Disclaimer: I’m not good in this and still learning, just want to share my experience.

I’ve noticed that there are so many questions in reddit asking how to start web pentest, how to be good in it, etc.

Short answer: Read, practice, repeat the process

Long answer:

The reason why I write the post here is I find that very difficult in real life to get someone to guide, help and show me tips and tricks. Instead, I had to learn it the hard way and find the answer by myself. So, I hope that by this little sharing I can help those who are struggling just like me. Remember, you’re not alone out there, this subreddit is very helpful. I’m glad I found this.

I used to try different vulnerable web apps such as DVWA, Mutillidae, WebGoat, and many more.

What I did wrong was I did not try hard to understand what the application does. Instead, when I stuck, I was quickly google for solution, and read about the walkthrough and solution for that challenge.

When I do more practice, I realize that in order to build intuition to find a real bug, I really need to map the application, click every single links available, try to really understand every single functions available (while sending all this requests to Burp so that I can analyze it later). Believe me, this part is very important.

Let’s take a look a Lab from Web Security Academy

https://portswigger.net/web-security/csrf/lab-no-defenses

I know this is particularly targeted against “CSRF vulnerability with no defenses”, but when you try it, try to use different payload as you’re on a real target where you don’t know what is the actual vulnerability.

Keep doing this and I believe you’ll getting better from day to day.

Once you find the solution, look at the walk-through, see what others do differently. You might be able to learn one or two tricks from there.

This is what I’ve been doing lately, and if there are more tips and tricks, e.g. how did you learn, feel free to share it especially on web app, api, or mobile pentest.

Hello, this may sound of topic but hear me out, I recently had a conversation with “x” person let’s call it David, so David and I were talking about some books and the theme crypto comes to the table, David is against cryptocurrency cause he thinks that is going to be controlled anyway and can be hacked by the government and been shut down, I tried to explain to him but, it didn’t turn out really well and I am not a hacer or cryptographer, just a privacy enthusiastic and nothing more, yeah I have some technical knowledge but is nothing compare to professionals.

TLDR: David has some inquiries about cryptocurrency security, and that it will be take down in a hack by the government

So, I’ve been inspired by Jim Browning. Yadda yadda. All that stuff. I hate call centers just as much as y’all probably do. However, I figured hacking into them like how he does would be kind of fun to do myself. The hacking part itself isn’t an issue though; it’s just the recon part. I don’t exactly know what I’m up against.

I don’t really know of a plausible way to get the operating system used by most indian scammers. I plan on designing a RAT (ideally the meterpreter since i’d like to not reinvent the wheel; but if that truly won’t work i take no issue making one of my own), but since Windows 10 and up comes with Defender while stuff like Win7 (which may still be used) doesn’t, I don’t know what exactly to do.

I understand scammers are dumb and it’s not exactly going to be the same to a pentest or something, but I’d also like to not underestimate them since that’d have a high possibility of backfiring. Is there any bit of information I can get without actively attacking them blindly, or?

(Sorry for the incoherent post, if it is incoherent)