ZERO-2-PRO

IN BUG BOUNTY
A 30 Days Self Learning Planner

Created Exclusively By
Sanchay Singh
 DISCLAIMER
The contents of this cybersecurity roadmap planner are
provided for informational purposes only.

The information and recommendations presented

within this journal are based on the knowledge available
up to the stated knowledge cutoff date.

However, the rapidly evolving nature of technology and

cybersecurity means that some information may
become outdated or inaccurate over time.

The authors, editors, and publishers of this planner are

not responsible for any errors, omissions, or inaccuracies
that may occur, nor for any actions taken based on the
information presented herein.

Furthermore, this journal does not endorse any specific

products, services, or vendors mentioned within its
pages. Any references to third-party entities are purely
for illustrative purposes and do not imply any form of
endorsement or affiliation.

Readers are urged to independently verify the

information and adapt it to their specific contexts and
requirements. By using this journal, readers
acknowledge and agree to the limitations and
disclaimers outlined in this statement.
 ABOUT THE
CREATOR

@sanchayofficial

@sanchayofficial

[email protected]

Picture this: a a self taught tech enthusiast with a

sprinkle of cybersecurity wizardry, full of knowledge and
having love for knowledge sharing.

This is what best describe the mind behind this planner-

Sanchay Singh

He is cybersecurity expert, corporate trainer and a

public speaker who has trained over 20,000 people in
webinars over the last year! He has worked with
UpgradCampus designing their course and with many
top researchers of India as well.

His idea behind creating this planner is to let people

know that you can also be a self taught cybersecurity
expert if you maintain this consistentcy of 90 days.
 FOREWARD
Dear Cybersecurity Enthusiast,

Welcome to the 90-Day Cybersecurity Mastery Planner,

an exclusive guide designed to take you on a
transformative journey from a curious newcomer to a
proficient expert in the dynamic field of cybersecurity.

This planner is more than just a collection of pages; it is

a roadmap that will guide you through a
comprehensive learning experience over the next 90
days. Each day, you will find a set of topics and tasks
that will gradually immerse you in the various aspects of
cybersecurity.

Remember, the journey towards cybersecurity mastery

is not a sprint but a marathon. Each day's tasks are
designed to be manageable, allowing you to absorb the
information at a comfortable pace.

Stay curious, stay vigilant, and enjoy the adventure that

lies ahead.

Best regards,
Sanchay Singh
( Your go-to cybersecurity expert )
 Day 1: Basics to Networking

Major Goal
WHAT I UNDERSTOOD
Learn OSI Reference Model AND LEARNED TODAY
and understand the layers

What to learn today?

1. OSI Model and how all

the 7 Layers work
2. TCP/IP Model

3. Physical Layer - Topology,

Devices, Cables

Notes:

I HAVE THESE DOUBTS

1.

2.

3.

Notes:

In the world of bug bounty hunting, every vulnerability

uncovered is a step towards a more secure digital
landscape
Day 2: MAC and IP Addresses

Major Goal
WHAT I UNDERSTOOD
Learn how MAC and IP AND LEARNED TODAY
Addresses work

What to learn today?

1. Switch and MAC

Addressing
2. Routers and IP
Addressing, Subnetting
3. NAT, IPv4, IPv6

Notes:

I HAVE THESE DOUBTS

1.

2.

3.

Notes:

Hunt bugs, not headlines. The silent protectors of

cyberspace.
 Day 3: TCP/UDP Protocols

Major Goal
WHAT I UNDERSTOOD
Difference between TCP AND LEARNED TODAY
and UDP

What to learn today?

1. How UDP Works

2. How TCP Works

3. Gateways and Ports

Notes:

I HAVE THESE DOUBTS

1.

2.

3.

Notes:

Bug bounty hunting: where every code flaw discovered is a

victory for cybersecurity.
 Day 4: HTTP and HTTPS

Major Goal
WHAT I UNDERSTOOD
Learn how HTTP and AND LEARNED TODAY
HTTPS work

What to learn today?

