Get start in Bug Bounty ! Beginner’s Guide ! Bug Hunting Methodology.
Hello Everyone. This Article is for all those who want to start a career in Bug Hunting of Bug Bounty Whether they are of Computer Science Background or not , this article is a much read for beginner’s where I will discuss in depth what all you need to know and do in order to get started and get going in this field of information Security (infosec) . I will start from scratch so don’t worry but once you start reading, please don’t leave in between you will miss everything so Let’s Get start !!!
Q.What is Bug Bounty?
Ans. Identification and reporting of Bugs and Vulns in a responsible way.
2. What to Study?
1.Internet, HTTP, TCP/IP
2.Networking
3.Command Line
4.Linux
5. HTML, CSS, Java Script
6.PHP
7.Java
3.At lest One Programming Language (Python)
4. Practice (Imp)
1. Tools -
Burpsuite
Nmap
Dirbuster
Sublist3r
Netcat
2.Testing Labs –
DVWA
BWAPP
Vulnhub
Metaspolitable
CTF365
Hack The Box
Try Hack me
*Top Site to Learn:-
1.Bugbountyhunter.com
2.Pentesterlab
3.Portswigger Web Security Academy
4.Hacker 101
5.Intigriti Hackademy
6.BugCrowd
*Choose Your Path (Imp)
1.Web Pentesting
2.Mobile (Android/IOS)
*Resources:-
1.Books:-
1.For Web:-
1.Web app hackers Handbook
2.Web Hacking 101
3.Hacker’s playbook 1,2,3
4.Hacking Art of exploitation
5. Mastering modern Web pentesting
1.For Mobile:-
1.Mobile application Hacker’s Handbook
2.Youtube Channel:-
1.Hacking:-
1.Live Overflow
2.Hackersploit
3.BugCroud
4.hak5
2.Programming:-
1.Thenewboston
2.Codeacademy
3.Writeups Articles , Blogs
1.Medium (infosec writeups)
2.HackeronePublic reports
3.OWASP
5.REDDIT(Netsec)
6.DEFCONConference Videos
7. Forums
4.Start !
1.Select a platform:
1.Hackerone
2.BugCrowd
3.open Bug Bounty
4.Zerocopter
5.Antihack
6.Synack(Private)
5.Choose Wisely (First not for bounty)
6.Select a bug for hunt
7.Exhaustive
8.Not straightforward always
*Report:-
1. Create a description report
2.Follow responsible Disclosure
3.Create POC and steps to reproduce
*Word For wisdom:-
1.Patience is the key , takes years to master , don’t fall for overnight success
2.Do not expect someone will spoon feed you everything
3.Confidence
4.Not always for Bounty
5.Learn a lot
6.Won’t find at the beginning, don’t lose hope
7.Stay focused
8.Depend on Yourself
9.Stay updated with infosec world.
Note: If You want to know more about it then send a msg to CyberiaWolf
Thank yo for Checking CyberiaWolfSolution Article


0 Comments