Day 9&10/50 ✅ #50daysofPentesting As I was pushing through the first 2 phases of #Pentesting I hit a realization: I can’t hack what I don’t understand. If I don’t know how a packet moves from A → B, I am just running tools blindly. i experienced that sometimes i was not getting what output is saying . so i took break from main path & I spent 2days rebuilding & gaining conceptual clarity of Networking fundamentals from scratch: What I studied : 1. Internet Structure & Topologies I started by looking at the macro view—how the hell internet is actually a "network of networks." so I studied diff Topologies like (Star, Mesh, Bus) to understand how data finds the most efficient path to reach destination & how data flows and where failures can happen. 2. Proxies & Gateways then I dived into knowing of how data stays anonymous or filtered. understood whats Forward vs. Reverse Proxies . In pentesting, we use proxies to hide our origin, but developers use them to load-balance and protect web servers. Seeing both sides of the coin is vital 3. IP Addressing (IPv4/IPv6) & Subnetting Then I went deep into the math behind networking. I practiced Subnetting to understand how networks are segmented using Subnet Masks. I think Understanding the diff b/w public vs. private IPs and how NAT allows my victus to talk to the world is fundamental for internal network pivoting. 4. OSI vs TCP/IP Models This is the holy grail. one of the most imp part of Networking. here I didn't memorize 7 layers I understood it and tried to visualize moving pdu. OSI Model: From the physical layer (bits) up to the Application layer (data). TCPIP Suite: The actual implementation of we can say OSI. here I actually understand encapsulation . i think form now, Wireshark will makes way more sense 5. Ports & Protocols now ot just “Port 80 = HTTP” anymore. here I mapped out why certain services live where they do. It’s not just "Port 80 is HTTP"—it’s understanding the 3-way Handshake (SYN, SYN-ACK, ACK) that establishes the connection. Whether it's UDP's "fire and forget" or TCP's reliable delivery now i understand why&how behind connection. Networking is not just a topic or subject; it’s a lifetime's work for most of people. before starting this #50DaysofPentesting I had basic Idea of Networking , btt it was not enough for what i aim. & I have not mastered the whole field in 2 days infcat I can't unless I have i think Einstein's iq , btt I’ve built a foundation & conceptual clarity. now, when i scan a target, I’m not just looking for open ports; I’m looking at how the data flows. now Back to the main path. Btt with stronger fundamentals. 🎯 @hackthebox_eu academy.hackthebox.com/achie… #50daysofPentesting #Pentesting #HackTheBox #HTB #CyberSecurity #EthicalHacking #RedTeam #Infosec #LearnInPublic

Day 8/50 ✅ #50daysofPentesting Today was a major pivot. After all that recon and footprinting, I have moved to the M-6: Vulnerability Assessment . This is the stage where raw data we gathered starts turning into a key detials to further exploitation. I spent whole day while understanding how to identify, categorize, and prioritize flaws across a target network. Here’s the detialed technical breakdown of what i studied and the workflow: 1. Security Assessments & Standards It's not just about running tools; it’s about methodology. I studied the diff b/w Vulnerability Assessments (identifying gaps) and Penetration Testing (exploiting them). understanding standards like NIST and OWASP ensures the assessment is structured and professional. 2. vulnerability scoring (CVSS & CVE) I dived deep into how we can quantify risk. CVE (Common Vulnerabilities and Exposures): Learnt how to track specific flaws in software. CVSS (Common Vulnerability Scoring System): tried to understand the math behind the scores (Base, temporal & environmental metrics). this is crucial for telling a client why a "Critical" 9.8 score needs a patch immediately. 3. The Tools Nessus & OpenVAS (help to Automate scanning) then I spent significant time in the labs configuring heavy-duty scanners. **Nessus: practiced setting up authenticated vs. Unauthenticated scans. Authenticated scans are gamechangers they allow the scanner to log in and find local misconfig that a network-only scan would miss. **OpenVAS: Explored this open-source powerhouse for Vulnerability Management. I practiced managing scan configs and tuning them to reduce "false positives" that usually clutter reports. 4. Reporting & Remediation (RR😇) The job isn't done until the findings are documented. SO is i started to practiced the Reporting phase—translating technical jargon into actionable business risk. It’s one thing to find a flaw; it’s another to provide a clear remediation path to the sysadmins. Everything from the previous days—FTP, SMB, and Web Recon—is now feeding into this process. We aren't just looking for open doors anymore; we’re checking if the locks are broken. 🛠️ I @theCyberSidd am halfway through the module . The lab assessments are getting tougher, but the mindset is getting sharper. 🤝 @hackthebox_eu #50daysofPentesting #Pentesting #HackTheBox #HTB #CyberSecurity #EthicalHacking #VulnerabilityAssessment #Nessus #OpenVAS #InfoSec #LearnInPublic