Tryhackme:Introductory Researching

Introduction:

Without a doubt, the ability to research effectively is the most important quality for a hacker to have. By its very nature, hacking requires a vast knowledge base — because how are you supposed to break into something if you don’t know how it works? The thing is: no one knows everything. Everyone (professional or amateur, experienced or totally new to the subject) will encounter problems which they don’t automatically know how to solve. This is where research comes in, as, in the real world, you can’t ever expect to simply be handed the answers to your questions.

Example Research Question:

We’ll begin by looking at a typical research question: the kind that you’re likely to find when working through a CTF on TryHackMe.

Vulnerability Searching:

Often in hacking you’ll come across software that might be open to exploitation. For example, Content Management Systems (such as Wordpress, FuelCMS, Ghost, etc) are frequently used to make setting up a website easier, and many of these are vulnerable to various attacks. So where would we look if we wanted to exploit specific software?

Manual Pages:

If you haven’t already worked in Linux, take a look at the Learn Linux rooms. Linux (usually Kali Linux) is without a doubt the most ubiquitous operating system used in hacking, so it pays to be familiar with it!

Final Thoughts:

You may have been told in school that there are good sources and bad sources of information. That may be true when it comes to essays and referencing information; however, it’s my pleasure to state that it does not apply here. Any information can potentially be useful — so feel free to use blogs, wikipedia, or anything else that contains what you’re looking for! Blogs especially can often be very valuable for learning when it comes to information security, as many security researchers keep a blog.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
jagadeesh

jagadeesh

CTF-PLAYER, security analyst, Pentesting, vapt, digital forensics