Forwarded from ππ€π¨π©π¨ππ
2025 Roadmap:
1)Portswigger labs:
pick one lab for eg ssrf give it 2-3 days to complete all. for me i complete these types of labs in some hour but dont do that. do with relex mind and with aim for learning not for just completing the labs.
2) HackerOne reports:
next task is to read all reports of same labs like ssrf just focus on one bug and follow the methodlogy and learn real world scanario and try to find same on real world target.
3) Medium writups:
install medium app make acc there and follow all the publications like infosec writups and related to the bug hunting read there articles you will get real world experience i will soon share my all writups also..
4)Bugbountyhunting.com
make acc in that website good for testing your skills and solve there challanges you will get real world experience.
5) CTF
make acc on HTB and Tryhackme solve only webapps labs and rooms there to get more experience.
6)YT
follow some people on yt that show real world poc practicles you will get good understanding in video more then written poc good for beginners..
7)Bookmark
bookmark some website like hacktricks and some github pages like bughunting methodlogy or related to payloads and methods repo you will get all payloads from there.
8)Engage with people or make friend who have same interest and work like team collab with them that will double help you in bug hunting..
9) Dont look for comman bugs:
i see many people ask me why i dont find bugs i spend much time still..the answer is you are findings bugs that are so common like xss and p4 more there are many professional hunter in bbp platform who alrday hunted these on all programs so better to find more advance bugs like dependencies confusion,http request smuggling,bac,auth bypass etc bugs then your chances are more then before..if you are not finding bugs that mean you need to work on more skills and new methods.
10) avoid social media
avoid social media seriouslyy this will consume your so much time there algorithm are so strong that they will ingage your with your interests stufss mostly these will show you love,relationship, breakups, beuty,looks perfections, rich things and other mentally disturbing things like soft porn etc also avoid playing online games plz avoid it if you want to use better to use linkedin twitter etc or related to information sharing apps this will help your mind to focus more on the things that u want..
if you follow these things i am 100% sure you will see results in some months if you are really serious about your life..and i dont think nowdays you need any paid course stufss when the information is alrday free on internet you have all things in your hand you just need to find it also after chatgpt i dont think you need much struggle on all these things make chatgpt as your friend.. also mean while if you need any help regarding any bugs or chaining it always dm me i will sure help when i get time..all the best for your new year jurney β€οΈ
1)Portswigger labs:
pick one lab for eg ssrf give it 2-3 days to complete all. for me i complete these types of labs in some hour but dont do that. do with relex mind and with aim for learning not for just completing the labs.
2) HackerOne reports:
next task is to read all reports of same labs like ssrf just focus on one bug and follow the methodlogy and learn real world scanario and try to find same on real world target.
3) Medium writups:
install medium app make acc there and follow all the publications like infosec writups and related to the bug hunting read there articles you will get real world experience i will soon share my all writups also..
4)Bugbountyhunting.com
make acc in that website good for testing your skills and solve there challanges you will get real world experience.
5) CTF
make acc on HTB and Tryhackme solve only webapps labs and rooms there to get more experience.
6)YT
follow some people on yt that show real world poc practicles you will get good understanding in video more then written poc good for beginners..
7)Bookmark
bookmark some website like hacktricks and some github pages like bughunting methodlogy or related to payloads and methods repo you will get all payloads from there.
8)Engage with people or make friend who have same interest and work like team collab with them that will double help you in bug hunting..
9) Dont look for comman bugs:
i see many people ask me why i dont find bugs i spend much time still..the answer is you are findings bugs that are so common like xss and p4 more there are many professional hunter in bbp platform who alrday hunted these on all programs so better to find more advance bugs like dependencies confusion,http request smuggling,bac,auth bypass etc bugs then your chances are more then before..if you are not finding bugs that mean you need to work on more skills and new methods.
10) avoid social media
avoid social media seriouslyy this will consume your so much time there algorithm are so strong that they will ingage your with your interests stufss mostly these will show you love,relationship, breakups, beuty,looks perfections, rich things and other mentally disturbing things like soft porn etc also avoid playing online games plz avoid it if you want to use better to use linkedin twitter etc or related to information sharing apps this will help your mind to focus more on the things that u want..
if you follow these things i am 100% sure you will see results in some months if you are really serious about your life..and i dont think nowdays you need any paid course stufss when the information is alrday free on internet you have all things in your hand you just need to find it also after chatgpt i dont think you need much struggle on all these things make chatgpt as your friend.. also mean while if you need any help regarding any bugs or chaining it always dm me i will sure help when i get time..all the best for your new year jurney β€οΈ
β€5β‘1π₯1
Forwarded from Yekolo Temari (α¨αα α°ααͺ)
#Cybertalents #NewYear2025 challenge have started.
