Josephex🦍 The XSS Rat - Proud XSS N00b :-) Coffin Smukx.E Tip : - Use portswigger, it's one of the best web security learning platform with good hands-on labs... You're not using it effectively; also, don't depend on one resource for knowledge, look into other platforms as well... Read less, practice more; practice makes you

Becoming a Security Researcher with Gospel as my mentor — Day 24 - Finished two THM rooms: Authentication Bypass and IDOR. - Tried the techniques I learnt on a live site with 100k+ users and found an IDOR, my first real discovery. Proud of the progress.

Some say: "I have nothing to hide." But privacy isn't about hiding, it's about control. If someone can track, predict or manipulate your decisions, they hold power over you.

Becoming a Security Researcher with Gospel as my mentor — Day 25 - Revised my previous notes, going over key concepts to strengthen my understanding. Went through several bug bounty write-ups, analyzed different exploitation techniques, and noted down new methodologies.

If you’re serious about hacking and cybersecurity, you need two things: the right reading list to shape your mindset, and a practical toolset you actually know how to use. This article gives you both. cybergeneration.tech/the-ultimate-h… Repost to help others 🫡 Abdulkadir | Cybersecurity

Becoming a Security Researcher with Gospel as my mentor — Day 26 - Completed the File Inclusion room on TryHackMe today, without PHP knowledge. Spent extra hours deep-diving into filter evasion techniques, chaining LFI to RCE payloads, and experimenting with obscure wrappers

Becoming a Security Researcher with Gospel as my mentor — Day 27 - Completed the Intro to SSRF* room on TryHackMe. Nailed SSRF basics: blind, semi-blind, and out-of-band attacks. Exploited internal services on THM labs to grab hidden data

Becoming a Security Researcher with Gospel as my mentor — Day 28 - Read Vickie Le’s book on bug bounty. Learned practical ways to discover hidden directories in web apps, how to automate subdomain enumeration by brute forcing, and techniques for finding information in repos

Becoming a Security Researcher with Gospel as my mentor — Day 29 - Completed the race conditions room on TryHackMe and understood how timing vulnerabilities work. - Read Vickie’s book on bug bounty, learning GitHub recon, OSINT from job listings, and fingerprinting techniques.

Becoming a Security Researcher with Gospel as my mentor — Day 30 - Finished the Command Injection room on TryHackMe - Continued working on building a proper research lab with the tools mentioned in Vickie’s book plus updated ones and listened to a few Darknet Diaries episodes

Becoming a Security Researcher with Gospel as my mentor — Day 31 - Finished the Burp Suite: Repeater room on TryHackMe and moved on to Burp Suite: Intruder. - Spent most of the day listening to Darknet Diaries episodes to sharpen my mindset.

Becoming a Security Researcher with Gospel as my mentor — Day 32 - Today was meant to be a rest day, but I still felt like putting in some work, so I went ahead and completed the Burp Suite: Intruder room on TryHackMe.

Am I the only person experiencing this?, this happened in the middle of completing a room. TryHackMe

Becoming a Security Researcher with Gospel as my mentor — Day 33 - Finished the Burp Suite: Other Modules room on TryHackMe. Learned how to use the decoder/encoder tools, comparer, sequencer, and the organizer efficiently.

I'm sick again, worse than the last time. Gonna be taking a break for this one.

Becoming a Security Researcher with Gospel as my mentor — Day 34 - Got some energy from drinks and completed 3 THM rooms (Burp Suite Extensions, Passive Recon, Active Recon); honestly Vickie’s book explained recon better, now moving on to Nmap live host discovery.

cat domains.txt | waybackurls | grep ".js" | grep -v ".json" | sort -u | anew js_files.txt Sometimes the above result won't be enough, so i go after scanning "js_files.txt" for more URLs using "gf" ( this takes time, sometimes ) - cat js_files.txt | gf urls | anew urls.txt

What did you learn at church today?

Becoming a Security Researcher with Gospel as my mentor — Day 35 - Finished the Nmap Live Host Discovery room on THM, then went back to Vickie’s book to learn how to write recon scripts properly. Wrapped up the day listening to some cybersecurity podcasts.

Becoming a Security Researcher with Gospel as my mentor — Day 36 - Wrapped up the Nmap Basics Port Scan room on THM, reinforcing my understanding of how different scan types reveal host and service information. Also spent time listening to a few cybersecurity podcasts