Learning OffensiveCybersecurity — Day 1

Ok So I cheated a bit. I started HTB earlier than now and got stuck; that is how I found TCM Academy. So before I go too far into detail here are some screenshots of where I currently am in TCM and HTB.

The 30-minute video on Burpsuite really helped me get past the Webproxy module on HTB. It gave me a dozen “aha” moments that were invaluable and I completed the last tasks in about thirty minutes last Friday instead of banging my head against the wall. I highly recommend if you are following along to rewatch that Burpsuite video whenever you get stuck on that portion since there is probably a feature you might be missing.

Before I start my two hours, I need to set up my notes. I am using Github to host my notes in markdown format instead of using a platform like Notion. The reason I am doing this is that I find online note taking applications too distracting. I spend a lot of time agonizing over what emojis I should use to label things and I am also unsure if those applications will be around forever. If Notion goes out of business or forces me to pay to hold my notes, then how do I export my notes? Markdown makes sense to me even if Github requires me to pay for it one day, then I can send my repo elsewhere fairly easily.

If you are unfamiliar with Git then I highly recommend learning it before proceeding. Or you can ignore me and learn it when you need to.

If you want to follow along with me, then my notes look like the following:

- BBH (Directory) — This is to store notes specifically for Bug Bounty hunting
- tools (Directory) — This is for notes on the tools I will learn like Burpsuite
- img (Directory) — This is to store screenshots to imbed on my notes
- README.MD — The main file that will work mostly as a dictionary
- BBHProcess.MD — The master Bug Bounty Hunting file. This is where I will go when starting a Bug Bounty engagement.
- vocab.md — Always have a vocab file that works as a dictionary of tech slang and acronyms. There are always way too many.

Stage 1 — Step 1 — Reconnaissance

Today I got through the first three sections of the HTB Academy’s Information Gathering — Web Edition. I spent more time than I wanted to on the last question in section 3 — DNS. I am sure I could have accomplished this a lot sooner if I had googled the answer, but that would have been a quick win and I wouldn’t have learned anything.

Completing three sections seems trivial given the fact I spent two hours this morning on learning. The major thing is that whenever I am shown a command I have not used in a long time or ever, I always look at the manual. Since these sections showed me three commands. Dig, whois, and nslookup then I looked at the manuals for each of these commands. I recommend this for anyone who sees a command for the first time, especially if you ever want to graduate from being a “Scriptkitty”.

Since the first section of HTB recommends signing up for Hackerone account to test what we learn from this information-gathering section, I am also going to spend this evening looking at a few companies on the big three programs. Hackerone, Bugcrowd, and Intigriti focusing on programs that do not pay for bounties since these are going to be the companies that get fewer eyes on them and have more vulnerabilities for me to discover first. I am a firm believer in learning by doing and once I recon enough of these, then I am going to recon as a second nature. I am also going to avoid writing scripts to automate recon for the time being so I can be a little more intimate with this process for understanding reasons.

Quite a few Bug Bounty YouTubers I have watched have also stated recon is a waste of time. They prefer to dig around to find their vulnerabilities. Now, I am no expert and that is why I am learning it; I think information gathering is valuable in every situation, and these people may just be so experienced that they already know what they want to focus on without digging for sub-domains and the such.

Also, this week streak thing from HTB makes me not want to continue past my streak points because I want to make sure I don’t miss a week, and what if I face a task that takes me more than a week? They must be doing this hoping people sign up for the year membership so they can save theirs, but it feels like cheating if I use a save anyway, nor do I have the funds to sign up for a year.