@Xentropy said:
Unfortunately, that process is usually individual for most penetration testers and ctf players and really does come down to building your own methods through experience and repetition. Hacking is more of an art than a science when it comes to methodologies.That said, one thing that might help you (and this is more of a general advice) and is underutilized by newbies is to get on twitter and start following a bunch of infosec people. A lot of new exploits and tools are shared there and usually you’ll remember “that one article you saw on twitter” when a relevant box comes up later. The tag “bugbountytip” also has tons and tons of good tips on it.
Hey thank you so much for that, there are a few people I can think to follow and I’ll dig deeper for some more. Also, it’s appreciated that you touch on how methodologies are different. I was delusional I guess, and thought there’s a scientific best practice for facing the boxes. Your consideration means a lot and thank you again for the pointers.