1. History of HTTP/S

2. Use Wireshark to
capture packets
3. Follow TCP Stream on
HTTP and HTTPS Traffic

Notes:

I HAVE THESE DOUBTS

1.

2.

3.

Notes:

In the realm of bits and bytes, the bug bounty hunter is

the unsung hero
 Day 5: SSH/Telnet/FTP

Major Goal
WHAT I UNDERSTOOD
Learn how SSH works AND LEARNED TODAY
along with FTP and Telnet

What to learn today?

1. SSH

2. FTP

3. Telnet

Notes:

I HAVE THESE DOUBTS

1.

2.

3.

Notes:

Code may be silent, but bugs speak volumes. Listen well,

bounty hunter
 Day 6: Virtualization

Major Goal
WHAT I UNDERSTOOD
Install VMware or AND LEARNED TODAY
VirtualBox Successfully

What to learn today?

1. Install VMware

2. Install and Setup Virtual

Box
3. What is Virtualization
and how it works

Notes:

I HAVE THESE DOUBTS

1.

2.

3.

Notes:

Bug bounty hunting is a relentless pursuit of perfection in

the face of digital imperfection.
 Day 7: Kali Installation

Major Goal
WHAT I UNDERSTOOD
Download Kali VM Version AND LEARNED TODAY
and Install it

What to learn today?

1. Installation of Kali Linux

2. Configuration of Kali in
VMware/VirtualBox
3.

Notes:

I HAVE THESE DOUBTS

1.

2.

3.

Notes:

In the labyrinth of code, the bug bounty hunter is the

guide to a safer tomorrow
 Day 8: Basic Commands

Major Goal
WHAT I UNDERSTOOD
Learn Basic Commands AND LEARNED TODAY
used in terminal

What to learn today?

1. cd, ls, mkdir, rmdir,

touch, rm, rm -rf
2. sudo, cp, mv, nano, vim,
ps, kill, systemctl
3. apt-update, apt-upgrade,
grep, less, more

Notes:

I HAVE THESE DOUBTS

1.

2.

3.

Notes:

Finding bugs is an art, turning them into bounties is a skill.

Day 9: Information Gathering

Major Goal
WHAT I UNDERSTOOD
Learn various types of AND LEARNED TODAY
information gathering

What to learn today?

1. Nmap- port scanner tool

2. recon-ng, maltego,
OSINT Framework
3. amass, nuclei setup,
google dorks

Notes:

I HAVE THESE DOUBTS

1.

2.

3.

Notes:

In the dance of algorithms, the bug bounty hunter leads

with precision and finesse.
Day 10: Web Based Gathering

Major Goal
WHAT I UNDERSTOOD
Learn to use tools to hunt AND LEARNED TODAY
bugs

What to learn today?

1. sublister, subfinder

2. gobuster, gospider, dirb,

dirbuster
3. httpx, virustotal, shodan

Notes:

I HAVE THESE DOUBTS

1.

2.

3.

Notes:

The bug bounty hunter: a digital Sherlock in pursuit of

vulnerabilities.
 Day 11: Scanning the System

Major Goal
WHAT I UNDERSTOOD
Try a lab from TRYHACKME AND LEARNED TODAY

What to learn today?

1. Pick a lab from

TryHackMe with these
specifications:
FREE, CTF TYPE, EASY
Complete the lab. You
can use walkthroughs

Notes:

I HAVE THESE DOUBTS

1.

2.

3.

Notes:

Every bug bounty hunter is a guardian of the virtual realm,

protecting it one vulnerability at a time
 Day 12: Google Dorks

Major Goal
WHAT I UNDERSTOOD
Learn to use tools to hunt AND LEARNED TODAY
bugs

What to learn today?

1. Google Hacking
Database
2. ExploitDB, inurl, intext,
index of
3.

Notes:

I HAVE THESE DOUBTS

1.

2.

3.

Notes:

Hunting bugs is not just about finding flaws; it's about

creating a more resilient digital ecosystem.
Day 13: Intro to Web App Testing

Major Goal
WHAT I UNDERSTOOD
Visit BugCrowd, Hackerone AND LEARNED TODAY
and explore

What to learn today?

