Why practical experience is important for learning hacking

Home / Career / Why practical experience is important for learning hacking

Learning how to hack computers is not an easy thing to do. It requires a solid understanding of a lot of technical things that most people don’t have a background in. One common mistake people make when trying to learn to hack computers or just learning things in general is focusing too much on theoretical knowledge. This article goes into why it’s important to focus on practical experience and some of the best places to practice for hacking computers: 

Why is studying theoretical knowledge so inefficient?

This article from psychotactics.com summarizes how much information is retained using different types of learning methods:

90% of what they learn when they teach someone else/use immediately.

75% of what they learn when they practice what they learned.

50% of what they learn when engaged in a group discussion.

30% of what they learn when they see a demonstration.

20% of what they learn from audio-visual.

10% of what they learn when they’ve learned from reading.

5% of what they learn when they’ve learned from a lecture.

When we try to learn by reading we only retain about 10% of that information while we retain 75% of what we learn by practice and a further 90% of what we teach someone else or use immediately. 

You can read the full explanation here, but the main two reasons for this is that our brain’s can’t fully understand a concept without applying it. By applying the concept we make mistakes and can correct our understanding of the concept. Whenever we hear something, we make an interpretation of that explanation but we can’t know that our interpretation lines up with the real world application until we try to apply it in a real world scenario.

In the area of computer hacking it’s important that you not only read or watch tutorials but that you actively try to apply what you learn asap so that you can make the necessary mistakes to develop true understanding and practical knowledge. Knowledge that can be applied is valuable but theoretical knowledge is almost useless.

Why is it so common to want to read or watch videos?

Most people are much more comfortable with reading or watching videos on a topic to learn. Many times people will only watch videos or read books and never actually take action on what they are learning. This is very common and it’s because it’s much faster, comfortable and gives you a false sense of accomplishment. For example if you were reading a 10 chapter book it’s much easier and faster to read through each chapter than it would be to stop after each chapter and try to apply the knowledge that you have learned. It’s also natural to feel accomplished after researching a topic and thinking that you have become knowledgeable in that area. But that feeling is false, you may feel like you have gained some knowledge but you won’t be aware of how much information you missed or misunderstood because you haven’t tested it. It’s important not to take the more comfortable path of reading or watching videos on a topic. If you only do these passive types of learning then you will lose most of the knowledge you are trying to retain. You need to take time and apply any knowledge that you need to retain for the future.

Where can I practice Ethical Hacking?

Hackinthebox and Vulnhub: These two websites are platforms that give you access to machines that you can use to practice hacking (all 100% legal). Also, because they are so popular you can find several youtube tutorials that give breakdowns and walkthroughs of the different challenges so you can follow along if you ever get stuck or want to see how someone else does it.

Codewars and Topcoder: These are good if you want to practice programming. For ethical hacking it’s useful to know languages like Python, Javascript, C/C++ and PHP to name a few. These platforms allow you to do deliberate practice by completing programming challenges. These challenges usually consist of a short problem statement and then you need to write a script using the language of your choice in order to solve the problem. Your solution is run in an online compiler and if it gives the correct result, you pass the test. Topcoder also has competitive programming where you can compete with other people on different challenges. 

Overthewire: This website is dedicated for absolute beginners, it teaches the basics of navigating the linux environment and using the command line. It has hundreds of challenges and you can find many walkthroughs online if you get stuck. The linux command line is heavily used in penetration testing so it’s good to get familiar with the environment and the commands. All of the command line arguments you will learn are centered around what you would need to know as a computer hacker so it’s very focused in that sense.

Udemy: This online learning platform has hundreds of different courses and some good ones on computer hacking as well. The idea here is to focus on courses that will force you to develop practical understanding of what’s going on. You don’t want to waste time on courses that are just going over definitions, that you can google yourself. One example of a good course I found is Z security’s learn python and ethical hacking from scratch. This course teaches you how to build different command line applications for hacking computers in python. It’s good because you want to write the scripts yourself, use them in your portfolio and modify them to suit your needs, which will make you retain much more information. This is just one example but there are several courses on udemy, so look through and find one that you like.

Final Thoughts

It’s clear that learning by doing allows you to retain much more information than simply reading or listening, over 60% more. Therefore, if you’re going to invest time in learning how to hack computers your best chance to improve quickly is to practice as much as possible. Refrain from simply reading and researching because they can lead to a false sense of confidence and understanding, the only way to know how much you understand is to implement what you’ve learned.