So I decided to try and get into infosec as a hobby couple of months ago, after dusting off my programming skills and going through some of my old networking notes as a refresher, I did some courses for beginners in bug bounty and familiarized myself with some core tools. Then I noticed that a lot of people were suggesting PentesterLab Pro as a way for newbies to get into the infosec/bug bounty field so I decided to give it a go. Did the introductory and unix badges no problem but since I 've gotten into the essentials badge, I feel like I don’t understand what I’m doing, sure I get the gist of what I’m supposed to do and I can solve most labs by playing around a bit with burp but I don’t actually understand what I’m doing. Most of the time I’m just doing random stuff like adding some parameter or changing some values etc until something works but I don’t get why that worked and something else didn’t. For example I don’t get why adding a parameter = True in the request text works but adding it from the params tab in burp doesn’t or why setting a parameter = True doesn’t work but setting same parameter = 1 does. Or why tweaking the URL grants you access, I get how to do it but I don’t understand the concept behind it or how I would know what to do if the lab didn’t have clear instructions and hints. Sure I could google that stuff but if I just google everything, isn’t actually using PentesterLab kind of useless? I know there are videos that go with every lab as an explanation but they are more like quick solutions without much explanation and I guess they are more geared towards people with a bit more knowledge than me. Any advice on how I should approach this? Is there something I’m missing or should I just use some other resources until I’m ready for PentesterLab?
Thank you in advance!
Edit: Sorry if I make it look like I’m bashing on PentesterLab, the platform actually seems great I’m just wondering if it’s right for me atm