Labs or resources to become a hacker or bug bounty hunter(step by step)
Hello, I am Deepak Dhiman and this is my first blog. So this post is about how to start hacking for new comers or who know what is hacking. So I don’t waste your time by talking about what is hacking and all I just start with the basics and good resources and lab to learn all requirements and start doing hacking.
Basic Requirements:
- Know about OS(operating System): So to start in hacking you should have a knowledge or basic understanding of os how they works, like windows,linux etc . So to learn about os solve these labs:
i. Under the wire(to learn about windows os): This is war games platform to learn about windows powershell. Now most people will say they know how to use windows but this platform teach you how to use window in command line.
ii. Tryhackme Learn Linux Room: Tryhackme is a great platform to learn cybersecurity and this is my favorite platform. Learn linux is a public free room on tryhackme to learn about linux os and the best part of this room is it first explain you and than ask you some question.
2.The second thing you should know to start hacking is to know about networking(basics like how packet is transferred and what are different protocols). labs to learn about networking
i. Tryhackme Networking Room: This room just teaches you about what is ip address and what is their classes.
ii.Introductory Networking(Tryhackme room):So once you have learnt about ip address than you need to move on this room.This room teaches you about OSI models (helps you to learn how data is transffered on the internet). And also help to learn some tools used for networking troubleshooting and basics command of networking.
iii.Network Services(Tryhackme room): So now you know about what is ip addresses and what is osi model and some basics commands of networking so now you need to learn about different type of protocols and services. So this room mainly focuses on protocols.
3.Programming: So to start hacking you need to learn about programming to automate your works just basics also good for beginner. This is the best place to learn about programming and that is free.
Step Into Hacking(Penetration testing)
So now you have all the basics knowledge required to start into hacking now I will share two videos link that is help you to learn penetration testing and that is made by my favorite instructor(@TheCyberMentor).
i. To learn network pentesting : This will teach you the basics of hacking with penetration testing process(step by step).
ii.To learn web penetration testing: So web penetration testing is about web app hacking (my favorite part) and to learn web app pentesting I recommend you to watch this video. This is again by the @TheCyberMentor.
Labs to practice these course:
a. To learn about tools : so to learn about tools I will recommend you to go on tryhackme and complete the Red Primer rooms. Go on tryhackme hacktivites and search red primer.
b. Platforms to learn about hacking:
1.Tryhackme: As I told you earlier this is my favorite platform to learn cybersecurity in depth and enhance my skills.
2.Hackthebox: This is similar platform like tryhackme but this platform have limit the machines upto (20) for free users.
3.Wargames: Wargames are the platform that is help you to learn basics understanding of different fields like web app , os etc. There are two big platforms of wargames Over The Wire and Under The Wire.One is based on linux based systems(overthewire) and other is based on windows based systems(underthewire).
Steps into Bug Hunting:
So now you have learnt the penetration testing using ctfs and challenges. So now you can go for bug hunting. So what you need to learn for bug hunting. So let me tell you bug hunting is a big platform where you have to compete with world’s best hackers.
So lets start how to learn bug hunting.
a. Books to learn bug hunting:
To learn bug hunting follow these books in sequence as I have show you.
1.The Tangled Web: So this book I place on first because this book will teach you the basics of web apps. It will teach you how modern web apps works and how an attacker can attack them.
2.Real world bug hunting: So this book is based on bug bounty hunting (Real world). It have includes different kind of bugs and that methodology used by real world hackers.This is great book and written by Peter Yaworski.
3.Owasp Testing Guide: So now you have read what kinds of bugs are present and now you need to learn how to find them. So for that you need to read this guide.
b.Youtubers you need to follow(must be):
So to learn bug bounty there are many resources and youtube is also in the list of it. So here I will give you the links to learn bug bounty.
I love these guys the Nahamsec will teach you the recon automation and bug hunting methodology using his talks with other hackers. And Stok this guy is so cool and to be a successful bug hunter you need to watch his Bounty Thursday(but till m missing his bounty thursday).
Now these channels will teach you about bug hunting now to stay and watch bug bounty poc I will recommend you two channels.
c. Labs to learn bug hunting:
- Port Swigger Web Security Academy: So portswigger is the company who develop the Burp Suite and we all know that the burp suite is the great tools of all bug hunters. So they have there own web sec academy to learn and practice different kinds of bug found in modern web apps.
2. Flaws in cloud: Port swigger will teach you the different bugs but now a days web apps use cloud based technology so how you can practice those bugs. Don’t worry I will give you a link to practice cloud flaws and hack them and than go for hunting.
3. Cloudgoat:This is vulnerable cloud based web app that you can install on your local machine.And practice different types of cloud flaws.And for this I am very thankful to my special friend on twitter(@nehatarick).
4. Hacker101 Ctf: This is great resource to practice your bug hunting skills and if you able to solve there ctfs and than you may get invite to private programs by hackerone(№1 Bug bounty Platform).
If you like this blog than please follow me on twitter @Virdoex_hunter. and also subscribe my channel. And the last but not least please like this post.
My channel link:
Thank You.
