Ethical Hacking

Explore & Discover

Start by watching hackers in action — legally. Pull up YouTube and search the **NetworkChuck** channel. Watch his "FREE Ethical Hacking Course" playlist and just absorb what ethical hackers actually do. Visit **HackTheBox.com** and **TryHackMe.com** to browse what beginner challenges look like — you don't need to solve anything yet. Google "famous security breaches" and read about real incidents like the 2013 Target hack. Notice how attackers found weaknesses that defenders missed. Ethical hackers find those same weaknesses first, so companies can fix them. Write down three questions you have about how hacking actually works. You're ready for the next step when you can explain in your own words what ethical hacking is and why companies pay people to do it.

Learn the Basics

Time to learn how computers talk to each other — that's the foundation of security. Watch **Professor Messer's** free CompTIA Security+ videos on YouTube, starting with networking basics. Download and install **Kali Linux** as a virtual machine (search "Kali Linux VirtualBox tutorial" on YouTube). Kali comes preloaded with hundreds of security tools. Learn what IP addresses, ports, and protocols mean using the free **Cisco Networking Basics** course on Cisco's Skills for All platform. Practice using the **ping** and **nmap** commands inside your Kali VM to scan your own home network. You're ready for the next step when you can explain what a port scan does and run a basic nmap command on localhost.

Build Your First Project

Complete your first real hacking challenge on **TryHackMe.com** — create a free account and start the "Pre-Security" learning path. Work through the "How the Web Works" and "Linux Fundamentals" rooms. These teach you how websites and servers are built, which is exactly what you need to find vulnerabilities. Every time you get stuck, search for writeups on **Reddit's r/tryhackme** or YouTube. Set up a simple intentionally-vulnerable web app called **DVWA (Damn Vulnerable Web Application)** on your Kali VM using a YouTube tutorial. This gives you a safe, legal target to practice on. Document every technique you try in a notes file. You're ready for the next step when you complete at least two TryHackMe rooms and successfully log into DVWA on your local machine.

Experiment & Iterate

Now experiment with the three most common web vulnerabilities: SQL injection, cross-site scripting (XSS), and broken authentication. Practice each one inside DVWA on your local machine — never on real websites you don't own. Use **PortSwigger Web Security Academy** (free at portswigger.net) which has interactive labs for each vulnerability type. Install **Burp Suite Community Edition** (free) to intercept and modify web traffic — this is the tool real penetration testers use every day. Try at least five different labs on PortSwigger. Keep a "hacker notebook" documenting what each attack does, why it works, and how developers can prevent it. You're ready for the next step when you can successfully demonstrate a SQL injection and an XSS attack inside your DVWA lab environment.

Advanced Techniques

Level up by working through **HackTheBox** beginner machines and learning real penetration testing methodology. Follow the **PTES (Penetration Testing Execution Standard)** framework — reconnaissance, scanning, exploitation, post-exploitation, and reporting. Learn to write professional vulnerability reports: describe the finding, its severity (use the CVSS scoring system), proof of concept, and remediation steps. Watch **IppSec's** YouTube channel, where he solves retired HackTheBox machines step-by-step — pause and try each step yourself before watching his solution. Look into Utah-based security conferences like **BSides SLC** (held in Salt Lake City) where professionals share cutting-edge techniques. You're ready for the next step when you can compromise a beginner-rated HackTheBox machine and write a one-page vulnerability report about what you found.

Final Project Showcase

Build a complete penetration testing report for a vulnerable machine of your choice on HackTheBox or TryHackMe. Your report must include: an executive summary, a list of all vulnerabilities found with CVSS scores, step-by-step reproduction instructions, and specific remediation recommendations. Format it like a real professional deliverable using a free template from **TCM Security's** GitHub. Record a short screen-capture video walking through your methodology using **OBS Studio** (free). Share your work on a public GitHub profile or post on **r/netsec** to get feedback from the security community. If you're in the Salt Lake City area, look into student programs at the **University of Utah's School of Computing** or **Weber State's cybersecurity program**. You're ready for the next step when you have a complete, shareable penetration test report that a professional could review and understand.