From Breaking Scripts to Understanding Systems: My Early Lessons in Cybersecurity

This is my first Medium post.

Sujhal Gurav

~3 min read · December 25, 2025 (Updated: December 25, 2025) · Free: Yes

First Ever Blog From Script Kiddie to Actually Learning Cybersecurity

I've been thinking for a while about what my first blog should be about. I didn't want it to be polished or motivational. I wanted it to be real. So I'm writing about how I actually started in cybersecurity as a script kiddie and how I slowly got out of that bubble.

Hi, I'm Sujhal Gurav. I'm currently in my third year of B.Tech CSIT with a specialization in Cybersecurity.

If you've started your cybersecurity journey by running random scripts from the internet, copying GitHub repos, or following YouTube videos blindly this is for you. Especially if you now feel stuck and want to actually understand cybersecurity.

How it started (the messy part)

In my first year, first semester, I was just excited to get into the field. I searched online for "hacking" and "cybersecurity" without really knowing what either meant.

I discovered Red Team and Blue Team concepts. And like most people, I got pulled straight toward Red Team. Mr. Robot didn't help either.

I started experimenting.

Running DoS scripts on systems in the network
Playing with tools like hping, whois, nmap
Trying to build keyloggers using YouTube tutorials and GitHub code
Sneaking scripts into friends' systems just for fun

I even made friends log in to their own accounts, grabbed credentials, and showed them. The fear in their eyes felt like a win back then. Looking back, it was reckless but at that stage, it felt exciting.

I also learned some Windows key bindings that caused instant panic when used at the right moment:

CTRL + W — close the active browser tab
CTRL + SHIFT + W — close the entire browser window
ALT + X + U + U — instant shutdown (dangerous if things aren't saved)
WIN + D — minimize everything and jump to desktop

Use them at the right moment and watch chaos unfold.

You can Google more shortcuts and try them yourself. At that stage, it feels fun. And honestly, those were good times.

The problem with staying a script kiddie

But after some time, I hit a wall.

Running scripts felt powerful, but I didn't understand why anything worked. If something failed, I had no idea how to fix it. If a tool gave output, I couldn't explain it properly.

That's when I realized something important:

If you don't understand IT and computer science basics, cybersecurity will never fully make sense.

So I stopped chasing tools and exploits and decided to step back.

The boring but necessary phase: fundamentals

If you're in your first or second year, you still have time. Use it.

I spent almost a year just fixing my fundamentals. Not going extremely deep, but making sure I understood the surface properly across domains.

Things I focused on:

Frontend basics
Backend basics
System architecture
Low-level system understanding
Networking (I spent a lot of time here)
Blue Team fundamentals
Red Team fundamentals
Core cybersecurity terminology
Digital forensics basics

I didn't master everything. That wasn't the goal. The goal was to stop feeling lost when someone mentioned a concept.

Think of it as becoming a "jack of all trades" first.

Choosing a direction

Once you have this base, choosing a path becomes easier.

For me, that path turned out to be Detection Engineering and Purple Teaming. Understanding attacker behavior mattered, but so did understanding why defenses fail and how to fix that gap.

That clarity only came after the fundamentals.

Where I studied from

People often ask me where to learn fundamentals from. These helped me a lot:

TryHackMe — especially the beginner and fundamental paths If you can afford the premium version, it makes learning much smoother. PremiumRoadmap

My own notes from internships and self-study I documented what I learned daily. Writing things down helped more than I expected. Heartking-2324

30-day cybersecurity challenge I did in my first year Very basic. Very simple. But consistent. Core labs, core concepts. 30 day challenege

You don't need everything at once. You just need continuity.

Closing thought

Once you're comfortable with the basics, practice starts to feel different. Labs make more sense. Simulations stop feeling random. And eventually, you'll be able to think about applying things in the real world responsibly.

If you're currently stuck in the script kiddie phase, don't panic. Most of us start there.

What matters is whether you stay there.

#cybersecurity #detection-engineering #purple-team #ethical-hacking #security-research