What I have learn in my first month of Hacking and Bug Bounty?

Unknown
8 min readJun 22, 2019

--

Hi , In this post I will share everything about hacking , programming and bug bounty , CIFs etc available resources in come across. If you don’t know anything about hacking, then end of this blog you will be advance in hacking.

How I stated this hacking journey with small description?

I have just started learning hacking about 1 year ago. One day I saw a fb group about hacking and I join that group , there I see someone talking about “How can I hack with aircrack-ng?” There someone comment and explain about it.In that post hundreds of comments was posted and I was reading them.There many people started fighting, in that post someone say “I got your ip address bro, you are from pakistan” then other person says “How you expect me to not to use VPN?” . And manything…

I was like 😱 😱 . I never knew, someone can track ip and know other people’s location. And also I can connect Wi-fi without owne’s permissionon.It was awesom. I immediately started googling about everything. I have learning about hacking , Those days I was learning about termux .

I was download tools from github like Hakku , IP GeoLocation , airgeddon , katana , ReconDog etc… And I was thinking myself hacker. LOL

Then after one month I have no any phone or internet connection so I need to stop my learning journey for one year.

I started learning about hacking again one month ago in 24th May

What I have learn in one month ?

I want to be a pentester so I need CEH certificate. But I saw a problem, I can’t find any group in social media or anywhere. In facebook I come across group where people asking “How can I hack facebook?”. Same question again again and again.

Learning About Bug Bounty

So , after googling I found a term Bug Bounty .I started researching about bug bounty and I learning about many bug bounty platform like:

1. Bugcrowd

2. Hackerone

3. synack

4. cobalt

In this platforms you can find bug exchange with money. But remember never ever work for money.

“If you do what you love, you’ll never work a day in your life ”

- Marc Anthony

Many people rush for earning without learning. Firstly you need to focus on you learning.

Now , How to get started with bug Bounty ?

There are some books for web penetration testing and how you can find vulnerability in a website. And also this books will clear you understanding about how website and internet works.

Books:

1 . Web Hacking 101

2. Mastering Modern Web Penetration Testing

3. The Hacker Playbook 2: Practical Guide to Penetration Testing

4 . The Web Application Hacker’s Handbook: Finding and Exploiting Security Flaw

There is some youtube channel I personally like. I suggest you don’t follow what everyone going to tell you. Make your own path.

YouTube Channels:

If you watch all videos of this two channel then you are pro in bug bounty.

Things You Must Read And Learn:

You need to clear basic understanding about -

1. How HTTP works

2. How Networking works

3. What is TCP/IP Model

4. OWASP_Testing_Project

5. How LinuxCommand work

Now, you have basic understanding about Networking , Bug Bounty Programs And you also can easily play with a terminal. You also know about what is XSS, Sql injection , XEE etc..

Now, It’s Time To Learn Python:

You must learn programming language and python is a great programming language to start with. It is easy to use and also very powerful language.There are many powerful library that will help thing to do easily

Books:

Here is some free and paid books you can read to learn python. And The last book this my personal favorite one.

1. Paid book : Python CookBook, Third Edition

2. Free Book : How To Think Like A Computer Scientist: Learning With Python, by Allen Downey, Jeff Elkner and Chris Meyers

3. Beginner Book : Head First Python: A Brain-Friendly Guide

4. Cool Book : Automate The Boring Stuff With Python

5. For Hacking : Violent Python: A Cookbook for Hackers, Forensic Analysts, Penetration Testers and Security Engineers 1st Edition

Youtube Channels:

There are many youtube video available to learn about python. In case if you don’t know you can watch this channels

Now , you are expert in python. You need to learn more languages like javascript, LinuxCommand And also HTML & CSS

Other Books Programming :

Here is some books to learn about programming

Linux Scripting Book : Mastering Linux Shell Scripting: A practical guide to Linux command-line, Bash scripting, and Shell programming, 2nd Edition

Javascript Book : JavaScript: The Definitive Guide 6e (Definitive Guides)

HTML & CSS : Web Design with HTML, CSS, JavaScript and jQuery Set

Now, Practice You Programming Skill :

You can’t do anything without syntax only if you don’t know how to use those, So you need to practice and practice your programming skill. There are many website for this ..

  1. HackerRank
  2. HackerEarth
  3. Sololearn
  4. Codewars
  5. Codechef

Now, you know programming you know about networking, you know about linux ,python , js programming. It time to play a real game with real world (No you don’t ready for bug bounty in hackerone or bugcrowd 😒 😒)

Lets Play CTFs:

If you don’t know , what CTF is I am telling it shor. CTF(capture the flag) is like games, but it is for hacker and pentesters. You need to find a flag (a piece of code) in website or a virtual machine. In many CTF there is two teams one is red team(who will attack) and other is blue team(who will defence the system)

Now, there are many website give you to test you skill

Hackthebox

Hacker101

Rootme

Hackme

XSS Game by Google

CTF365

BWAPP

Backdoor

There is some website like hackthebox , vulnhub gives you to test you skill on vms.You can download vms from vulnhub and test it in you computer.

It’s Time to Hack:

Pentesting , bug bounty is a small part of hacking. Which path you want to chose ? It is all about you cricuty and hunger to learn.

Now, let’s talk about hacking. For hacking you also need to learn many thing like

  1. Footprinting
  2. Scanning
  3. System Hacking
  4. Malware Threats
  5. Sniffing
  6. Social Engineering
  7. Denial of Service
  8. Session Hijacking
  9. Hacking web Servers
  10. Web Application Attacks
  11. SQL Injection
  12. Hacking Wireless Networks
  13. Hacking Mobile Devices
  14. Bots
  15. Cryptography
  16. Reverse Engineering

You need to learn everything And be expert in some things. A hacker is not expert in everything. Because it is impossible to be an expert in every field.

YouTube Channels :

There are tons of thousands of videos on hacking. But you need to be clean what you want to watch in youtube. You want to watch videos how to use other people tools? or You want to make your own?

Books:

There are also many books on hacking but i will suggest you to read book on specific tropic. Then it will clear to understand the concepts. You goal should be to choose one thing about know everything about that.

  1. Metasploit: The Penetration Tester’s Guide
  2. Nmap Network Scanning: The Official Nmap Project Guide(2011)
  3. Wireshark 101: Essential Skills for Network Analysis(2013)
  4. The Shellcoder’s Handbook: Discovering and Exploiting SecurityHoles
  5. Hacking Secret Ciphers with Python: A beginner’s guide to cryptography and computer programming with Python
  6. Gray Hat Hacking 3rd edition
  7. Kali Linux — Assuring Security by Penetration Testing

There is also many books. Google on you interest.

Now Let’s Be Some Social :

You greatest tool is social media. You can get tons of information through it and also for free. Facebook is full of fake hacking group and pages. Through it I found some good resource

FaceBook:

https://www.facebook.com/0xInfection/

https://www.facebook.com/LiveOverflow/

Podcast :

There is very good podcast out there. I generally use castbox to listen podcast you can also find podcasts in itune.

Twitter :

In twitter you follow this tags

How Much Time It Takes To be An Expert?:

Generally you need 10,000 hours to be expert in anything. But you need to be expart in one thing. You notice that in a hacking group every hacker are expert in there own field. Like one hacker is best in reverse engineering and the other open is password cracking another one finding vulnerability. So you need to be persistent in you work. Don’t waste you time. Just keep learning everyday.

And yes I learned this things in one month.

Thank you for your time ☺️ ☺️

--

--

Responses (7)