BOOK THIS SPACE FOR AD
ARTICLE ADHello everyone, before starting the topic let me first introduce myself. My name is Aniket Akhade and I’m passionate about Cybersecurity, Bug Bounty Hunting.
Actually, It’s a kind of rule of the infosec community that you must give back to the community if you are getting free knowledge or something from them. And I think everyone needs to follow that. So I’m writing my first ever article and considering this to be the share of salt from my side.
Note: Ignore my grammatical mistakes 😅
Bug Bounty Hunter, Security Expert, Student, One who is passionate about cybersecurity, One who wants to switch career in cybersecurity.
I often see that when it comes to getting into cybersecurity or ethical hacking, people or beginner don’t understand where to start and get’s confuse with their decision and it’s completely normal. Sometimes they begin their learning journey but they get stuck somewhere. Even went through this process too. The thing is Cybersecurity is a vast domain and it’s really hard to tell every small thing about it. So I’m just telling my perspective to get on the correct path of cybersecurity. And this could be different from person to person.
1. Learn about different Operating Systems (OS)
Different operating systems are used in computers. Os like Windows, Linux, MAC is used in computer and Android, IOS these are used in smartphones. Simply google these OS names and pick any article and read about them.
2. Take knowledge of the Internet as well as Computer Networking
It’s important to know that how the internet works, how different devices works and to communicate with each other. How data is transferred. Below are some resources which will give some guidance about this.
https://www.youtube.com/watch?v=H8W9oMNSuwo&list=PLxbwE86jKRgMpuZuLBivzlM8s2Dk5lXBQhttps://www.youtube.com/watch?v=a3w5a3rys80&list=PLBGx66SQNZ8ZvdIoctCTWB3ApXQpQGEinhttps://www.youtube.com/channel/UCJQJ4GjTiq5lmn8czf8oo0Qhttps://www.tutorialspoint.com/network_security/index.htm3. Learn about Linux commands
Most of the servers use Linux as their OS. There are different flavors and types of Linux os. It’s mandatory to have a good knowledge of the commands of Linux. There are various tools that we used in ethical hacking or cybersecurity. So following are some links that will give basic ideas or tutorials for this.
https://www.youtube.com/watch?v=BGjTboXjH28https://www.youtube.com/watch?v=YHFzr-akOas&list=PLS1QulWo1RIb9WVQGJ_vh-RQusbZgO_AsBook: The Linux Command Line By William E. Shotts, William E. Shotts, Jrhttps://www.tutorialspoint.com/unix/index.htm4. Move to Cybersecurity concepts
Now we have basic knowledge of OS and computer networks so it’s time to move towards cybersecurity basics. Below are some links which will give the basic idea of what actually cybersecurity means and what are different things, what are different types of attacks there.
https://youtu.be/nzZkKoREEGohttps://www.javatpoint.com/cyber-security-tutorialhttps://www.w3schools.com/cybersecurity/index.phphttps://intellipaat.com/blog/tutorial/ethical-hacking-cyber-security-tutorial/https://www.youtube.com/watch?v=oKgnYe_6uh8&list=PLWPirh4EWFpEK7BXbMvKDYuHhA4AiYLDbhttps://www.tutorialspoint.com/ethical_hacking/ethical_hacking_process.htmhttps://www.udemy.com/topic/ethical-hacking/free/5. Learn any programming language
Some people think that programming is not necessary for ethical hacking or any domain of cybersecurity but this is not completely true. It’s like “चाई कम पाणी ज्यादा”. What basically that means is you can’t be a cybersecurity expert without that. It’s not necessary that you must know that how to write big codes but what’s necessary is you have an understanding of code, the flow of code, how code is working. If you know how code is working then you would know that what actually an application is doing and that’s the important thing to know.
There are various languages among them you can learn BASH, Javascript, Python, Go, Rust. Suppose you became a security expert and you have one workflow which you do each day so in that case, you can use automation there using these programming languages. There are many tools that we used for ethical hacking and they are all written in these languages. So we must know the programming languages.
Also, you should know the basics of HTML, CSS, JS, PHP. As they are used in creating different websites and are useful for code analysis.
6. Learn About Web Applications and Attacks
According to Wikipedia
A web application (or web app) is application software that runs on a web server, unlike computer-based software programs that are run locally on the operating system (OS) of the device.
