Before moving ahead let me first clear to your what hacking means, who are hackers and how words like ethical hackers or white hat hacker originated: The word hacker is a too old world (more than 200 years ago also it was used) and not confined to computers or networks. People who kept on trying new things or keep on trying to make something better than what already existed were called hackers. Later during world war times the need to make algorithms to securely transfer data (secure communications) was realized and hackers became the persons who were making the new algorithms to solve such issues. With time hackers became persons who would test computer or network systems (by breaking into them) to them better. But the media limited the world to cybercriminals. So to make things a bit better and remove the wrong perception of the meaning of word hacking terms like White hats or ethical hackers were introduced ( to clear to the public that these are the guys working hard to make things better and not malicious guys). Hacking basically stands for the exploitation of something. Hackers are people who exploit computer and network systems ( limiting the definition to digital world).

Be clear with what you want to be: A person who has some certification related to ethical hacking OR A good penetration tester OR A good bug hunter – the one who finds vulnerabilities in networking or computer systems. The first one is pretty useless (unless you just want to impress some company or your friends).

First of all never fall for coaching institutions like Jetking, IANT or any other and don’t go for courses like CEH or others (in foreign countries people claim that they are taught well but in India I am damned sure you will end up wasting your time).

The first thing you need to do is join some guys who have been working hard to find vulnerabilities in websites and reporting them (the so-called ethical hackers or bug bounty guys). Nowadays its something too common, you will find groups related to these things everywhere (on facebook i and my friends are part of such groups). You in a way get a direction of what should be done, how it should be done and will also keep getting inspiration from others.

Regarding learning, you need to be logical and conceptual in whatever you are learning. The best sources you can refer to learn are Coursera and Udemy ( yes, unfortunately, they are paid). You can watch good youtube channels say Khan academy or Alithecomputer guy to clear your basics. (it is in Hindi) which focuses on clearing the concepts related to technology and removing common misconceptions fo tech enthusiasts. In fact, the internet is the best resource (if you are experienced enough all sort of knowledge at any level you want you will get it here).

So who are ethical hackers? Well, see you a system and found some loophole there. Now you have two options: either you misuse it or report it. If you report it so that the system admin can improve his systems ( patch this bug or loophole) you are ethical in your work. Go through all known websites you will find two surely find a page for reporting bugs and a page for HOF – Hall of Fame. Ethical hackers are the guys who want to see their name on the HOF page. Note that because those websites have created a bounty page it means that they are inviting hackers to test their website (but also to report it in the case they found some bug) for hidden loopholes (that could not be perceived by their developers or security department).

For learning hacking, you need to have a bit deeper understanding of how things work. So that also needs a bit deep study. Being a part of important forums of discussion ( say all forums of a stack ) helps a lot because if you got some doubt someone will surely clear it for you at its best.

Let me tell you one thing: its too easy to watch videos of attacks and repeat them but you become a hacker when you understand the concept and logic behind the attack, its limitations, and capability. Focus a lot on understanding the in-depth working of networking, cryptography etc and work hard to improve your coding skills ( but again i say logical coding not competitive).

There are many youtube channels which will show you practical hacking tricks or methods (though youtube keeps banning such channels) but won’t tell you the theoretical part or the conceptual part.

Some of my points you may not have got till now: See brother you know physics? Your teacher must be teaching you to be conceptual because ones your concepts are clear you can solve any problem. Learning a lot of tricks and formulas may help you in exams but it’s your concepts that show you how much you understood it. You will find many youtube channels who make videos on say hacking WIFI network using kali Linux or say LFD attack on some website ( usually on say some WordPress plugin) but ones you start talking to these guys you realize they don’t even know what they are doing actually. Ones you take the discussion a bit deeper you realise how much they are lacking concepts. What i am trying to clear to you is that its your deepness of things its your concepts that will help you grow more not the tricks or methods.

To show to the world that you have knowledge you may need some certifications (but in india let me tell know you will just be loosing your money if you think that some institution is going to teach you in a way to make you a real hacker). You can go for CCNA or CEPT or OSCP to show to the world or to companies you are good at things but that is just to show. What if i tell you my friends who have so many certifications could not find a loophole in major websites while those who don’t have any found so bugs even leading tech giants. In fact certification is just a bussiness in our country and some guys are even claimed to be selling such certificates for sake of money.

Now let me take you to practical world. See brother/sister : I have a friend ( he is from pak) and he has reported 4 major critical bugs in facebook. Sounds good ? Yeah in fact he is a pro tester. Now one day i was discussing something with him and i was shocked to know that he doesn’t know what an atm means. I was damned shocked because its something too common. Anyways with time i realised how concentric he was ( he would mostly keep testing social media websites and google or its sub-websites) and would hardly take interest in other things. A very nice coder but still many things i found strange like he lacked variety to a lot. On other hand i have another senior friend of mine who have found bugs in Apple, Google and nearly all major websites i come across. This guy is also good at coding ( but considering social media things my pak friends overtakes him in every aspect). Actually my cirlce is too huge. I like to live with variety of people. What i have noticed after interaction with so many of people is most people who are so much practical do lack a deepness of core concepts. They can’t explain me the in depth of all OSI layers ( and i have written an answer of nearly 35 pages to explain that to a junior of mine to give him the indepth study of things). And i was shocked when i noticed one of my friend who codes day and night did not have an idea about the fact that APR and Https work on different OSI layers ( it was some question he asked me about why wifi hacking, a question which was invalid itself). I do have friends who may code a lot but can’t explain me working of ssl handshake (when a method they were using for some hack relied upon downgrading SSL). Well overall i have huge variety of persons i interact with, who help me and i help them whenever needed. I will advice you the same. There is no end of topics and knowledge and you alone can’t master everything. So understand the fact that teamwork is a must and being alone will limit your potential.

Remember, things won’t be easy. You will have to develop your interest in exploiting things, in having a passion for knowing the in their in depth working, in the hunt for something which others missed so far.

If you really want to improve any company you are working in or want to secure it at its best do remember understanding how cybercrime works or how hackers attack is a must.

So feel yourself like a computer itself, consider you were made for the world of computers , to interact with them and to improve that interaction with time, be practical with things, increase your circle, subscribe to some good youtube channels, join some good forums, connect to other guys of same type, be clear with your concepts, study hard to satisfy your thirst for knowledge and be creative with your coding skills.