WHO AM I? And My Experiments with Hacking

This Note is about my journey into hacking. I receive a lot of email inquiries from people who want to learn how to hack. “I’m a beginner in hacking,” they write, “how should I start?” or “I want to be able to hack my friend’s Facebook account.” Here are some detailed technical instructions on how to get started as a beginner and how to evolve as you gain more knowledge and expertise in the domain. Hacking is a skill; if you want to learn hacking solely for fun, things will not work out for you. You should decide to learn hacking because of your fascination for technology or your desire to be an expert in computer systems.

What is Hacking / Ethical Hacking?

Hacking or Ethical Hacking is one of the most powerful field in IT world. Hacking is the process of breaking into computer systems with specific purpose. To find out the vulnerabilities and make a test on it to know weakness and strength as well as to improve system security so that it can work efficiently without any interference.

Introduction

My Name is Ali Malik, a WordPress developer with over five years of experience designing and implementing secure and intuitive websites. My passion for web development led me to specialize in the field of hacking and web security, which enables me to create versatile, efficient and well-designed websites that are secure from mediums such as XSS, CSRF, SSRF, SQL Injection and more.

Where it all began ?

I came to know about hacking when I was in college, roughly in 2014. My friend had learned how to perform phishing attacks and successfully took over my Facebook account, which was something that I found hard to believe until that point. After getting my account back, I started searching the Internet for information about hacking. All I could find were tutorials on how to hack Facebook accounts. At the time, all that interested me was how to hack a Facebook account. After about a week of learning tricks from different sources, I found an interesting forum post that described a way of fooling people into revealing their passwords by posting links in forums and emails or messages created by strangers who claim to know where you live or work. That day changed my life forever as it gave me access to thousands of accounts which had been left vulnerable with simple setups like virus driven search engines and email scams.

Then one day i was searching on Facebook about Hacking when I found a Guy named Khanal Syouga (And Now He is One of My best friends). I stared Talking to him about how he hacked accounts, websites etc. And In no time I learned 2 Ninja Tricks for Hacking & Defacing Websites…

After some weeks, I successfully hacked 20 to 30 websites and defaced them. But I wasn’t having fun doing it so I went back to googling and after some time learned advanced Google dorks that allowed me to find vulnerable sites from them. Then exploiting them by tools like Sqlmap, and then learning a little about Man-in-the-Middle attacks, Shell-Injection Compromising panels etc . . . . . . And after that I got to know about symlinking, server jumping and a little about rooting etc… I don’t wanna mention many things but I have to say it was fun… ;)

Well I think its Enough of The Introduction and Story Line Now Lets get straight to The point “How To Become a Hacker/Pentester/WhiteHat…….”

I receive many messages from people asking me how to learn Hacking. So I’m writing this for all of you who want to learn how to Hack. I’ll attach some books, references, blogs, YouTube channels and other material that will hopefully help you learn how to Hack.

First of all I want you guys to watch this video by Stok Fredrik https://www.youtube.com/watch?v=CU9Iafc-Igs It has become the de-facto standard guideline for aspiring hackers………

I prefer Reading books Like Mastering Modern Web Penetration Testing, The Hacker’s Underground Handbook, web hacking 101 etc

Books

These are the Important Books to Read Otherwise Here are Some More Books That May Help you :) Google Drive Link
Also :) For Those Who Want something Related to Reverse Engineering Follow this Google Drive
So These were Some Important Books Which I shared With you Guys :) Lets Get Towards Blogs!
Their are Plenty of Blogs Shared By Hackers on Daily Basics That You can read to learn More and More……….
https://blog.it-securityguard.com/
https://blog.innerht.ml/
http://brutelogic.com.br/blog/
https://klikki.fi/
http://philippeharewood.com/
https://seanmelia.wordpress.com/
https://respectxss.blogspot.com/
https://www.gracefulsecurity.com/
https://whitton.io/
https://tisiphone.net/
http://archive.nahamsec.com/
http://danlec.com/blog
https://wehackpeople.tumblr.com/
https://bitquark.co.uk/blog/
https://www.arneswinnen.net/
http://bugbountypoc.com/
https://medium.com/@arbazhussain/
https://shahmeeramir.com/
http://www.shawarkhan.com/
https://blog.detectify.com/
http://www.rafayhackingarticles.net/…
https://forum.bugcrowd.com/
https://securitywall.co/
https://www.hackerone.com/blog
http://www.securitytube.net/
https://hackasia.org/
http://www.gangte.net/
https://mukarramkhalid.com/
https://securitytraning.com/
https://jubaeralnaziwhitehat.wordpress.com/…
http://hackaday.com/
http://www.securityfocus.com/
https://packetstormsecurity.com/
http://www.blackhat.com/
https://www.metasploit.com/
http://sectools.org/
https://labs.detectify.com/
https://blog.rubidus.com/
http://www.securityidiots.com/
https://hackernoon.com/
https://sqli-basic.blogspot.com/
https://bugbaba.blogspot.in/
https://vulnerability-lab.com/

Here are some websites that I visit regularly to stay up-to-date and learn new things. There are many other blogs and websites missing from this list, so please add them to the comments so I can share them with others! Sharing is caring.

another advice…… Regularly follow http://h1.nobbd.de/ to b updated with hackerOne Public Bug reports You can learn alot from them, Follow OWASPhttps://www.owasp.org/index.php/Cat… Also alternatively You can Join Slack Community fro Hackers https://bugbounty-world.slack.com/:)
Also You should Consider practicing Your Skills on http://www.itsecgames.com/ , http://www.dvwa.co.uk/ And Other Applications Like this

HackerOne Public Reports!
These Reports might help you guys to get some indepth idea of BugBounty hunting..

Bug Bounty Reference
A list of bug bounty write-up that is categorized by the bug nature, Written by ngalongc this is inspired by https://github.com/djadmin/awesome-bug-bounty

Following form a recent Blog post from My Friend Arbaz Hussain I’m Sharing out “10 rules of Bug Bounty”
Targeting the Bug Bounty Program
How do you Approach the Target ?
Don’t Expect Anything !
Less Knowledge about Vulnerabilities and Testing Methodologies :
Surround yourself with Bug Bounty Community to keep yourself Updated.
AUTOMATION
GET BOUNTY or GET EXPERIENCE:
FIND THE “BUG” or FIND A “BUG’S CHAIN”:
FOLLOW MASTER’S PATH:
RELAX & ENJOY LIFE:
If You want to Learn about these Steps In Details Follow Up the link
https://medium.com/@arbazhussain/10-rules-of-bug-bounty-65082473ab8c

Being a security researcher, it is really tough to keep yourself up to date. I’d ask the beginners to focus on self study and learn things by themselves as everything is possible all you need is the passion of taking a step after that you can achieve anything. Nothing is impossible to achieve. All i achieved was by doing self-study and self motivation and without any certifications. You are never a perfect person, but you are still better then the rest of the people. For being a security researcher, all it takes is the passion to achieve something. I hope this article helped you motivate to take a positive step in life..
Well That’s All I can Share With you Guys :) At this Phase :) Will Keep this Note Updated If I found anything :) That can b helpful for Others……… I still Have to Learn alot,

!Thanks For Reading!