VIDEO
HIGHLIGHT
Log InSign up
The best Hacking Courses & Certs (not all these)? Your roadmap to Pentester success.
SummaryTranscriptChat

The best Hacking Courses & Certs (not all these)? Your roadmap to Pentester success.

Introduction

In this video, David and Rana discuss Rana's background in computer science and web application hacking. They also provide information on how to learn about web application vulnerabilities for free or through Rana's Academy.

Rana's Background

  • Rana Khalil has a bachelor's degree in mathematics and computer science, as well as a master's degree in computer science with a thesis focus on evaluating web application vulnerability scanners.
  • She used to be in software development before switching to application security.
  • She obtained her OSCP certification.

Learning About Web Application Vulnerabilities

  • David mentions that Rana provided information on exploiting the "Broken Access Control" vulnerability in a previous video.
  • The vulnerability is part of a course available on both YouTube and Rana's Academy that teaches how to pen test or hack web applications.
  • Rana offers an eight-hour SQL injection course for free on her YouTube channel, along with other content related to web application hacking.
  • Her Academy provides structured outlines of courses for those who want support or don't want ads. A 50% discount is available through the link provided by David.

Tips for Ethical Hackers

In this section, David and Rana provide tips for ethical hackers, including staying humble and continuously learning.

Staying Humble

  • Ethical hackers should stay humble because there is always something new to learn.
  • Pen testing courses can provide a solid foundation but the field is constantly evolving.

Continuous Learning

  • The more you learn, the more you understand there is to know.
  • Ethical hackers should continuously learn and stay up-to-date with new technologies and vulnerabilities.

Jackery Portable Power Station

In this section, David discusses a portable power station he received from Jackery that can be used for charging devices while traveling or camping.

Features of the Jackery Portable Power Station

  • The device can charge multiple devices at once, including phones and other devices.
  • It can be charged using solar panels, making it useful for outdoor activities.
  • The device is compact and easy to transport.

Conclusion

In this section, David thanks Rana for joining him in the video and provides links to her YouTube channel and Academy.

Links to Rana's Content

  • Rana's YouTube channel provides free content on web application hacking, including an eight-hour SQL injection course.
  • Her Academy offers structured courses with support available. A 50% discount is available through the link provided by David.

Final Thoughts

  • David thanks Rana for joining him in the video.
  • He encourages viewers to check out Rana's content if they are interested in learning about web application vulnerabilities.

Getting Started in Penetration Testing

In this section, the speaker discusses how to get started in penetration testing and recommends some resources for beginners.

Recommended Resources for Studying for OSCP

  • The speaker recommends enrolling in a platform called Hack the Box and following TJ Nell's list of OSCP-like boxes.
  • Retired boxes on Hack the Box have blogs and videos that can help beginners learn from experienced pen testers who have gone through the OSCP certification process.
  • The speaker also recommends IPsec videos by a content creator named Heath Adams, who goes by "The Cyber Mentor" on Twitter.

How to Get Started in Penetration Testing

  • The speaker suggests taking a course called Practical Ethical Hacking by The Cyber Mentor to gain foundational knowledge.
  • After completing this course, the speaker recommends taking two other courses: Windows Privilege Escalation and Linux Privilege Escalation. These courses can be taken from either The Cyber Mentor or another content creator named Tiberius.
  • Once these three courses are completed, the speaker suggests enrolling in platforms like Try Hack Me or Hack the Box to practice solving boxes until you are comfortable with identifying entry points into boxes.

The Value of OSCP Certification

In this section, the speaker discusses the value of OSCP certification and how it provides a realistic environment for learning.

Benefits of OSCP Certification

  • Provides a realistic environment for learning.
  • Allows you to hop from one network to another, simulating real-world scenarios.
  • No prerequisite knowledge or skills required, but some basic networking and Linux/Windows commands will be helpful.
  • Three key skills needed: networking, Linux/Windows operations, and programming/scripting.

