Skip to content

Security: Azadpurbey/Cyber-Labs-Get-Started

Security

SECURITY.md

Introduction to Ethical Hacking/Pentesting.

Follow steps to start:

  1. Install linux in your system.(Kali Linux recommended)

  2. Learn basic linux commands.

  3. Do the basics of programming.(html/css, js, PHP, sql, python)

    For basics and in-short watch derek videos.link

  4. Few concepts to be learned:

    • Methods (mainly get and post)
    • IP
    • DNS
    • Ssh
    • Telnet
    • Port

How does internet work?

  • Video1 link

  • Video2 link

  • IP: (https://www.youtube.com/watch?v=L6bDA5FK6gs)

  • Solve basic ctf problems from Bandit and Natas

  • After completing this, move to Hack this site(basic and js challenges)

  • Learn Python as many tools/scripts are made out of it.

  • After this move to backdoor sdslads, picoctf previous ctf challenges

  • Learn to use github as it is like a best friend to a hacker

  • Learn about owasp top 10 vulnerabilities.

  • learn basics of vim and nano

  • Some most used commands: cat, ls, vim, ping, file, find, du, pwd, env, chmod, wget,cron,telnet,gzip,bzip2,tar,base64,grep,nc,curl,strings,whatweb, wildcards and many more.

  • Start participating in ctfs on ctftime(this will boost your problem solving skills.)

  • Solve previous questions of CTF and read Writeups.

Cybersecurity has many branches:

1. Web security
2. Network security
3. Forensics
4. Application Security
5. Steganography
6. Mobile Pentest,...

  • Learn creating ssh public key and connecting to ssh server (https://www.youtube.com/watch?v=3CN65ccfllU&list=PLJ_vkrXdcgH-lYlRV8O-kef2zWvoy79yP&index=4)

  • Master some most important tools of Kali: Burpsuite,Webscrab, Metasploit, Nmap, Wireshark.

  • Learn using some browser extention which will help in solving CTF problems: Hackbar,Cookie-editor,Open referer control,...

  • Learn about vulnerabilities: XSS, Htmli, Sqli, Parameter Tampering, Host Header Injection, URL Redirection, LFI, RFI, CCRF, SSRF, Subdomain Takeover, CMDi, XMLI, etc.

Books that may help:

  1. web application hackers handbook
  2. Web hacking 101

links

XSS: (https://www.youtube.com/watch?v=L5l9lSnNMxg)

SQLi: (https://www.youtube.com/watch?v=_jKylhJtPmI)

Some sites to practice Vulnerabilities in Web.

  1. (http://testphp.vulnweb.com/)
  2. (https://hackthis.co.uk) (sqli)
  3. Damn Vulnerable Web Application (DVWA)
  4. Owasp mutillidae 2 (offline)

For Advanced vulnerable machines:

  1. (https://www.hackthebox.eu/)
  2. (https://www.vulnhub.com/)

some useful softwares for:

  1. Steganography: zteg, stegsolve, jstego, hex-editor

  2. Reversing: gdb,edb-debug, gdb-peda, hex-editor

  3. Password cracking: john the ripper, crunch, medusa

  4. SQLi: sqlmap

TO learn cryptography:

  • Best online tool for crypto:cryptii.com
  • For advanced crypto then go for coursera

For networking some basic terminologies to learn are:

HTTP,Https FTP, DNS, SMTP ,ports,MAC Address,IPv4,IPv6,Public v Private IP,OSI model,Routers and switches.

Learn basic regex

  1. (https://regexone.com/)
  2. (https://regexr.com/)

learn bash scripting:

  1. (https://devhints.io/bash)
  2. (https://www.shellscript.sh/)

Then start participating in bug bounty programs on Bugcrowd, Hackerone, etc

Some important resource to learn hacking:

Books for reversing/binary exploitation:

  1. Hacking: The Art of Exploitation
  2. The Shellcoders Handbook

Some useful youtube channels:

There aren’t any published security advisories