Hello, this is Nithin here. I’m a security researcher / enthusiast and I go by the handle @thebinarybot at most of the places online.
This article about how I started my journey to Cybersecurity and most importantly into this realm of CTFs. This article should be beneficial to you if you’re new to this space.
This entire article is split into three phases, 1. Structuring your path, 2. Taking notes, and 3. Progressing Further
1. Creating your path
Just like a lot of them, I struggled to create a path for me. I didn’t know where to start, where to find proper resources etc.
And that’s when TryHackMe(THM) came and fell right into my eyes. I was lucky enough to get a THM voucher at the first place and that gave me a boost to progress daily as they had this concept of streaks.
But do not worry if you don’t have a premium at THM, just sign up for free and start from Pre Security Path.
To be really honest, THM handled most of the things I wanted to do by myself. I wanted to research more on the certain topics and get a deeper insight before starting, but tell you what, the paths crafted by THM is just perfect.
Start with Pre-Security Course, move to Complete Beginner Path and then do Pentest+. This was my idea, and I was fortunate enough to stick by it.
But apart from THM, I also ended up hustling on INE’s Penetration Testing for Students (PTS) which is absolutely free as well. And practicing these two side by side, I was able to understand how things work and that’s very crucial.
CTFs in general are more of Network Exploration and Exploitation rather than Web Attacks. Coming from a Bug Bounty Perspective it was quite hard to get into CTFs because as Bug Bounty Hunters, we mostly focus on Web Application Attacks.
So for CTFs it’s highly important to know Networks in depth, understand how protocols work and at last understand how the Web works.
Also, do keep the last couple of days in your path to revisit whatever you’ve did. Revisiting really helps a lot and just strengthens your knowledge. It also boosts your morale.
Major takeaway :
I started a #30daysOfHacking challenge in Twitter and that definitely helped me a lot. I’ve always been reserved online, or at least in twitter and never update frequently. And the moment I went out and started telling the world what I was doing, I was able to find 1-2 similar friends with similar interest and that created a sense of healthy competition and the need to push further.
2. Taking Notes
This is one of the most important phases and arguably one of the most underrated and overlooked things. Note-taking is highly important and it has saved me a lot of times.
One of the reasons I was doing CTFs in particular was to get ready for certifications. I had in mind to first start with eJPT and then move to OSCP or something similar and huge. And to keep track of progress and things you’ve learnt from scratch, note taking is very important.
I mainly use 2 apps for note taking and it’s more of a personal choice. You can use whatever pleases you.
When learning at THM I used Notion. I created To-Do lists and structured the things I wanted to do for the next 3 days. Being a minimalist, I created small bullet points after 3 days.
There are certain sections which definitely requires proper note taking at least in my opinion. One of the main areas is Privilege Escalation. Priv Esc is an essential part of exploration and I created seperate notes for Windows and Linux.
This is where Mind Maps come into play. When there’s something huge as Priv Esc I relied on creating
Mind Maps using XMind. This was very important as there;s always a need to look back at Priv Esc as I wasn’t able to remember a lot of things just like that.
Notion and XMind aside, as I was learning PTS, I used hand written notes as they were mostly video content and I didn’t want to switch, take notes and switch back. Instead I just went with the traditional note taking method.
Major takeaway :
I created boards within Notion to map my 30 days progress and To-Do lists for 3 days. It’s always good to have a long term progress mapper such as boards and short-term checker such as To-Do lists. These in particular really helped me.
3. Progressing Further
At this moment, I feel like I have learnt the basics and necessary things to actually get started at CTFs. Yes, you heard me right. Although is really friendly and appealing, Hack The Box (HTB) is often recognized as actual CTF simulation spaces. After learning the basics with THM, it is quite compulsive to jump into HTB.
But at the same time while doing HTB, it’s quite evident that I kept jumping to THM to learn more, check those writeups and see how people do it. HTB doesn’t have a pleasing and a beginner friendly interface and it looks so intimidating at the same time.
For my path towards eJPT, I feel like I’ve covered enough using THM and PTS.
Here’s a list of major takeaways from my 30 days progress :
Associate yourself with like minded people.
Twitter is so helpful in this. I was lucky enough to find a good friend who also happened to start almost at the same time. We kept exchanging a lot of stuff together and it benefited us both. If you don’t find any, feel free to text me @thebinarybot in twitter.
Take notes, please.
Yes, you’ll be amazed to see how much you’ve learnt and once you take notes it’s just so easy to look back and refer.
Since I created #30daysOfChallenge there was a push to constantly update there. And to constantly update I needed to learn, so it somehow created a win-win situation. If not for that, I probably would’ve lost the track somewhere.
It will seem very intimidating and also a little easy at the start, but when you dive deep there will be lots of rooms and boxes that require really huge time to pull it off correctly and at times we intend to burnout. Whenever I felt I was spending more time, I used to take a break and walk to my nearby park with a book in hand. Off screen time helps.
Trust the process.
At last, if you don’t trust the process, then who will ? If you feel things are falling apart, just revisit everything you’ve learnt and tell to yourself that you didn’t come this far to only come this far. As I said before, revisiting strengthens your knowledge and also boosts your morale. Just keep working and you’ll get there someday.
Thank you for reading this article. Feel free to connect with me in twitter @thebinarybot in case of any correction in this article or in case of any query. I’ll be happy to help to the best I can.
Atlast, if you feel this article was helpful and you’re in a position to support / donate, kindly buy me a coffee at : https://www.buymeacoffee.com/thebinarybot