|
|
|
|
|
|
by kriro
1429 days ago
|
|
|
For pentesting (not bounties) I can recommend HackTheBox + IppSec on youtube. Watch a couple of his videos of retired machines to get an idea of the typical workflow (scanning, what to look for etc.). Focus on one type of easy machine (Linux) and then start working on the machines. Set a target to get all easy machines at first and go from there. I set up a Kali VM to do all my HTB stuff from and keep a notebook of my typical flow so the process is pretty simular for each box I attack. The easy boxes usually require you to somehow identify a waekness and use a ready made exploit for it (or some easily reproducable steps). Privesc is usually also pretty straightforward. However they are not supereasy by any means if you've never done this. |
|
|