Tools
So you do need some tools to get cracking and hacking. Here is a small list of tools that can help get you going.
You need atleast a good browser, a good code/text editor and it wouldn't hurt to have the ability to run a virtual machine, or something similar.
Binwalk is a tool that enables you to find content hidden inside other content. Like you could embed a document inside an image, and make it seem like that document never existed. Binwalk let's you find and extract that document. A great tool, and it is used in a bunch of different tasks. Mainly in steganografy and forensics categories.
Crackstation is an online password cracking tool. It has one of the largest databases of known passwords and hashes, and it is much simpler to use than for instance John The Ripper.
This is an online tool to do all sorts of encryption and decryption. You can usually solve most of classic cipher tasks using this tool. You can certainly finish the bootcamp with this tool.
Ghidra is a disassembly and decompile tool developed by the NSA. It was originally proprietary and unknown to the public, but it has since been open sourced and opened to the public. Apparently the NSA got tired of retraining every new person they hired, so they gave it away to the public.
There are several other great similar tools like Ida, Radare, and Binary Ninja to mention a few.
You use these tools to deconstruct a binary program back into human readable code instructions. Disassemblers give out the machine instructions in assembly language, while decompilers recreate higher level programming language code such as C, Java or C#.
Have I Been Pwned is an online service to see if your email, password or even entire domain has been part of a data breach. It knows if your account data has been shared, hacked, or pasted online, and what services your data was retrieved from. It is a great service.
John the Ripper is a password cracking tool. It can crack passwords with a bunch of different approaches. It is quite an eye opener to see JTR in action. It makes you think of passwords differently.
Kali Linux is a distribution of Linux built for doing penetration testing, ethical hacking and information security analysis. It comes with a suite of tools out of the box, and is a great starting ground to do these kinds of challenges.
You can run Kali Linux in several different ways, dual boot your system, boot if off an USB drive, install it on a virtual machine or on Windows you can run it under Windows Subsystem for Linux.
Run Kali on Virtualbox on OSX
Run Kali on WSL on Windows
or you can download isos and run them in your VM platform of choice, or off a USB drive.
Now this is what makes Python the king of exploitation. Pwntools is a suite of tools for Python that enables you to automate, and simplify a lot of hacking techniques and craft your exploits to perfetion.
For doing hacking and security analysis the Python programming language ranks as the king. The simple syntax and quick setup combined with the big ecosystem of packages and libraries makes an ideal choice. JavaScript comes in at second place. But Python is the king of simple exploits.
VS Code is a lightweight code and text editor. It has support for a wide range of languages like JavaScript, TypeScript, Java, C#, Python, C, and Lisp to name a few. It has a big community and a large array of plugins that extend the functionality further. This gives you the ability to tune your editor to your own preferences, much like Vim - but without the hassle.
Other good options is Sublime Text, Atom and Notepad++