Pentesting 101

I am sometimes asked the question "how to start in Penetration Testing/ Bug Bounty" and I feel speechless as I am not sure where to point a beginner as there aren't many resources that won't confuse a beginner. I understand the struggle newcomers go through, as I too went through the same when I was beginning. Back then I only wished somebody could tell me what to do, how to start and, what skills to gather. I am thus writing this guide to help newcomers in the field, this guide is suitable for both students and working professionals.

A beginner may sometimes get overwhelmed by the breadth (as well as depth) of the field, but don't let this discourage you, always remind yourself that the same immensity also means the field has a lot of opportunities. However, becoming an expert would take some time and a lot of knowledge. I am thus segregating the guide into three levels, Basics, Intermediate, and expert level. However, feel free to skip something if you are already aware of, or if confident enough.I am going to list some of the topics to learn, methodology to practice, some Dos and Don'ts. So let's begin

The Web

1. HTTP/ HTTPS
   1. What is HTTP (an overview)
   2. Client-Server architecture
   3. Handshake
   4. HTTP request and response
   5. HTTP methods
   6. HTTP status codes
   7. HTTP Headers
   8. URL/ URI/ URN
   9. Proxies
   10. Cookies
   11. Session
   12. HTTP Connection
   13. Various HTTP Headers
2. SSL/ TLS
   1. Cryptography
   2. Certificates/ CAs
   3. SSL/ TLS handshake
   4. PKI
3. Web application architectures
   1. Monolithic
   2. N layered
   3. Clean
4. The client: Browser
   1. HTML/ CSS/ JavaScript
   2. Developer tools
   3. Checking certificate
5. The server
6. Proxy
7. Cache, CDN, Reverse Proxy
8. Load balancers, SNI
9. Modern Web
   1. JavaScript
   2. AJAX
   3. DOM
   4. Web Sockets

Network

1. IP address, MAC address, ISPs
2. Router, Switch, Hub
3. Broadcast, Multicast, Unicast
4. LAN, WAN, MAN, VLAN, Segmentation
5. Subnets, Subnet mask, CIDR notation
6. TCP/ UDP
7. OSI Model
8. TCP/ IP Model
9. Routing, Port, NAT, PAT, Port forwarding,
10. TCP Handshake
11. DNS, DNS records, Name resolution, Zones, DNSSEC
12. ARP, RARP
13. DHCP
14. NetBios, LLMNR
15. NFS
16. SMB, SAMBA
17. POP, SMTP, IMAP
18. Active Directory, Domain Controller, Users, Groups
19. Rights, Trusts, ACLs, DACLs
20. NTLM, Kerberos, PTH, PTT, Token
21. LSASS, SAM,

Operating System

1. Terminal/ CMD prompt, shell
2. Ipconfig, getmac/ Ifconfig/ Ip
3. Nslookup, Netstat, Tracert
4. sysetminfo/ uname -a, lsb_release, /proc,
5. DNS, Host files, Cache files
6. Tasklist, ps
7. Registry/ /proc, /etc
8. User/ Kernel
9. Memory, Stack
10. Services, Process
11. Nc, netcat
12. Wireshark, Tcpdump
13. User accounts, Administrator/ root
14. Local, domain users
15. Password, Authentication, Authentication Manager
16. Authorization, Privileges, Tokens
17. Programs/ Applications
18. Executable, Libraries, Hooking, Process execution, Memory allocation

Data

1. Database
2. CIA
3. Query Language: SQL, NoSQL
4. Directories, Directory services, LDAP
5. Files
6. API, REST, SOAP
7. JSON, XML, GrraphQL
8. Serialisation/ Deserialisation
9. Template Engines
10. Password storage

---

Security

1. Authentication, Authorisation, Accounting
2. CIA, Validation, Verification
3. Password, Token/ Key, Session, Digital Signature
4. PAP, CHAP, EAP
5. Radius, 802.1x, TACACS
6. Kerberos, OpenID, NTLM, Basic Auth
7. Directory, LDAP
8. Encryption (Symmetric, Aymetric), Encoding, Hashing, Salt
9. SSL, TLS, RSA, ECC, MD5, SHA1, NT, LM
10. Encryption/ Decryption Oracle
11. Tunneling, VPN, IPSec, Tor
12. DMZ, Bastion host, Screened subnet
13. NAC, Firewall, Proxy, IDS/ IPS, EDR, Anti Virus, XDR, SOC, NOC,
14. Zero Trust network, Microservice, Microsegmentation
15. SSO, SAML, Oauth, JWT
16. Sandbox, Microkernel, Containers, Virtual Machines, Hypervisor
17. DKIM, DMARC, SPF

Weaknesses

1. Trust
2. Validation
3. Assumptions