Based on @hacker_'s DEFCON 31 talk. Famialiarize yourself with asset or content discovery basics, and vhost scanning.
If you use any automation tools please only use the dictionary / SecLists found here to avoid wasting your time.
To start this lab and answer questions you'll either need to login or register an account
