Like everyone else, I started watching walkthrough videos and reading blog posts in the beginning to familiarize myself with methodologies while taking detailed notes and following along with them with my Kali Linux machine.
78 machines completed (All of the 2022 lab machines)
–
Besides working on lab machines, I've learned some core penetration testing methodologies. Below is not the complete list but the summary of the learning progress.
Port scanning with Nmap
Directory busting with gobuster/dirsearch
HTTP enumeration with Nikto and CMS scanning tools such as WPscan
SMB enumeration
Active Directory enumeration and attacks using popular tools like mimikatz and powerview, obtaining domain controller's kerberos tickets and cracking them offline to access it.
Cracking passwords with patator/john
Creating malicious executables with msfvenom
PHP command injection
Exploitation with Powersploit
SQL injection (Union attacks, login bypass)
LFI/RFI
Using Burpsuite to observe network traffics and brute force logins
Privilege Escalation techniques such as spawning a tty shell/utilizing GTFO bins to get root shells/cross compiling exploits/modifying and exploiting cron jobs)
Various Antivirus evasion techniques
Finding public exploits for vulnerable services, modifying them if needed to exploit machines
Buffer Overflow exploitation
Transferring files between Kali and the Target using different techniques
After passing the OSCP, I wanted to learn more about how the web based attacks work and how we can protect applications from these attacks. So, I decided to learn more by doing the followings.
Detect and prove the full business impact of a wide range of common web vulnerabilities using the Burp Suite Pro
Adapt attack methods to bypass broken defences, using knowledge of fundamental web technologies.
Quickly identify weak points within an attack surface, and perform out-of-band attacks to attack them.
Secure Coding
I'm currently learning OWASP ASVS secure coding practice in Java and Python through the Secure Flag platform.
I'm also learning to build applications in java and python, introducing vulnerabilities in them, and mitigate them by applying the secure code/ practices.
Trying out for bug bounty
I've tried out for some bug bounty programs to test my skills and I was successfully able to submit some valid reports.
By working through some programs, I learned some valuable enumeration techniques, established testing methodologies, and became competent in writing comprehensive POC for bug bounty program engineers.
Udemy Courses Completed
I understand taking courses is not the same as having experience, but I do believe you have to start from somewhere.
