- Learning Programing language (PHP, JS, MySQL)
- PHP: it will help to understand the applications so you should know it well
- JS: It will not just help you with JS and making new payloads, but it will make you to dig deep with the JS files it will give you some Cool things.
- MySQL: this will help to understand the SQL injection and making right queries when you trying to exploit.
- Understand the vulnerabilities
- You should know what is the vulnerability, What Code makes this vulnerability, How to find this vulnerability in Applications, and How to solve it.
- Practice
- Playing CTF
- CTFs is have some real world examples for a vulnerabilities or CVEs or some new exploits you will know from it.
- Do some Bug Hunting and this website will help BugBountyHunter.
- Watch this Methodology by Jason Haddix.
- Initially, you can start with hunting on programs that offer points to gain experience.
- You can take eWAPTx & eWAPT
- eWAPT: it will be a good one in the beginning because it has some basics about Web Pen-Testing.
- eWAPTx: this one is advanced one you can start with it when you be at least good with the vulnerabilities and the matriales in eWAPT.
- You can take OSWE But it is advanced and need Code Review Skills.
- Web Pen-Testing Course by Ebrahem Hegazy (Arabic Course)
- This will help you to understand the vulnerabilities, how to send a right report, and will Bug Hunting live.
- My Free Web Pentesting Course
- Collection of Bug Hunting Reports
- Network+
- It will make you understand network, Design and implement functional networks, and implement network security standard and protocols.
- Linux+
- You will understand linux and how to use it from this course.
- TCM TheCyberMentor Course
- Scripting with Python or Bash
- Use any scripting language it will be you with automation.
- Understanding Operating systems windows/linux (You can take OS course)
- taking a OS course it will make you understand the OS kernal and Memory Management.
- Good course for Privilege escalation for linux & Windows
- Practice (it will be hard at first but after some tries, it will be okay)
- Solve machines on Vulnhub
- Solve machines on Hackthebox
- The Cyber Mentor Network Pentesting Course
- Basic knowledge of Reverse Engineering
- Certificates
- PTS (Beginners)
- PTP
- PTX
- OSCP
- Basics of Linux (you can use this Book)
- https://techvomit.net/android-security-notes/
- https://github.com/B3nac/Android-Reports-and-Resources
- eMAPT Course (Its very basics)
- This is not the best one but it will give you the first step but it's not all think
- SEC575 from SANS
- FOR585 from SANS
- Good Blog as Reference
- To Practice you can try some Bug Bouny Hunt on programs use Mobile Apps
- Android Reverse Engineering 101
- OWASP Mobile Security Testing Guide
- Exploiting memory corruption vulnerabilities on Android
- Android: arbitrary code execution via third-party package contexts
- Twitter Thread for some apps to practice
- Mobile Application Penetration Testing Cheat Sheet
- check list for webView
- Hacktricks have all topics for android
- Android Application Security Series
- Try hack me (androidhacking101) room
- Getting Started With Objection + Frida
- My Mobile Pentesting Playlist
- This is a Roadmap from Muhammed Talaat
- How to Build Your Career in Malware Analysis (Arabic Session)
- Live Overflow Playlist
- Pwn College will give you a good basics, don't forget to practice after leasons on pwn dojo.