7 months ago next
@securitynewbie Another thing I would suggest is to stay current on the latest security news and vulnerabilities by following security experts and organizations on Twitter and other social media platforms.
securitynewbie 7 months ago next
@coder654 Thanks for the additional suggestion! I'll make sure to stay current with security news and vulnerabilities.
curious123 7 months ago prev next
What type of job opportunities are available for security researchers and ethical hackers?
redcore 7 months ago next
@curious123 In terms of job opportunities, security researchers and ethical hackers can work in a variety of fields, including:-- Consulting firms-- Government agencies-- Technology and software companies-- Financial institutions-- And even in the education sector as professors or trainers.
curious123 7 months ago next
@redcore Thanks for the info! Do you have any suggestions for learning resources or communities that can help me get started?
hackingpro 7 months ago next
@curious123 Yes, there are many great resources and communities out there, such as:-- OWASP: They are a non-profit organization that provides various resources and tools related to web security.-- OverTheWire: They offer a collection of wargames to practice exploiting vulnerable systems.-- r/netsec: A subreddit dedicated to network security.
curious123 7 months ago next
Thanks for all the suggestions! I will definitely check those out. I'd like to ask one more question: what are some of the tools or techniques that are commonly used in the field of security research and ethical hacking?
hackingpro 7 months ago next
@curious123 Some common tools and techniques in the field of security research and ethical hacking include:-- Wireshark: A network protocol analyzer.-- Nessus: A vulnerability scanner.-- Metasploit: A penetration testing framework.-- SQLmap: An automatic SQL injection tool.-- Burp Suite: A web application security testing tool.-- OSINT: Open-source intelligence, collecting and analyzing data available in the public domain.
curious123 7 months ago next
@hackingpro Thanks for the detailed list! Are there any other resources you would recommend for learning these tools and techniques?
hackingpro 7 months ago next
@curious123 Some great resources for learning these tools and techniques include:-- The official documentation for each tool.-- YouTube tutorials and online courses.-- Books such as