1. Visit BugCrowd,
Hackerone
2. Visit Hacktivity and
check
3. Explore the reporting
process

Notes:

I HAVE THESE DOUBTS

1.

2.

3.

Notes:

Bug bounty hunting is a testament to the power of

persistence and the pursuit of digital excellence
 Day 14: Burp Suite

Major Goal
WHAT I UNDERSTOOD
Learn how to use the tool- AND LEARNED TODAY
Burp Suite

What to learn today?

1. Download BurpSuite on
Windows/Kali
2. Learn how to use Burp
Configure certificate
3. Intercept the traffic
Repeater and Intruder

Notes:

I HAVE THESE DOUBTS

1.

2.

3.

Notes:

In the world of bits and bytes, bug bounty hunters are the
architects of a secure future.
 Day 15: Create a Login Page

Major Goal
WHAT I UNDERSTOOD
Create a PHP-SQL-HTML AND LEARNED TODAY
Based Login Page

What to learn today?

1. Download XAMPP and

configure
2. Create HTML Login form
and connect with SQL
3. Use PHP as the backend
and make it work

Notes:

I HAVE THESE DOUBTS

1.

2.

3.

Notes:

The bug bounty hunter's canvas is code, and their brush is

a keen eye for vulnerabilities
 Day 16: SQL Injection Pt 1

Major Goal
WHAT I UNDERSTOOD
Learn Login Based SQL AND LEARNED TODAY
Injections

What to learn today?

1. Learn login based SQL

Injection and apply on
your own application
that you created
previous day and try to
fix the bug.

Notes:

I HAVE THESE DOUBTS

1.

2.

3.

Notes:

Bug bounty hunting is not just a job; it's a commitment to

the security of the digital frontier
 Day 17: SQL Injection Pt 2

Major Goal
WHAT I UNDERSTOOD
Learn Union Based and AND LEARNED TODAY
Blind SQL Injections

What to learn today?

1. Learn Union based SQL

Injections, hack the
databases on
portswigger labs, then
go for the blind SQL
Injections

Notes:

I HAVE THESE DOUBTS

1.

2.

3.

Notes:

In the binary wilderness, bug bounty hunters blaze trails

of security.
 Day 18: XSS Part 1

Major Goal
WHAT I UNDERSTOOD
Learn XSS Bugs AND LEARNED TODAY

What to learn today?

1. Learn how JavaScript

works and how XSS can
exploit the JS
Functioning. Learn types
of XSS

Notes:

I HAVE THESE DOUBTS

1.

2.

3.

Notes:

To find the invisible, one must see beyond the visible. Bug
bounty hunting is the art of perception
 Day 19: XSS Part 2

Major Goal
WHAT I UNDERSTOOD
Bypass XSS Protection and AND LEARNED TODAY
hack like a pro

What to learn today?

1. Learn to bypass XSS

Filters, encodings,
black/whitelisted
payloads, CSP

Notes:

I HAVE THESE DOUBTS

1.

2.

3.

Notes:

Bug bounty hunters: rewriting the code of security, one

vulnerability at a time.
Day 20: CSRF and Token Bypass

Major Goal
WHAT I UNDERSTOOD
Learn what is CSRF and AND LEARNED TODAY
how to bypass tokens

What to learn today?

1. CSRF: How does it work?

How to exploit CSRF
How to create CSRF POC
How to bypass token
related bugs

Notes:

I HAVE THESE DOUBTS

1.

2.

3.

Notes:

In the quest for digital harmony, bug bounty hunters are

the troubadours of cybersecurity.
 Day 21: SSRF BUGS

Major Goal
WHAT I UNDERSTOOD
Learn what is SSRF and AND LEARNED TODAY
how to bypass security

What to learn today?

1. Learn how SSRF Bugs

work and how to get a
good bounty out of it.
Read SSRF Writeups

Notes:

I HAVE THESE DOUBTS

1.

2.

3.