Prerequisite Knowledge

  • Basic networking knowledge is essential. CompTIA Network+ is a great resource to learn from.
  • Basic Linux/Windows commands are also necessary. Over The Wire is a good platform to learn from for Linux commands. For Windows commands, download a trial version of Windows VM and practice on your own.
  • Programming/scripting skills are controversial but important in advancing your career as a pen tester. Cyber Mentor's course has sections on programming basics in Python.

Summary

This section summarizes the key takeaways from the previous section.

Key Takeaways

  • Three key skills needed for OSCP certification: networking, Linux/Windows operations, and programming/scripting.
  • Basic networking knowledge is essential. CompTIA Network+ is a great resource to learn from.
  • Basic Linux/Windows commands are also necessary. Over The Wire is a good platform to learn from for Linux commands. For Windows commands, download a trial version of Windows VM and practice on your own.
  • Programming/scripting skills are controversial but important in advancing your career as a pen tester. Cyber Mentor's course has sections on programming basics in Python.

Skills Needed for Web Application Penetration Testing

In this section, the speaker discusses the skills needed for web application penetration testing and whether a degree or certification is necessary.

Necessary Skills

  • Knowledge of developing web applications and reviewing code is important for effective web application penetration testing.
  • Scripting knowledge is essential regardless of the area of pen testing.
  • Research the rules in your country and companies you want to apply to regarding degree requirements. Some countries require a bachelor's degree in any field of IT to be considered for a position.

Degree vs Certification

  • Companies are dropping degree and certification requirements, but it depends on your location.
  • Degrees have value to an extent, but certifications provide more value than degrees according to personal experience.
  • Certifications offer structured learning while self-taught methods work better for others.

Is OSCP Required for Penetration Testing?

This section covers whether OSCP certification is required for penetration testing and its advantages.

OSCP Certification

  • OSCP certification gives an advantage when it comes to recruitment as it shows expertise in pen testing.
  • It is not necessary to be a good pen tester, but it does give an advantage during recruitment.
  • Getting the OSCP certification does not make one an expert pen tester; there is still much more to learn.

Starting Out in Penetration Testing

In this section, the speakers discuss how to start a career in penetration testing and recommend getting the OSCP certification as a good starting point.

Getting Started with Penetration Testing

  • Keep on learning regardless of age.
  • The goal for becoming a pen tester is to get the OSCP certification.
  • General knowledge in pen testing is essential before specializing in a specific field.
  • The OSCP certification provides general knowledge in network and application pen testing.

Gaining Experience

  • The OSCP certification provides experience through hands-on exercises.
  • Gain experience from home using platforms like Hack the Box or Try Hack Me.
  • Download intentionally vulnerable VMS to gain web application security experience.

Conclusion

  • Extracurricular activities related to security can help you stand out when applying for jobs.

Getting Hired Based on Self-Taught Knowledge

In this section, the speaker talks about how they got hired based on their self-taught knowledge and initiative.

Hiring Based on Initiative

  • The person who hired the speaker did so based on their initiative in gaining self-taught knowledge and experience.
  • The speaker did not have an OSCP certification when they were first hired but got it a year later.
  • The speaker listed their self-taught knowledge and experience in their cover letter to get hired.
  • The speaker gave a talk at Beside Ottawa about web application vulnerability scanners which played a role in getting them hired.

Documenting Self-Taught Knowledge

  • At the time of hiring, the speaker had no way of documenting their self-taught knowledge other than verbally answering questions during interviews.
  • After getting hired and obtaining the OSCP certification, the speaker started writing blogs and making videos to document their experience.
  • People reached out to the speaker after seeing their documentation online, leading some employers to waive technical interviews.

Balancing Multiple Degrees, Certifications, Work, and Social Life

In this section, the speaker talks about how they balance multiple degrees, certifications, work, and social life.

Sacrificing Social Life for Career Advancement

  • The speaker admits that they did not have a social life while studying for the OSCP certification and writing blogs.
  • They shut everyone off until completing it while working full-time at the same time.
  • The speaker experienced burnout and health problems due to the stress they endured.

Documenting Experience

  • The speaker emphasizes the importance of documenting experience through LinkedIn posts, websites, GitHub, videos, etc.
  • Employers look for genuine interest in the field when hiring someone.

