Important note

Read: https://docs.google.com/presentation/d/1xgvEScGZ_ukNY0rmfKz1JN0sn-CgZY_rTp2B_SZvijk/mobilepresent?slide=id.g4052c4692d_0_0

Go to Github page: https://github.com/nahamsec

Read: https://github.com/nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters

Follow every bug hunter on Twitter. Follow all @bugbounties *

Sign up on HackerOne’s www.hacker101.com. Download the free web hacking 101 book. Follow every person on Twitter the book mentions.

More excellent reads: https://www.hackingtutorials.org/infosec-books/the-best-hacking-books-2018/

Read bug bounty blogs from BugCrowd, HackerOne, Tenable, Port Swigger, https://skeletonscribe.net (James Kettle), https://pentester.land/, etc

https://portswigger.net/web-security/learning-path

Subdomain takeover

• https://0xpatrik.com/subdomain-takeover-basics/
• https://0xpatrik.com/subdomain-takeover-ns/
• https://nitter.snopyta.org/i/status/1416770928092975105
• https://github.com/tripmine253/pentest-book/wiki/subdomain-takeover
• https://github.com/EdOverflow/can-i-take-over-xyz
• https://github.com/indianajson/can-i-take-over-dns

pcampus content:

https://github.com/PCampus-InfoSec-Enthusiasts/learning-resources

some tryhackme rooms to try

Linux Agency room

others

nmap -p- --min-rate=10000

nmap -p- --min-rate=1000 10.10.12.12

feroxbuster recon like gobuster