Where to start?
Lot of people asking me to teach them hacking, and to work with the on bugbounty programs.
In these cases, my first question is the current knowledge level. Almost all of you are answering absolute beginner. In this case, I do not recommend to start with bug bounty hunting, because the basic principals of cybersecurity are missing from your knowledge.
If you start learning hacking, this will be a hard time for you, and make your own path. Below, I try to summarize which topics you need to be familiar with.
1;What are we talking about?
What is Ethical Hacking, what is the purpose of it, how can you emebed these activities in a huge environment. You should gain some knowledge on enterprise risk management as well in order to be able to set the proper severity value to a vulnerability.
2; Footprinting and Reconnaissance
Every Bugbounty program has a detailed description, with strict rules. One of the most important thing is not only to read, but to understand the statements made there. To be enable to enumerate your target, you must first understand the technology behind it. If you are familiar with it, you can define the possible entry points and map the target with different tools. You won’t find a “framework” what is being launched and showing you the entry point. These tools can only help you, and show you the possibilities. If you need some basic tool, please go to ToolSet section.
3; Network discovery
If you have the opportunity to scan your target (lots of programs don’t allow you), you should start the testing with the infrastructure. Start portscanning, web discovery to get a clear overview.
4; Enumeration
In this phase, you are going to dig deeper in the application, and the underlying infrastructure components. You start collecting as much information of your target as you can. It’s important to document everything! Don’t need to make a report of your work, just take notes. If you find something, it will be much easier to report an issue in the end.
5; Identify the issue
If you find out that a function is not working properly, try to understand what is the risk behind it. Understand the main function of the software, and create a scenario, how an attacker is able to exploit the vulnerability. What is happening, when you can use this weakness. How can you make advantage vs the company or other users? If you can answer these questions, you are on a good path to write a good report. Please take a look at the detailed report writing tutorial HERE.
6; Learning
I think, if you are absolute beginner, the CEH training is perfect for you. It will guide you through the following topics:
- Introduction to ethical hacking: Ethical hacking and information security controls, laws, and standards. Pen tests, security audit, vulnerability assessment, and penetration testing roadmap.
- Footprinting and reconnaissance: Using the latest tools and techniques to perform footprinting and reconnaissance.
- Scanning networks: Techniques and countermeasures.
- Enumeration: Techniques and countermeasures.
- Vulnerability analysis: Detect security gaps in an organization’s network infrastructure, communication channels, and computer systems.
- System hacking: System hacking methodologies, Steganography, steganalysis attacks, and covering tracks to discover network and system vulnerabilities.
- Malware threats: Types of malware (Trojan, virus, worms, etc.), system auditing for malware attacks, malware analysis, and countermeasures.
- Sniffing: Discover network vulnerabilities using packet sniffing techniques and use countermeasures to defend sniffing.
- Social engineering: Techniques and how to identify theft attacks to audit human-level vulnerabilities and suggested countermeasures.
- Denial-of-Service (DoS or DDoS attacks): techniques and tools to audit a target and countermeasures.
- Session hijacking: Techniques to discover network-level session management, authentication/authorization, cryptographic weaknesses, and countermeasures.
- Evading IDS, firewalls, and honeypots: Firewall, IDS, and honeypot evasion techniques, evasion tools and techniques to audit a network perimeter for weaknesses, and countermeasures.
- Hacking web servers: Attacks and a comprehensive attack methodology to audit vulnerabilities in web server infrastructure, and countermeasures.
- Hacking web applications: Web application attacks and comprehensive web application hacking methodology to audit vulnerabilities in web applications and countermeasures.
- SQL injection attacks: SQL injection attack techniques, injection detection tools to detect SQL injection attempts, and countermeasures.
- Hacking wireless networks: Wireless encryption, wireless hacking methodology, wireless hacking tools, and Wi-Fi security tools.
- Hacking mobile platforms: Mobile platform attack vector, android vulnerability exploitations, and mobile security guidelines and tools.
- IoT and OT hacking: Threats to IoT and OT platforms and learn how to defend IoT and OT devices securely.
- Cloud computing: Cloud computing concepts (Container technology, serverless computing), various threats/attacks, and security techniques and tools.
- Cryptography: Cryptography ciphers, Public Key Infrastructure (PKI), cryptography attacks, and cryptanalysis tools.
Cool sites, where you can test and sharpen your skills:
