Introduction

If you have come here to learn about ethical hacking, then you may already be familiar with what an ethical hacker actually is. For those that don't, the key is the ethical part of the name which simply means that when you explore a technology, computer, machine, or network, you are doing so with the owner's permission. Without permission, you are simply a hacker and very likely doing something illegal. The hacker part of the name means that you are exploring technologies, computers, machines and networks with the view of finding weaknesses in them and exploiting those weaknesses for unintended purposes.
Professionally, ethical hackers can work as penetration testers where they will try and find vulnerabilities in a customer's computer network or their software and then inform the customer so that they can fix the vulnerabilities before they are exploited by malicious hackers. Another type of ethical hacker is one that works in a Red Team, which is a group of ethical hackers that take the exploration and exploitation of a network one step further by emulating how real hackers would approach the task, sometimes going as far as establishing a longer lasting presence on the network. Red teams are sometimes asked to do this whilst another group of ethical hackers, known as a Blue Team, try and stop them.
In writing this book, I wanted to bring in elements of a red team perspective to the ethical hacking process by covering all aspects of an attacker's "kill chain", the stages normally followed by attackers looking to gain access to a network, establish a presence there and then carry out their goal of the attack whether that is to steal information, observe or take some other action.
There are many ways of learning about ethical hacking from online courses to university degrees. Most of these approaches will involve varying degrees of practical hand-on labs. Whilst this helps, there is nothing that substitutes for the 10,000 hour rule which was the amount of time that author Malcolm Gladwell argued was necessary to become an expert in any field. Whilst naturally gifted people may get away with less effort to be experts, for most of us, it is the repetition of basic skills in a variety of different contexts that will make us "elite" ethical hackers.
Fortunately, someone has found a way of making this process a lot more fun and that is the Hack The Box team. I discovered Hack The Box, a site that gamifies the learning of ethical hacking, early in my journey to become an ethical hacker. The challenges on the site are graded to suit levels of experience and most importantly, it comes with a phenomenal community of hackers from around the world who are always ready to help and encourage anyone who needs it at any time of day. The Hack The Box community also includes IppSec, whose YouTube videos are one of the best ethical hacking educational resources there is. IppSec makes hacking a Hack The Box challenge as entertaining as it is instructional. Simply watching these videos and doing the challenges on Hack The Box would be a great way to learn ethical hacking. That was in fact, what I did.
However, for other people who maybe don't have even the basics of a technical background, I wanted to try and flatten the learning curve and provide a resource for them to get over the initial hurdles and onto their journey of lifelong discovery and learning.

The need for VIP access

The exercises in this book require VIP access to Hack The Box. Whilst I would have preferred not to impose a financial obligation on readers, I think the cost of VIP access is affordable for anyone wanting to learn ethical hacking. It is a fraction of the cost of professional certification courses and priced over a year, the cost is less than a few cups of coffee (or cans of soda) a week. Irrespective of what you use this book for, the investment in VIP access is well worth it. If you are not sure, you can also just pay monthly.
There are other services on Hack The Box that I do not cover in this book. Hack The Box itself has its own Academy for training purposes and from what I have seen, it is a great addition to the site. I obviously think that there is value in the approach taken in this book and I hope that you agree.