7 min read

How to become a pentester

So you want to learn how to hack computers and networks for a living, but you don't know where to start. This introduction is for you! Learn how to become a pentester.

Sep 30

Penetration testers, or pentesters for short, simulate cyber attacks to help companies learn where there are security vulnerabilities in their computers and networks. Yes, pentesters pretend to be cyber attackers. But they must work within the scope the company they’re working for gives them, and they’re only permitted to simulate cyber attacks in ways that their client authorizes. The difference between a real cyber attack and a pentest is consent.

Here at Hack The Box, we offer people a platform and an online community where they can learn about pentesting and practice cyber exploitation techniques in a safe environment. There is a rapidly growing demand for pentesters worldwide, and thousands of people begin their pentester journeys by learning with us.

It’s okay to start by knowing very little and to ask questions. So how do you become a pentester?

The Beginner's Bible

A little bit of light reading

If you’re like me and enjoy introducing yourself to a topic by reading about it, I’m happy to make some suggestions.

The Hack The Box team wrote an easy guide on how to get started with our training platform right here on our blog. Learn to hack with Hack The Box: The Beginner’s Bible. This post goes through six steps on how to join the HTB Community and get started with learning with Hack The Box, even if you’re a total n00b. 


Join the HTB Community

Hack The Box isn’t only an interactive learning platform, we also have a thriving HTB Community with over 750,000 members and counting. Learn all about it on our site. We have a popular Discord and forum. They’re full of supportive and curious hackers who will gladly answer any questions you may have about being a pentester and how to learn. If you enjoy socializing, we also have Hack The Box Meetups around the world. Many meetups are now online if it’s inconvenient to meet in person during the pandemic. Check out our HTB Meetups here. I interviewed a meetup leader, HTB Ambassador Julio Ureña on our blog. You can also follow Hack The Box on Twitter, Facebook, LinkedIn, Instagram, YouTube, and Twitch. We share a lot of useful videos, live streams, events, and all our latest news there.


Get into CTFs!

In a Capture The Flag game, hackers compete online to find metaphorical “flags” hidden in virtualized computers, applications, and networks. Whoever finds the most “flags” wins. It’s a great way to have fun and learn about network and application exploitation. I wrote “What is CTF?” on our blog to introduce newcomers to CTFs. You can learn about some exciting CTF events Hack The Box has hosted, including our Business CTF 2021. Soti “r0adrunn3r” Giannitsari wrote about UNI CTF 2020 on our blog. I also encourage you to explore Hack The Box’s CTFs.

CTFtime is a database of CTF events around the world, including write-ups for many challenges. This is a great way to learn about CTFs because everything is hands-on and the community is enormous. Hack The Box has a page on the site here you can check out to stay up to date on our CTF events.


Explore bug bounty programs

Bug bounty programs are a great way to demonstrate your application pentesting abilities. Major developers like Apple and Microsoft have bug bounty programs which invite members of the general public to find vulnerabilities in their products and report bugs. If you abide by their bug bounty program policies and they find your bug report to be useful, these companies could pay you money for your work. Successful bug bounties also look great on a pentester’s resume.

HackerOne features a comprehensive list of bug bounty programs that you can check out.

Hack The Box has also collaborated with HackerOne to launch our new Bug Bounty Hunter Job Role Path. It’s full of HTB Academy modules that will teach you how to become a master bug bounty hunter!

Here’s a list of the HTB Academy modules in our Bug Bounty Hunter Job Role Path:

Remember to check out our partnership with Synack Red Team. SRT moves beyond bug bounties by creating an elite team of the world's top cybersecurity researchers. Completing our Dante Pro Lab or the SRT Track work as credit toward bypassing the SRT waitlist! Read all about it here.

Yogosha is a collaborative platform for bug hunters and bug bounty program deployment. “We needed to find a trustworthy partner to grow our community while keeping what we are known for and what makes us different: The Elite Hackers Community. Thanks to the partnership with Hack The Box, we will be able to accelerate our hackers onboarding, and grow a highly-skilled international community even faster than before! You can read about here.

“Hacker for hire” programs are a great way to get introduced to the real pentesting world, by exploring diverse enterprise infrastructure. Try it out, even part time, see if you like it and help companies be more secure while earning a living.

Start learning!

Start learning with Hacking Labs and HTB Academy

Hack The Box’s Hacking Labs offer a fully interactive pentester training environment. You can exploit vulnerable machines at a variety of skill levels, from Easy to Insane difficulty. You can also track your progress and show off what you have accomplished with employers who are hiring pentesters.

HTB Academy features a wide and growing collection of fully interactive cybersecurity training courses, many of which are specially designed to teach you about various areas of pentesting.

I recommend starting with our Cracking into Hack The Box Job Path first. Then you can move onto our Junior Penetration Tester Job Path.

Junior Pentester

Hacking Labs offer an exploratory, fully hands-on type of learning experience, the “learn by doing” method. HTB Academy, on the other hand, takes a more guided approach through interactive training modules and learning paths that combine theory with practice. A great learning method that also helps others is to keep notes while practicing and then create your own “training material”. The HTB platform gives the ability to submit community-written write-ups or links to video walkthroughs. On HTB Academy we allow streaming and video content creation of all tier 0 modules. Content creation can be a great way to encourage people to get better at writing and speaking. 


Get practical and real-world pentesting training with Pro Labs

Hackers who succeed in our Hacking Labs can progress to our Pro Labs. Pro Labs feature realistic enterprise network scenarios. You’ll be hacking multiple machines rather than one at a time. When you’re ready to start Pro Labs, we recommend Dante first. It’s our Penetration Tester I level. From there, you can tackle Offshore, Penetration Tester II level, and then move onto increasingly challenging Pro Labs. You will earn a certificate for completing each Pro Lab, something you can show off to employers!

Dante cert

Get hired

Once you’ve made progress in our Labs and HTB Academy, you can use your Hack The Box credentials to find your first pentester job! We have a cybersecurity job portal. Many top employers look for pentesters here, including Dell, AWS, and many more. Go take a look!

I wish you the best in your journey to a successful pentester career. Hack The Box will support you, we’ve got your back!

Share article

Hack The Blog

The latest news and updates, direct from Hack The Box