Q. Why I am starting this?
I have always struggled as a bug hunter. Whenever I read anything new I learn from it but hardly implement it. And because of that whenever I read anything now, it feels like I know it and so couldn't digest complete information that the writeup has to offer. And so the adrenaline rush isn't present there when I consume any information. Because of which I am not able to finding quality bugs. And when you cannot find quality bugs, you can feel the pain. It feels like task done but no satisfaction like you are reporting just for the sake of it. So from now onwards will improve my knowledge first and then will hunt harder to get those quality bugs. So, have thought to first hunt on single bug as the saying goes : Its better to be master of one, than to be jack of all. I will post everything i will read, or refer to and also will try to share my findings (if permitted) with you all. Also will post to-dos and short notes. The resources may not be in sequential order like easy to hard.
My plans For Learning (2hrs every single day):
- Complete SQL injection section from WAHH-v2, Real World Bug Hunting, Bug Bounty Bootcamp
- Complete all labs from Portswigger SQLi labs
- Complete all SQLi labs from TryHackMe
- Complete/Read writeups of HackTheBox, Root-me labs
- Read the book : SQL Injection Attack and Defense
- Read writeups/vlogs related to SQL injection
- Do other labs (from Github)
- Learn various relevant tools for SQLi (SQLMap, NoSQLMap, Burp Extensions etc) to automate and implement into workflow/methodology
My plans For hunting (2hrs atleast daily from the day I feel like):
- Will select certain programs
- Hunt each and every parameter of those
Lets see how it goes, if I am able to find any bugs or not! :)