[Txmm]

"It’s also a huge field. Try checking out security in your current discipline."

I'm actually 15 at the moment with basically no experience besides messing around with kali tools like a script kiddie.

Got any tips for programming languages to learn/where to learn?

I appreciate the post!

[raesene9]

In terms of languages I'd echo the sibling comment, Ruby or python are likely to be good choices.

If you're looking for things to start getting into security type learning, you could do a lot worse than start with CTFs (https://ctftime.org/ctf-wtf/) Whilst they're not identical to what you'll face as a security tester, they cover a lot of similar skills. Also you'll likely meet people in the industry by doing them.

There's also sites like https://pentesterlab.com/ which have free examples of pentesting challenges.

[Txmm]

Hmm those look very interesting. Thanks!

[graystevens]

Take a look at either Ruby or Python - both have huge userbases in general, but are also used regularly within the business.

A lot of quick scripts are written in Python - you may have noticed this in Kali.

Ruby is what metaspoilt in built upon, meaning a lot of the modules are also ruby.

Both are great languages. In regards to where to start with learning them, take a look at https://www.codecademy.com, both are featured there and give you a nice gentle introduction to their syntax and ways of workings.

Also for Python there's https://learnpythonthehardway.org which is awesome, and https://automatetheboringstuff.com which is a little more practical to begin with.

Once you feel comfortable with the language(s), go read the source code for those scripts or modules in Kali and see what else you can pick up.

[Txmm]

Thank You!

[brightball]

For some interesting reading, go pick up a Kevin Mitnick book like Art of Intrusion. It's not a technical how-to but a collection of social engineering stories that are fun reads. Gives you a lot more insight into where the real vulnerabilities are.

[HakureiSec]

You have a long but very interesting road before you. Infosec is huge. Lesley “hacks4pancakes” Carhart has a great series which provides an overview of what you can choose from: https://tisiphone.net/2015/10/12/starting-an-infosec-career-...

If you're serious about infosec and not just want to run tools and call it a day, I suggest covering the basics first:

- programming: would be cool if you learn not only some language but programming “as art and mindset” in general. This includes your typical Computer Science courses, algorithms etc. Great if your school or university teaches those but you can always fall back to online education platforms.

When it comes to language, I'd recommend Python over Ruby. Granted, the latter powers Metasploit, but a lot more tools and wrappers around tools are written in Python. Once you know Python, creating Metasploit modules won't be a problem because a lot of things are handled by the Metasploit Framework.

Also, this comes from a highly subjective Python developer but suggest to learn Python 3, despite a lot of infosec tutorials and tools still using Python 2 (e.g. socket programming). It's easy to fall back to Py2 if you need but you'll have the power of latest and greatest if you go Py3 because not everything is backported. Most books contain a lot of useless material and are pretty slow-paced and I'm not a fan of “Learn Python The Hard Way” either. I personally started with “Learning Python” by Mark Lutz; after about a third into the book I ditched it and just went practicing and googling for answers. Cannot vouch for “Automate the boring stuff…”. You do you but in the end it all comes to practicing.

- networks: almost as important, if not more important than programming. Web pentesting, internal network pentesting, malware reversing, DFIR, even some part of exploit writing constantly interact with networks and analyze traffic.

- OS: for starters, tinkering will be enough. Familiarize yourself with Windows (console, registry) and some flavour of Linux (shell, permissions, important files etc.), preferably Debian-based because they are popular in CTFs and tutorials. Install and configure some software like web servers, databases, development environments to get the hang of it.

Where to learn:

Google, obviously.

https://pentesterlab.com/ is great for web pentesting. They have free tier with pretty okayish explanations and exercises. They also have “Bootcamp” section which covers some network, programming and Linux stuff.

LiveOverflow's Youtube channel has a playlist called “LiveOverflow Binary Hacking” which is a great primer into exploit development on Linux. For Windows, you should probably check Corelan series: https://www.corelan.be/index.php/articles/

https://www.vulnhub.com/ has machines for practice. Not all of them are great but you may learn a lot by reading writeups.

When it comes to certifications, they all serve their purpose, even CISSP and CEH. I did OSCP and while I won't call it “10 out of 10”, it's decent and probably the best one when it comes to skill practice and cost. It targets internal network pentesting, though, which might not be that useful if you choose other field.

Did I mention Google?

[demonshalo]

I remember when I was 15 and asked that same question on hellboundhackers :D #nostalgia!

Jokes aside, go with Python. It was my first language and to this day I can't think of a better language for people to start out with!

Good luck to ya!

[Txmm]

Thanks!