Daniel Kelley

When I was 16, I caused over £70,000,000 in damage by hacking websites.

It wasn't hard.

It was a 3 step process.

1. Researching how to hack websites online.
2. Translating the theory into methodology.
3. Executing it.

I didn't need a certification, formal education, or a £9,000 bootcamp.

All that I needed was dedication and desire to learn.

This principle applies to anyone that's trying to get into cybersecurity or learn something new.

You don't need what you think you need.

Yesterday I received 38 messages asking me how to get started with cybersecurity.

Here's 16-different platforms to learn cybersecurity on:


→ CyberSecLabs
→ TryHackMe
→ Cybrary
→ OverTheWire
→ TCM Security
→ Root Me
→ Hack The Box
→ RangeForce
→ Certified Secure
→ HackXpert
→ EchoCTF
→ Vuln Hub
→ Vuln Machines
→ Try2Hack
→ PortSwigger Web Security Academy
→ PentesterLab


Pick one with a style that you like and allocate time to learning. That's all there is to it, the information is already out there.

Here's 30 fun cybersecurity search engines (this is a repost):

1. DeHashed—View leaked credentials.
2. SecurityTrails—Extensive DNS data.
3. DorkSearch—Really fast Google dorking.
4. ExploitDB—Archive of various exploits.
5. ZoomEye—Gather information about targets.
6. Pulsedive—Search for threat intelligence.
7. GrayHatWarfare—Search public S3 buckets.
8. PolySwarm—Scan files and URLs for threats.
9. Fofa—Search for various threat intelligence.
10. LeakIX—Search publicly indexed information.
11. DNSDumpster—Search for DNS records quickly.
12. FullHunt—Search and discovery attack surfaces.
13. AlienVault—Extensive threat intelligence feed.
14. ONYPHE—Collects cyber-threat intelligence data.
15. Grep App—Search across a half million git repos.
16. URL Scan—Free service to scan and analyse websites.
17. Vulners—Search vulnerabilities in a large database.
18. WayBackMachine—View content from deleted websites.
19. Shodan—Search for devices connected to the internet.
20. Netlas—Search and monitor internet connected assets.
21. CRT sh—Search for certs that have been logged by CT.
22. Wigle—Database of wireless networks, with statistics.
23. PublicWWW—Marketing and affiliate marketing research.
24. Binary Edge—Scans the internet for threat intelligence.
25. GreyNoise—Search for devices connected to the internet.
26. Hunter—Search for email addresses belonging to a website.
27. Censys—Assessing attack surface for internet connected devices.
28. IntelligenceX—Search Tor, I2P, data leaks, domains, and emails.
29. Packet Storm Security—Browse latest vulnerabilities and exploits.
30. SearchCode—Search 75 billion lines of code from 40 million projects.

Missed any good ones? Post them below.

When I was 15, I reported a vulnerability to Microsoft's bug bounty program.

It wasn't hard.

It was a 3-step process:

1. Researching how to hack websites online.
2. Translating the theory into methodology.
3. Executing it.

I didn't need a certification, formal education, or a £9,000 bootcamp.

All that I needed was dedication and desire to learn.

This principle applies to anyone that's trying to get into cybersecurity or learn something new.

Not sure where to start?

Have a read of this: https://lnkd.in/daEf26w7