It has started off with #3 challenges with #General, #webSecurity and #machine category.
Good Luck π
It has started off with #3 challenges with #General, #webSecurity and #machine category.
Good Luck π
Forwarded from Mira
i am not into bugbounty, but check this out if you are thinking to start:
https://infosecwriteups.com/my-first-year-in-bug-bounty-10994de47849
#blogs
https://infosecwriteups.com/my-first-year-in-bug-bounty-10994de47849
#blogs
Medium
My First year in Bug Bounty π¨βπ»
Hello all, In this write-up I summarizes my year in bugbounty on all big platform, self hosted and all the numbers, bugs submittedβ¦
π₯2
Forwarded from Tech World
π Graduating from the 3rd Cyber Talent INSA Summer Camp! π
Just a few months ago, I was a Python beginner who had never even heard of Linux. Fast forward to today, and Iβm proud to say Iβve graduated from the 3rd Cyber Talent INSA Summer Camp!
This one month journey was packed with challengesβlate nights, tough problems, and moments of doubt. But every challenge became an opportunity to learn, grow, and push my limits. Working on my project, DNA Vault (a secured DNA storage system), was both exciting and rewarding.
Living on campus for the first time taught me independence and resilience, helping me adapt to a new environment while discovering my true passion for cybersecurity and technology. The support of talented peers and inspiring mentors made this journey unforgettable.
Looking back now, I canβt believe how far Iβve come. The person who joined this camp is not the same person graduating today. This experience has shaped me, both as a programmer and as a person.
Iβm deeply grateful to the INSA Summer Camp team, my mentors, and my peers for their guidance and encouragement. This isnβt just the end of a program itβs the start of a new and exciting chapter in my tech journey. Hereβs to taking on more challenges and continuing to grow!
#INSA #CyberTalent #Graduation #Cybersecurity #GrowthJourney #Gratitude
lets connect in linkedin linkedin.com/in/lidiya-bokona-68621831b
Join us @tech_life_01
Just a few months ago, I was a Python beginner who had never even heard of Linux. Fast forward to today, and Iβm proud to say Iβve graduated from the 3rd Cyber Talent INSA Summer Camp!
This one month journey was packed with challengesβlate nights, tough problems, and moments of doubt. But every challenge became an opportunity to learn, grow, and push my limits. Working on my project, DNA Vault (a secured DNA storage system), was both exciting and rewarding.
Living on campus for the first time taught me independence and resilience, helping me adapt to a new environment while discovering my true passion for cybersecurity and technology. The support of talented peers and inspiring mentors made this journey unforgettable.
Looking back now, I canβt believe how far Iβve come. The person who joined this camp is not the same person graduating today. This experience has shaped me, both as a programmer and as a person.
Iβm deeply grateful to the INSA Summer Camp team, my mentors, and my peers for their guidance and encouragement. This isnβt just the end of a program itβs the start of a new and exciting chapter in my tech journey. Hereβs to taking on more challenges and continuing to grow!
#INSA #CyberTalent #Graduation #Cybersecurity #GrowthJourney #Gratitude
lets connect in linkedin linkedin.com/in/lidiya-bokona-68621831b
Join us @tech_life_01
π«‘9π€1
This media is not supported in your browser
VIEW IN TELEGRAM
π₯4π4π1
heeyaa fam
happy epiphany for those who are celebrating ππ
and btw here is the channel i created for file sharing purpose check it out : @Afr0Files
@AfroSec
happy epiphany for those who are celebrating ππ
and btw here is the channel i created for file sharing purpose check it out : @Afr0Files
@AfroSec
π3πΏ2
methodology that i used
@AfroSec
subfinder -d example.com -all -recursive > subdomain.txt
for subdomain
cat subdomain.txt | httpx-toolkit -ports 80,443,8080,8000,8888 -threads 200 > subdomains_alive.txt
live subdomain
katana -u subdomains_alive.txt -d 5 -ps -pss waybackarchive,commoncrawl,alienvault -kf -jc -fx -ef woff,css,png,svg,jpg,woff2,jpeg,gif,svg -o allurls.txt
to fetch passive urls
cat allurls.txt | grep -E '\.xls|\.xml|\.xlsx|\.json|\.pdf|\.sql|\.doc|\.docx|\.pptx|\.txt|\.zip|\.tar\.gz|\.tgz|\.bak|\.7z|\.rar|\.log|\.cache|\.secret|\.db|\.backup|\.yml|\.gz|\.config|\.csv|\.yaml|\.md|\.md5'
search for sensetive file
credit: lostsec.xyz@AfroSec
π4