BoredomBusted — Find Your Next Favorite Thing To Do
Discover hobbies, activities, places, and ideas that spark joy. Whether you're looking for something creative, active, social, or relaxing, BoredomBusted helps you find your next favorite thing to do.
Browse our hobby guides, things-to-do collections, and place ideas to never be bored again.

Ethical hacking is less about hacking and more about patient problem-solving—20% typing, 80% reading and understanding systems.
Getting started with ethical hacking as a beginner involves learning to identify security vulnerabilities in systems using the same tools and techniques as real attackers, but with permission.
Unlike coding or CTF puzzles, you're testing live logic against real-world defenses, not just building things or solving pre-packaged problems.
In ethical hacking, you engage in hands-on activities such as information gathering, scanning systems for vulnerabilities, exploiting these vulnerabilities in controlled environments, and documenting your findings, often through challenges like Capture-The-Flag competitions.
This hobby fosters a flow state as you become fully immersed in problem-solving, receive immediate feedback through challenges, and experience a sense of accomplishment when identifying and fixing vulnerabilities.
You think ethical hacking is about breaking into things. Maybe you picture a hoodie, a dark room, rapid typing on a terminal. That's the movie version – and it's keeping you from seeing what this hobby actually is.
A penetration tester once found a critical vulnerability in a client's system not through a fancy exploit, but by reading a PDF manual for a router and noticing a default credential no one had changed.
No dramatic keystrokes. Just patience and reading comprehension.
You're likely wondering what skills you really need to start this hobby. The truth is, you might already have most of what you need to start exploring.
The first time you open a terminal, it's disorienting. You're not sure what directory you're in, even though you just watched a video where it seemed so clear.
The surprise isn't that commands don't work magically, but how easily a typo can send you searching for answers for an hour.
Week one is all about navigating Linux paths and wrestling with installations. Every error message feels like a foreign language. But each Nmap scan success the next week is a real win, giving you raw data to work with. By the third week, you're grappling with a TryHackMe box for hours, puzzled by something that a walkthrough handles effortlessly.
You realize not every error is a roadblock. By week four, what once stopped you seems manageable—more a part of the process than a dead end.
Repeating searches for the same errors might feel like being stuck, but it's common. It's not about feeling behind; it's what everyone deals with, even if the certificate posts don't show it.
Before diving in, set up a Kali Linux VM with VirtualBox or VMware. Running experiments inside a virtual machine prevents any network chaos on your host system.
When to start: Early morning
Duration: 1 hour
Cost to try: $10
Success criteria: If you can name 5 ethical hacking terms, outline the first 3 attack phases, and finish one intro module, do session 2.
Kali Linux looks like a hacker's paradise, but it's just a collection of tools. Without networking knowledge, you won't know what these tools are doing or why any of it matters.
Start with the basics. Spend two weeks on TryHackMe's "Pre-Security" path, focusing on networking and Linux fundamentals.
Beginners often run exploits found online against vulnerable setups without understanding the code. This button-pressing approach gives an illusion of learning, but doesn't build real skill.
Read before you run. Analyze each line of code from Exploit-DB and write a two-sentence summary about its impact on the system or service.
Walkthrough videos make hacking look easy and comfortable. But this false ease collapses when the real-world scenario doesn't match the guide.
Challenge yourself with unseen machines. Spend half your lab time on machines you haven't researched. Only seek hints after 45 minutes of effort.
Skipping documentation feels smart until poor communication costs you a bug bounty or a job. Writing clearly is as crucial as technical prowess.
Create a mock report after every exploit. Include the vulnerability found, discovery method, business impact, and suggested fixes.
CTF challenges build quick thinking but lack key elements of real-world testing. Actual engagements involve thorough planning, rules of engagement, and systematic approaches.
Transition to real-world methods once comfortable with CTFs. Use a practice engagement framework like PTES on a home lab VM to experience structured methodology.
Ethical hacking happens mostly in front of a screen. You can work from your home setup, a dedicated workspace, or a local makerspace. Hackerspaces are where security-minded people share tools and knowledge.
Hackerspaces offer a different kind of support. You'll find mentorship, hear war stories, and get feedback on your methods. It's more valuable than any YouTube tutorial.
