Silk road to Bug Hunting

Ahmed Najeh
3 min readMar 24, 2024

--

Windows Fundamentals

· Learn how use computer

· How to use the Internet

· How to Searching for information in search engines professionally

· How to Use Chat GBT to obtain information on a specific topic

A+ Certification

https://mega.nz/folder/zSpnzKKD#UPhqD2NZBoM3ImhvMsx9qA

Network

· Network Concepts

· Network Protocols

· Network Topologies

· Network Devices

· IP Addressing and Subnetting

· Network Security

· Network Troubleshooting

· Wireless Networking

Network+ Cert

https://mega.nz/folder/fC5njSyR#NMw88ZzRaYhDTSmYewodXA

Linux

· Ways to use tools in a system

· Linux command line

https://learn.microsoft.com/en-us/training/paths/shell/

Programming Languages

C++ ) You need to learn this language because it helps you learn other languages (

· Syntax and Basic Structure

· Data Types

· Variables and Constants

· Operators

· Control Flow

· Functions

· Arrays and Vectors

· Pointers and References

· Object-Oriented Programming (OOP)

· File I/O

· Exception Handling

https://elzero.org/study/cplusplus-study-plan/

HTML + CSS ) You need them to understand how the website is designed(

https://elzero.org/study/html-2021-study-plan/

https://elzero.org/study/css-2021-study-plan/

JavaScript

· DOM Manipulation

· XSS ( R , S , Dom )

· Client-Side Validation

· AJAX and Web APIs

· Event Handling

· JavaScript Security Headers

· Browser Security Features

· JavaScript Obfuscation Techniques

· Client-Side Storage

https://mega.nz/folder/ya5W0Lxa#Ocx3Gbtkv8PqSzzSpG6PfA

https://mega.nz/folder/ub40ARZD#TmsUGA1MK4_-lVbRvJG-QQ

JSON

· JSON Injection

· Input Validation

· JSON Schema Validation

· Data Encoding and Escaping

· Client-Side JSON Handlin

· Server-Side JSON Processing

· JSON Web Tokens (JWT)

· Secure JSON APIs

· Security Testing Techniques

PHP & Laravel

· Authentication and Authorization

· Input Validation

· Route Protection

· Database Security

· Error Handling and Logging

· Session Management

· File Upload Security

· Security Headers and Middleware

· Third-Party Package Security

https://elzero.org/study/php-bootcamp-2022-study-plan/

MYSQL

· SQL Injection (SQLi)

· Input Validation and Prepared Statements

· Privilege Escalation

· Database Configuration

· Data Encryption and Hashing

· Security Vulnerability Assessment Tools

https://mega.nz/folder/wswGEIhb#tsqUggTZyfy5HyRWUkV9sg/folder/FgQRyaqb

Bash script ) You can learn it at any time with the other languages ​​above(

· Command Line Basics

· Shell Scripting Basics

· File System Operations

· Text Processing

· System Administration Tasks

· System Configuration Analysis

· Log Analysis

· Network Monitoring and Analysis

https://mega.nz/folder/CGBj3S5S#UT2y_zzEcV8MybIEHvhpGQ

Also after that you can increase your experience in important languages

· Python

· Ruby

· Graphql

Web Application Security

· Security Vulnerabilities ) XSS , CSRF , IDOR , SQLI , authentication bypass, … ETC )

· Concurrency and Race Conditions

· Memory Leaks and Memory Corruption

· Buffer Overflows and Underflows

· Logic Errors

· Input Validation and Sanitization

· Resource Leaks

· Performance and Scalability Issues

· ETC …..

Start Hack

· Select your goal

· Learn How to Enumeration

· Learn how to recon ) Active & Passive Reconnaissance )

· Learn how to search for site files & folder

· Record your notes as you work

· Find out what dangerous information is being leaked and can report it

· Learn how to extract visible and hidden parameters

· Learn how to exploit the security vulnerability

· Try to escalate the vulnerability to the maximum extent possible

· Learn how to understand the severity status of any vulnerability

· Learn how to write a report correctly

Good Luck

--

--

Ahmed Najeh

ذو العَقلِ يَشقَى في النّعيمِ بعَقْلِهِ وَأخو الجَهالَةِ في الشّقاوَةِ يَنعَمُ https://hackerone.com/im4x https://web.facebook.com/im4xx/