Skill
Programing 50%I was born in Istanbul in 1992. I left Istanbul University's Business Administration department. In the last three years of my career, at the end of 2021, I developed an interest in cybersecurity as a hobby. As I delved deeper into cybersecurity topics, I realized that it brought me great happiness and enjoyment. Therefore, I aim to advance professionally in this field and am taking steps in that direction.
200
CTF Room COMPLETED15
Course COMPLATED6
Course CertificateBy clicking on the BLOG title, you can access my other articles. I had a lot of fun writing them, and I hope you enjoy reading them as well.
In this section, I will discuss the numerous triumphs of the ${IFS} environment variable.
I am thinking out loud about the nature and logic of OS command injection.
I wrote about how web cache works and potential security vulnerabilities. Enjoy reading!
It wouldn't be right not to answer one of the most frequently asked questions in the world, and at the same time, I wanted to answer it in advance to avoid encountering this question in the future. I hope this will be useful.
After you reach this point, you can solve hackthebox ctfs and do bug bounty on the other hand.
As I mentioned at the beginning, everything I share is based on my personal experiences and opinions. I believe the path I outlined above will take you to intermediate levels, which I consider to be where I am. However, I think the topics I'll discuss now are much more valuable than the roadmap I provided earlier and could serve as a potential checklist for those looking to embark on this journey.
Firstly, let's start with the negative impacts of the internet age that affect us. Unfortunately, we're exposed to thousands of course contents and misleading advertisements. I'm referring to a wide range of issues, from bootcamps claiming to make you a hacker in three months to misguided advice from people who have no idea.Stay away from these charlatans and know-it-alls.Before embarking on this path, you need to ask yourself: Am I pursuing this path out of enthusiasm, or do I truly have the discipline and patience required? Your answer to this question will save you from significant time, money, and heartache.
Another point I'd like to address is the trap of repetition. Let's take learning Linux as an example. You find a YouTube tutorial series and complete it. Don't fall into the trap of starting the course over from scratch every time you get stuck, take a break, or forget something. This will destroy you. One of the first things I want to emphasize is never repeat a course and never finish a course to complete it. The important thing is not to complete the course, but to practice immediately with what you have learned and to ask the right question and to research it.
Consistently take detailed notes. Let me illustrate this with a practical example. Suppose you're learning Python and have just grasped the import command to integrate specific libraries. Your initial query should be: How many different ways can I execute imports in Python? For instance, understanding that you can execute imports without spaces using __import__('sys') can fundamentally alter your approach. Initially, this might not seem significant, but mastering these foundational concepts is crucial. It enables you to think innovatively and beyond conventional methods.Knowing this primitive import trick can determine whether you will succeed in a pentest or not.I shared a brief story about this in the articles section, and I recommend reading it.
Lastly, give yourself time. Nobody expects you to emerge as a recognized vulnerability researcher by following this roadmap alone. What truly matters is developing experience and discipline over time, establishing your own routines, and ultimately achieving success.