HowToStart

Web Pen-Tesing

• Learning Programing language (PHP, JS, MySQL)
  • PHP: it will help to understand the applications so you should know it well
  • JS: It will not just help you with JS and making new payloads, but it will make you to dig deep with the JS files it will give you some Cool things.
  • MySQL: this will help to understand the SQL injection and making right queries when you trying to exploit.
• Understand the vulnerabilities
  • You should know what is the vulnerability, What Code makes this vulnerability, How to find this vulnerability in Applications, and How to solve it.
• Practice
  • PortSwigger Web Security Academy
  • Hacker101
  • Try Hack Me
  • Pentester Lab
• Playing CTF
  • CTFs is have some real world examples for a vulnerabilities or CVEs or some new exploits you will know from it.
• Do some Bug Hunting and this website will help BugBountyHunter.
  • Watch this Methodology by Jason Haddix.
  • Initially, you can start with hunting on programs that offer points to gain experience.
• You can take eWAPTx & eWAPT
  • eWAPT: it will be a good one in the beginning because it has some basics about Web Pen-Testing.
  • eWAPTx: this one is advanced one you can start with it when you be at least good with the vulnerabilities and the matriales in eWAPT.
• You can take OSWE But it is advanced and need Code Review Skills.
• Web Pen-Testing Course by Ebrahem Hegazy (Arabic Course)
  • This will help you to understand the vulnerabilities, how to send a right report, and will Bug Hunting live.
• My Free Web Pentesting Course
• Collection of Bug Hunting Reports

Network Pentesing

• Network+
  • It will make you understand network, Design and implement functional networks, and implement network security standard and protocols.
• Linux+
  • You will understand linux and how to use it from this course.
• TCM TheCyberMentor Course
• Scripting with Python or Bash
  • Use any scripting language it will be you with automation.
• Understanding Operating systems windows/linux (You can take OS course)
  • taking a OS course it will make you understand the OS kernal and Memory Management.
• Good course for Privilege escalation for linux & Windows
• Practice (it will be hard at first but after some tries, it will be okay)
  • Solve machines on Vulnhub
  • Solve machines on Hackthebox
• The Cyber Mentor Network Pentesting Course
• Basic knowledge of Reverse Engineering
• Certificates
  • PTS (Beginners)
  • PTP
  • PTX
  • OSCP

Mobile Pentesting

• Basics of Linux (you can use this Book)
• https://techvomit.net/android-security-notes/
• https://github.com/B3nac/Android-Reports-and-Resources
• eMAPT Course (Its very basics)
  • This is not the best one but it will give you the first step but it's not all think
• SEC575 from SANS
• FOR585 from SANS
• Good Blog as Reference
• To Practice you can try some Bug Bouny Hunt on programs use Mobile Apps
• Android Reverse Engineering 101
• OWASP Mobile Security Testing Guide
• Exploiting memory corruption vulnerabilities on Android
• Android: arbitrary code execution via third-party package contexts
• Twitter Thread for some apps to practice
• Mobile Application Penetration Testing Cheat Sheet
• check list for webView
• Hacktricks have all topics for android
• Android Application Security Series
• Try hack me (androidhacking101) room
• Getting Started With Objection + Frida
• My Mobile Pentesting Playlist

Malware Analysis

• This is a Roadmap from Muhammed Talaat
• How to Build Your Career in Malware Analysis (Arabic Session)

Binary Exploitation

• Live Overflow Playlist
• Pwn College will give you a good basics, don't forget to practice after leasons on pwn dojo.