I would like to learn more about information security and hacking in general. Any recommendations to where should I start?<p>Edit: I would like to know about resources which are generally free. Thanks!
Here are a few resources:<p><a href="https://www.reddit.com/r/netsec/" rel="nofollow">https://www.reddit.com/r/netsec/</a> General news about netsec<p><a href="https://github.com/enaqx/awesome-pentest" rel="nofollow">https://github.com/enaqx/awesome-pentest</a> List of tools and resources<p><a href="https://github.com/wtsxDev/Penetration-Testing" rel="nofollow">https://github.com/wtsxDev/Penetration-Testing</a> Another list of tools and resources<p><a href="https://www.hackthebox.eu/" rel="nofollow">https://www.hackthebox.eu/</a> Hands on hacking (OSCP style) but free, unless you want to pay for a VIP version and get access to even more machines.<p><a href="https://www.vulnhub.com/" rel="nofollow">https://www.vulnhub.com/</a> Individual VMs you can hack into, most of them providing walkthroughs.<p>Web application wise I'd suggest starting with <a href="https://www.owasp.org/index.php/OWASP_Juice_Shop_Project" rel="nofollow">https://www.owasp.org/index.php/OWASP_Juice_Shop_Project</a> which is a modern version of the "damn vulnerable web app (DVWA)".<p>These may look quite "massive" for a beginner but I think it's the best way to start. The approach I would suggest would be to go download a VM from vulnhub and read its walkthrough. Then learn to use the tools in that walkthrough (each machine may use a tool in a different way) until you're confident enough to make an attempt on your own.<p>Hope this is helpful!
my favorite infosec book is no doubt <a href="https://www.cl.cam.ac.uk/~rja14/book.html" rel="nofollow">https://www.cl.cam.ac.uk/~rja14/book.html</a><p>For practical learning there is a great list of tools here: <a href="https://news.ycombinator.com/item?id=17166545" rel="nofollow">https://news.ycombinator.com/item?id=17166545</a><p>Also join an open source project you like and help out for hands on experience, eventually you'll do well and build a reputation for yourself. (this is worth more than any certification in case it's a job you're after)