Starting Out in Penetration Testing

In this section, the speaker talks about the importance of surrounding oneself with experienced individuals and taking time to understand concepts while balancing personal life.

Surrounding Yourself with Experienced Individuals

  • The right group of people is experienced individuals who acknowledge that they don't know everything there is to know about pen testing.
  • When you surround yourself with those people, you become more comfortable within yourself to take your time and not burn out from the first few years.

Taking Time to Understand Concepts

  • It's important to take your time and understand the concepts while balancing it with your social life and personal life.
  • The speaker took a year to prepare for OSCP certification by solving hack the box boxes and documenting them.
  • The speaker recommends taking three courses by Cyber Mentor for a solid foundation in pen testing before practicing on hack the box and try hack me.

Advice for Starting Out in Penetration Testing

In this section, the speaker gives advice on how long it takes to get started in penetration testing, what courses are recommended, and how much experience one should have before going into OSCP labs.

Recommended Courses

  • If you're completely starting out like me, I would recommend taking three courses by Cyber Mentor: Practical Ethical Hacking, Windows Privilege Escalation, and Basic Pentesting.
  • Once you're comfortable with these courses, practice on hack the box or try hack me before going into OSCP labs.

Going into OSCP Labs

  • The speaker recommends spending three months in OSCP labs to learn advanced concepts and practice before taking the exam.
  • The speaker advises against going straight into OSCP labs because they're expensive and there are no solutions to the boxes.

Hack the Box vs Bug Bounty

In this section, the speaker talks about the differences between hack the box and bug bounty.

Hack the Box

  • Hack the box is more useful for network pen testing and is really useful for OSCP certification.
  • It's not very useful when it comes to bug bounty, but some of its boxes do have web applications on them that are vulnerable.

Bug Bounty

  • No bullet points available.

Introduction to Web Security Academy

In this section, the speaker introduces the Web Security Academy and its importance in keeping up with new vulnerabilities.

The Importance of Web Security Academy

  • The Web Security Academy is a free online resource that is constantly updated with new vulnerabilities.
  • It is an invaluable resource compared to any other paid courses out there when it comes to web security academy.
  • The speaker uses it in their videos and YouTube channel.
  • It's how they keep themselves updated on all the new vulnerabilities.

Overcoming Imposter Syndrome and Staying Humble

In this section, the speaker addresses imposter syndrome and staying humble while developing skills.

Overcoming Imposter Syndrome

  • Imposter syndrome is real in this field, most beginners have it, as well as experienced individuals.
  • One needs to be easy on oneself and know that if they're finding vulnerabilities in applications or systems, then they are an ethical hacker or pen tester.
  • The mentality one needs to have is that this field is constantly evolving and changing. Therefore, one will always need to learn new items and materials in this field.
  • Stay humble at the same time; you don't know everything, and there's always something new to learn.

Staying Humble While Developing Skills

  • Constantly learning something new helps with imposter syndrome by validating oneself that they know what they're doing.
  • Surrounding oneself with the right group of people who won't make them feel like they don't have the necessary skills for their job will only uplift them versus breaking them down.
  • There's a place for everyone in this field. If interested in this field, there are tons of resources online.
Playlists: Cybersecurity
Video description