Notes:

The bug bounty hunter's toolkit: curiosity, tenacity, and a

relentless pursuit of excellence.
 Day 22: IDOR BUGS

Major Goal
WHAT I UNDERSTOOD
Understand what is IDOR AND LEARNED TODAY
and bypass OTPs

What to learn today?

1. Learn how IDOR works

and how it is used to
bypass OTP, passwords,
do malicious stuff

Notes:

I HAVE THESE DOUBTS

1.

2.

3.

Notes:

Code is poetry, but even poems have flaws. Bug bounty

hunters are the editors of the digital verse.
 Day 23: IDOR AUTOMATION

Major Goal
WHAT I UNDERSTOOD
Understand BApp Store AND LEARNED TODAY
and use Autorize

What to learn today?

1. Learn to use Autorize

Plugin and configure it
with your BurpSuite

Notes:

I HAVE THESE DOUBTS

1.

2.

3.

Notes:

In the realm of zeroes and ones, bug bounty hunters are

the guardians of binary integrity
 Day 24: BROKEN SESSIONS

Major Goal
WHAT I UNDERSTOOD
Understand how Cookies AND LEARNED TODAY
work

What to learn today?

1. Learn cookies and how

they work, cookie
stealing attacks, learn
about broken session
bugs

Notes:

I HAVE THESE DOUBTS

1.

2.

3.

Notes:

Every bug discovered is a victory for the vigilant, a step

closer to a flawless digital existence.
 Day 25: BUSINESS LOGIC

Major Goal
WHAT I UNDERSTOOD
Hunt Live and do a AND LEARNED TODAY
parameter tampering

What to learn today?

1. Learn how business

logic bug works, how
parameter tampering
works and perform a live
tampering on a VDP.

Notes:

I HAVE THESE DOUBTS

1.

2.

3.

Notes:

Bug bounty hunting: where innovation meets protection,

and vulnerabilities meet their match.
 Day 26: OTP BYPASS

Major Goal
WHAT I UNDERSTOOD
Learn Response AND LEARNED TODAY
Manipulation

What to learn today?

1. Learn how to intercept

responses in BurpSuite
and then try to bypass
the OTP by intercepting
invalid response and
replcaing with valid one

Notes:

I HAVE THESE DOUBTS

1.

2.

3.

Notes:

The bug bounty hunter's journey is marked by the

footsteps of progress in the world of cybersecurity
 Day 27: OAUTH 2.0

Major Goal
WHAT I UNDERSTOOD
Learn OAUTH 2.0 bugs AND LEARNED TODAY

What to learn today?

1. Learn how OAUTH 2.0

works and how you can
find bugs in the OAUTH
Functionality

Notes:

I HAVE THESE DOUBTS

1.

2.

3.

Notes:

In the symphony of digital architecture, bug bounty

hunters compose notes of security.
 Day 28: Directory Traversels

Major Goal
WHAT I UNDERSTOOD
Learn how to Traverse a AND LEARNED TODAY
directory

What to learn today?

1. Do Directory Traversel
labs on portswigger and
learn how to find hidden
information

Notes:

I HAVE THESE DOUBTS

1.

2.

3.

Notes:

The codebreaker's oath: to uncover, to report, to secure.

Bug bounty hunting is a noble pursuit.
 Day 29: API TESTING

Major Goal
WHAT I UNDERSTOOD
Learn to Fuzz and use AND LEARNED TODAY
fuzzing tools

What to learn today?

1. Use ffuf and learn how

fuzzing works. Learn to
fuzz an API and find
sensitive information
like Secrets and API
KEYS

Notes:

I HAVE THESE DOUBTS

1.

2.

3.

Notes:

In the digital chessboard, bug bounty hunters are the

masters of strategic security moves.
 Day 30: INFO DISCLOSURE

Major Goal
WHAT I UNDERSTOOD
Learn to Fuzz and use AND LEARNED TODAY
fuzzing tools

What to learn today?

1. Learn Github and

Shodan dorks to find
hidden credentials for
important documents of
a VDP and report to get
bounty

Notes:

I HAVE THESE DOUBTS

1.

2.

3.

Notes:

The bug bounty hunter's mantra: find, fix, fortify. Repeat.