Last updated: 28th February 2020
Learning how to hack, or penetration testing, ethical hacking, or bug bounty hunting as it is sometimes called, can be really fun and interesting. Or it can be really boring and hard to stick with. The key thing for me when learning anything is to break up the tedius but important stuff with lots of little fun and interesting bits. This guide will focus in introducing a little bit of knowledge and letting you test it out, then expand upon it and play like an ever increasing spiral.
If you have any feedback on this guide, any requests, or just want to say thank you, please email me: [email protected].
Let’s get started!
User accounts are what we often use to allow approved individuals to use IT systems while keeping others out. User account compromises are still the most common form of successful hacks. So we’ll start by playing with those.
The process of protecting access to a system has four key components: IAAA.
- Identify – who are you?
- Authenticate – are you who you say you are, most commonly proven with a password but there are other methods
- Authorise – are you allowed to do that? Do you have permission to access that part of the system?
- Audit – who did what?