This is your path to becoming a Pentester in 2023. The best courses and best cert. Big thanks to Rana for answering so many of your questions! Thanks for the cool Solar Generator Jackery! Official Jackery website: USA: https://jackery.com/products/solar-generator-2000-pro?aff=116 UK: https://uk.jackery.com/products/solar-generator-2000-pro?aff=116 Amazon: Amazon USA: https://amzn.to/3zEw5EN Amazon UK: https://amzn.to/438Dt9b // Menu // 00:00 - Coming up 00:38 - Sponsored segment 01:48 - Get for Free (or 50% off) Rana Khalil's Academy courses 03:43 - Rana Khalil's background 04:53 - Preparing for the OSCP 07:04 - Best Pentesting courses - roadmap to success 10:54 - Prerequisite knowledge needed to become a pentester 12:00 - 3 Skills you'll need 14:57 - Is basic scripting enough to become a pentester? 15:56 - Do I need a degree or certifications? 18:15 - Is the OSCP required to become a pentester? 22:27 - How to get pentesting experience and landing a job 28:25 - Balancing social life // Take your time 32:14 - Path to OSCP // Recommendations 33:48 - Bug bounty // Portswigger Web Security Academy 35:51 - How to get into the right mentality 38:29 - Conclusion // Rana's courses // Free Web Hacking Course: https://www.youtube.com/c/RanaKhalil101 50% OFF Web Security Academy Course Code: DavidBombal500FF Academy: https://academy.ranakhalil.com/ 8 hour SQL Injection playlist: https://www.youtube.com/watch?v=1nJgupaUPEQ&list=PLuyTk2_mYISLaZC4fVqDuW_hOk0dd5rlf // Previous video // Broken Access Control: https://youtu.be/WqbrB12Jvgc // Rana's OSCP journey // https://rana-khalil.gitbook.io/hack-the-box-oscp-preparation/ // Book Rana Recommended // Web Application’s Hacker’s handbook 2nd Ed by Dafydd Stuttard: US Link: https://amzn.to/3J90wZa UK Link: https://amzn.to/3J7H2UT // TCM-Security Course Discounts and Affiliate Links // Get 25% off courses and 10% off PNPT with coupon code: BOMBAL2023 Practical Ethical Hacking: https://davidbombal.wiki/tcmpeh Windows Privilege Escalation for Beginners: https://davidbombal.wiki/tcmwpe Linux Privilege Escalation for Beginners: https://davidbombal.wiki/tcmlpe Open-Source Intelligence (OSINT) Fundamentals: https://davidbombal.wiki/tcmosint The External Pentest Playbook: https://davidbombal.wiki/tcmepp Movement, Pivoting, and Persistence: https://davidbombal.wiki/tcmmpp Python 101 for Hackers: https://davidbombal.wiki/tcmpython Linux 101: https://davidbombal.wiki/tcmlinux Practical Malware Analysis & Triage: https://davidbombal.wiki/tcmmalware Mobile Application Penetration Testing: https://davidbombal.wiki/tcmmobile Python 201 for Hackers: https://davidbombal.wiki/tcmpython201 Practical Web Application Security & Testing: https://davidbombal.wiki/tcmweb Practical Windows Forensics: https://davidbombal.wiki/tcmwinforensics GRC Analyst Master Class: https://davidbombal.wiki/tcmgrc // TCM-Security Certifications // https://certifications.tcm-sec.com/?ref=36 If you are current/former military, students, teachers, and first line responders (doctors, nurses, EMTs, etc.) you can get 20% off TCM certifications. Email support@tcm-sec.com for that discount if you qualify. // Tib3rius courses // - Windows Privilege Escalation: https://www.udemy.com/course/windows-privilege-escalation/ - Linux Privilege Escalation (Tib3rius): https://www.udemy.com/course/linux-privilege-escalation/ // IPsec // Recommended YouTube channel: https://www.youtube.com/@ippsec // Rana's SOCIAL // Twitter: https://twitter.com/rana__khalil Academy: https://academy.ranakhalil.com/ Youtube Channel: https://www.youtube.com/c/RanaKhalil101 Medium Blog: https://ranakhalil101.medium.com/ Rana Intigriti Interview: https://www.youtube.com/watch?v=stXkOBZsNYo&ab_channel=intigriti // David's SOCIAL // Discord: https://discord.gg/davidbombal Twitter: https://www.twitter.com/davidbombal Instagram: https://www.instagram.com/davidbombal LinkedIn: https://www.linkedin.com/in/davidbombal Facebook: https://www.facebook.com/davidbombal.co TikTok: http://tiktok.com/@davidbombal // MY STUFF // https://www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com pentest pentester hack hacker hacking ethical hacking ethical hacker course ethical hacker Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! Disclaimer: This video is for educational purposes only. #hacker #pentester #hack