If we know the web app neatly then only we can find some bugs or vulnerabilities. So in the web app, you must know about how web applications are working, what is a cookie/cache/sessions, what is HTTP/HTTPS, SSL, TLS, different HTTP methods, headers, and status codes.
https://youtu.be/RsQ1tFLwldYhttps://developer.mozilla.org/en-US/docs/Web/HTTPhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Headershttps://samsclass.info/129S/129S_S20.shtmlLearn the Recon process and tools for that. Search Jhaddix on youtube and see all videos of him. His contribution to cybersecurity is great.https://www.youtube.com/channel/UCk0f0svao7AKeK3RfiWxXEA2nd channel for Recon is Nahamsec. This man is a very great hacker and he recorded many videos on recon, with different security researchers.
https://www.youtube.com/channel/UCCZDt7MuC3Hzs6IH4xODLBwLearn how to use BurpSuit Tool.
https://www.youtube.com/watch?v=G3hpAeoZ4ek&t=839sLearn GitHub and Google Dork.
Now you know that how to do recon and now it’s time to get into vulnerabilities. So there are many vulnerabilities and the best way to learn that is to take one vulnerability at a time, learn that, and do practice it. To learn about vulnerabilities I will suggest Portswigger and OWAP sites.
Take any vulnerability and learn that from Portswigger, solve the given labs. We can read about vulnerability from OWASP too.Now we will read more about that vulnerability on Medium. There are many articles on all vulnerabilities on medium.com and we can read that for more understanding. Also, we can search for that on youtube.On google search like → vulnerability_name medium.com
for e.g, I’ll search → XSS medium.com
3. Now we have knowledge of vulnerability then we will search for vulnerability_name proof of concept(POC) on youtube/medium/HackerOne. It will give us some disclosed reports and how researchers got that and where.
4. Apart from this the main important thing to search for is bypasses, payloads, mitigation of that vulnerability. That will help a lot.
5. Also there are different labs available which we can solve and practice there. We can found some of them on GitHub or google it like vulnerability_name labs to solve.
6. Now we can select any target from the Bug Bounty platform (HackerOne, Bugcrowd, Intigriti, RDP/VDP programs) and then find the vulnerability which we learned.
Google😅 Yes, everything is available on Google. You just need skills to find thatWorkbook of Ninad Mathpati: https://workbook.securityboat.in/https://www.hackingarticles.in/Complete Information about WAPThttps://drive.google.com/file/d/1JTo9goo9QeSBfu2oUq8Gljk87A7YtQiq/view?usp=sharingVikash Chaudhary’s offensive hunter 1.0 you can purchase that in 1 rs (Note: Not promoting any course😅 )Some Youtube ChannelsBug Bounty Public Disclosure — https://www.youtube.com/channel/UCNRM4GH-SD85WCSqeSb4xUABug Bounty Reports Explained — https://www.youtube.com/channel/UCZDyl7G-Lq-EMVO8PfDFp9gBugcrowd — https://www.youtube.com/channel/UCo1NHk_bgbAbDBc4JinrXwwBusra Demir (For OSCP)— https://www.youtube.com/channel/UCksdNO8hAiOQoWZhEXhyyZAcodingo — https://www.youtube.com/channel/UCUfO02gdMDXgOJWdv_jiLMgCristi Vlad — https://www.youtube.com/channel/UCXXXoi68Hv6caNLWfw7j8MQCyberSecurityTV — https://www.youtube.com/channel/UCPunxMZz2wFEp0OdkLZPebAEshan Singh —
https://www.youtube.com/c/EshanSingh/videosHackerSploit —
https://www.youtube.com/channel/UC0ZTPkdxlAKf-V33tqXwi3QHacking Simplified —
https://www.youtube.com/channel/UCARsgS1stRbRgh99E63Q3ngInsiderPhD —
https://www.youtube.com/channel/UCPiN9NPjIer8Do9gUFxKv7Ajhaddix —
https://www.youtube.com/channel/UCk0f0svao7AKeK3RfiWxXEAKathan Patel —
https://www.youtube.com/c/KathanPatel/videosLiveOverflow —
https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9wLoi Liang Yang —
https://www.youtube.com/channel/UC1szFCBUWXY3ESff8dJjjzwMusab Khan —
https://www.youtube.com/channel/UCX3LuFyGjuVTyfpte63L6KQNahamsec —
https://www.youtube.com/channel/UCCZDt7MuC3Hzs6IH4xODLBwRed Team Village —
https://www.youtube.com/channel/UC8nq3PX9coMiqgKH6fw-VCQRogueSMG —
https://www.youtube.com/channel/UC855OCrjl7C3elK8VfEZoHwSpin The Hack —
https://www.youtube.com/channel/UCQaXCW5fFBaCrXKgaOPxUTwSTÖK —
https://www.youtube.com/channel/UCQN2DsjnYH60SFBIA6IkNwgThe Cyber Mentor — https://www.youtube.com/c/TheCyberMentor/videosthehackerish —
https://www.youtube.com/channel/UCIXot2vRgeM5alhAlpTbhQAVickie Li Dev —
https://www.youtube.com/channel/UCjQHiY2JeOkBamHSg_6UeFw