I am a retired software and hardware engineer and hacking was something i always wanted to try and i finally got the time. I am currently deep into the learning stage so i thought i would pass on a few things before i forget…old age does that to you!
First, stay away from programs that dont offer a bounty…if a company isnt willing to pay you for results than they are probably looking for free pentests or worse, just a checkbox on a company report. I had one bad experience on another site which was enough for me to leave and give bugcrowd a try.
Search engines are your best friend. It is amazing what is available on the internet. Basic search skills will reduce your overhead in many ways. Everything is on the internet…you just have to find it.
Dont be impatient. Portswigger has a great tutorials and labs. I have gone through about half of their labs so far. I dont spend a lot of time agonizing over a lab…if i cant get it in about an hour i hit the solutions and follow the steps. I want to see things not beat my head against the wall. If you arent a student find a relative or friend with a student id who will sign up on some of the paid educational sites for you…You can get on good ones for about eight dollars a month with a student discount.
For tools i have learned to use burp suite, metasploit, subbrute, a couple of vulnerability scanners, sqlmap and most important google dorks. The search engines will block you but if you try longer time delays and different ips you can usually get through their checks.
I try to stay hidden. I use nordvpn simply because a vpn hides everything i do from my isp and nord has some interesting tools which i found useful for bypassing the search engine checks and other neat things like coupling to the tor infrastructure.
I spend very little on computer power. Old hp elite 8300’s in the small or ultra small form factor can be purchased for less than a hundred dollars. Bring them up to 16 gb of ram for about thirty dollars, add a 500 gb sdd for another thirty, 10 for a bluethooth and wireless usb and a wireless keyboard and mouse and for less than 200 you have a 3 gig+ quad core machine that will easily handle virtual box with kali and windows capability. This adds another level of hiding cause it gives you a fresh browser. A cheap 1900 x 1024 monitor is another hundred if you dont have one laying around. For the price these are screaming machines. And the ultrasmall form factor is about 11 inches square and about three inches deep so it doesnt take up a lotta space. They come with about 10 usb ports. Learning to modify one is a great education in itself.
Dont be in a rush. I am seventy two and am in no hurry. There are so many unfound bugs out there. Be patient and get paid for your results. If you dont, like they say, vote with your feet and find another program.
And lastly follow your instincts…if something feels wrong when doing recon, something probably is wrong and a good place to start hunting…and learning.
hope this helps sombody,
george