The tedious journey starting with loads of hesitation, doubts and problems, will provide sudden excitement too.
- A high end computer — The recommended RAM is 16GB and a processor with minimum 6 cores, I personally like AMD Ryzen series(5 3600 in use).
- A person who can initially guide you.
How to start the process —
- Download pentester academy web application and network testing courses. They are easily available.
- Setup of virtual machine. Use Oracle VM VirtualBox.
- Do not skip the videos of ‘setting up of machines’, yes they will be long but setting up machines can be painful if steps are not followed properly.
Why these two courses —
- Network Pentesting course knowledge will come in handy during the job interviews and solving machines on platforms like Vulnhub and HTB.
- Web application course will provide an overview of the common vulnerabilities .Various tools that are being used for testing of applications and bug hunting, will also be introduced.
Note — one can download mobile application course as well, depending on their interest.
Tip — Go through every video of the courses no matter how much time it consumes ,whether you can understand it or not, whether you can perform it on your virtual machine or not. Even you have to stare the video, JUST DO IT.
Let us discuss the most important 2nd Requirement “A person who can initially guide you”.
Now the toughest task is to find a person who can guide you initially with proper intentions. If a person like me, who last touched computer related subjects way back in 2009, definitely need some (a lot of) guidance. So, after spending 4 months on both the courses, I assumed that it was time to apply it in the real world.
Ironically, as soon as I saw a website, my mind went numb. I could not understand how and where to began. I knew about Burp Suite, Nmap, Metasploit etc., but still felt like that I have not learned anything. This is when I realized that I need to find that person.
I contacted tons of people on LinkedIn, on null groups and various social media platforms. Most of them never replied, a few replied and their common replies were — ‘use google, try reading stuff, spend time, learn on your own’ . These were pretty genuine reply but my mind was filled with doubts. This is where I met Neelam(nvermaa.medium.com/ twitter- neelam160), she is a cyber security expert and an exceptional bug hunter.
She likes to help people who are trying to establish themselves in cyber security field. I am really thankful that she guided me step by step for finding bugs and made me realize that I did not waste those four months.
So, those who are reading and are in my shoes, please feel free to reach out to Neelam or me. Though, I am still learning but will help out if asked sincerely. Also, remember the path is treacherous where success is occasional and failures are your shadows but their is a chance to hit a home run as well.
From next articles, it will be about bounties, machines , various tools for bounties and what to read.
I’ll be back.