Introduce yourself honestly when you attend. Saying "I'm just getting into this, trying TryHackMe, but new to real hacking" signals commitment. You'll often get valuable guidance right away.
Not all ethical hacking looks the same. The path you pick shapes everything – what you learn, what you practice on, and what jobs actually care about it.
Focus on breaking web apps by finding SQL injections, authentication flaws, and misconfigured APIs. Platforms like HackTheBox and OWASP let you practice for free, so it's excellent to build practical skills quickly.
Ideal for those who spend a lot of time in browsers and want a clear path to job-ready skills.
Here you're focusing on infrastructure like routers, firewalls, and Active Directory environments instead of software. Corporate pen testing jobs often require this skill, with a high ceiling for opportunity.
Best for those who already know networking basics, as starting without them can be tough.
Bug bounty hunting uses the same skills but targets real company vulnerabilities. Cash payouts are possible, but income can be erratic, especially at first.
Best for self-motivated individuals who want practice with real stakes.
Social engineering and physical penetration testing target human and physical access vulnerabilities, like phishing simulations or badge cloning. This requires clear authorization to avoid legal issues.
Great for those with a background in psychology or sales.
Capture the Flag (CTF) competitions involve puzzle-based hacking challenges without the legal risks of real systems. There's immediate feedback and no legal gray areas, making them ideal for beginners.
Perfect for hobbyists not focused on a career.
Foreign Language Learning is a sibling pursuit and often surfaces the same kind of curiosity.
For something adjacent, see KenKen.
If this resonates, Logic Grid Puzzles explores a similar direction.
Understanding system behavior is what separates amateurs from pros.
Most newcomers obsess over collecting tools—new scanners, frameworks, cheat sheets. The tool list grows; the results don't. Real progress comes from examining responses like error messages or timeouts and questioning what they reveal about the underlying architecture.
When you focus on this skill, scans aren't your lifeline. Subtle signs, like an app's delay, become your guide. Without it, you're left running scripts on tough targets and wondering why they fail.
A script kiddie runs tools blindly. A junior pentester observes and questions the response. That's the actual evolution in skill.
The next step is understanding where this mindset applies most effectively.
Plan for 8 sessions over 30 days. Twice a week, dedicate two hours to see what truly captures you.
You're always early, and time flies during your sessions. Annoyed you have to stop when the session ends? That means you're genuinely hooked. Consider diving into a structured learning path like TryHackMe or Hack The Box. This is a skill-building journey, not just a casual hobby.
Completed the sessions but felt indifferent? You might appreciate the idea of ethical hacking more than the practice. Focus four extra sessions on something specific, like web app vulnerabilities, before deciding it's not for you.
Dreading opening the terminal? It's not just about difficulty; it's a sign you're uninterested. That's a clear message. Better to find this out now than waste months on something that doesn't click.
If you catch yourself reading CVE disclosures purely out of interest, that's your strongest early indicator that this will stick.
If ethical hacking feels like too much to commit to right now, browse what to do when you're bored for lower-stakes ideas.
Ethical hacking involves finding and fixing security vulnerabilities with explicit permission from system owners, while regular hacking is unauthorized access to systems. Ethical hackers follow legal guidelines and help organizations strengthen their defenses rather than exploit them maliciously.
You don't need advanced programming skills to begin, but basic knowledge of at least one language like Python or JavaScript is helpful. Most ethical hacking certifications and courses teach the technical foundations you need, even if you're starting from scratch.
Most beginner certifications like CEH (Certified Ethical Hacker) take 3–6 months of dedicated study, though timelines vary based on your prior experience and learning pace. Full competency in the field typically requires 1–2 years of hands-on practice beyond certification.
Popular entry-level certifications include CEH, CompTIA Security+, and OSCP, which employers widely recognize. While some roles may not strictly require certification, having one significantly improves job prospects and demonstrates your legitimate expertise to clients.
Basic training courses range from $100–$500 online, while official certification exams cost $300–$1,000. Many free resources and practice labs exist online, so you can explore the field inexpensively before investing in formal certification.
Ethical hacking is legal when you have explicit written permission to test systems—practicing without permission is illegal even if your intentions are good. You can safely practice at home using legal platforms like HackTheBox, TryHackMe, and OWASP WebGoat, which provide dedicated vulnerable environments.