/HowToStart

This repo about how to start in Pen-Testing Fields

HowToStart

Web Pen-Tesing

  • Learning Programing language (PHP, JS, MySQL)

    • PHP: it will help to understand the applications so you should know it well
    • JS: It will not just help you with JS and making new payloads, but it will make you to dig deep with the JS files it will give you some Cool things.
    • MySQL: this will help to understand the SQL injection and making right queries when you trying to exploit.

  • Understand the vulnerabilities

    • You should know what is the vulnerability, What Code makes this vulnerability, How to find this vulnerability in Applications, and How to solve it.

  • Playing CTF

    • CTFs is have some real world examples for a vulnerabilities or CVEs or some new exploits you will know from it.

  • Do some Bug Hunting and this website will help BugBountyHunter.

    • Watch this Methodology by Jason Haddix.
    • Initially, you can start with hunting on programs that offer points to gain experience.

  • You can take eWAPTx & eWAPT

    • eWAPT: it will be a good one in the beginning because it has some basics about Web Pen-Testing.
    • eWAPTx: this one is advanced one you can start with it when you be at least good with the vulnerabilities and the matriales in eWAPT.

  • Web Pen-Testing Course by Ebrahem Hegazy (Arabic Course)

    • This will help you to understand the vulnerabilities, how to send a right report, and will Bug Hunting live.

Network Pentesing

  • Network+

    • It will make you understand network, Design and implement functional networks, and implement network security standard and protocols.

  • Linux+

    • You will understand linux and how to use it from this course.

  • TCM TheCyberMentor Course

  • Scripting with Python or Bash

    • Use any scripting language it will be you with automation.

  • Understanding Operating systems windows/linux (You can take OS course)

    • taking a OS course it will make you understand the OS kernal and Memory Management.

  • Good course for Privilege escalation for linux & Windows

  • Practice (it will be hard at first but after some tries, it will be okay)

  • Basic knowledge of Reverse Engineering

  • Certificates

    • PTS (Beginners)
    • PTP
    • PTX
    • OSCP

Mobile Pentesting

  • Learning Java & Create mobile apps to Practice

  • Basics of Linux (you can use this Book)

  • eMAPT Course (Its very basics)

    • This is not the best one but it will give you the first step but it's not all think

  • SEC575 from SANS

  • FOR585 from SANS

  • Good Blog as Reference

  • To Practice you can try some Bug Bouny Hunt on programs use Mobile Apps

Malware Analysis