Get start in Bug Bounty ! Beginner’s Guide ! Bug Hunting  Methodology.

 



Hello Everyone. This Article is for all those who want to start a career  in Bug Hunting of Bug Bounty  Whether  they are of Computer  Science  Background or not , this article  is a much read  for beginner’s  where I will discuss in depth what all you need to know and do in order to get started and get going  in this field of information Security (infosec) . I will start from scratch  so don’t  worry but once you start reading, please don’t leave in between you will miss everything  so  Let’s Get start !!!

 

           Q.What is Bug Bounty?

                    Ans. Identification  and reporting  of Bugs and Vulns in a responsible way.

 2. What to Study?

    1.Internet, HTTP, TCP/IP

    2.Networking

    3.Command Line

    4.Linux

    5. HTML, CSS, Java Script

    6.PHP

    7.Java

 

3.At lest One Programming  Language (Python)

4. Practice (Imp)

  1. Tools -

       Burpsuite

       Nmap

       Dirbuster

       Sublist3r

       Netcat

2.Testing Labs –

    DVWA

    BWAPP

 Vulnhub

 Metaspolitable

 CTF365

 Hack The Box

 Try Hack me


*Top Site to Learn:-

1.Bugbountyhunter.com

2.Pentesterlab

3.Portswigger Web Security Academy

4.Hacker 101

5.Intigriti Hackademy

6.BugCrowd

 *Choose Your Path (Imp)

      1.Web Pentesting

      2.Mobile (Android/IOS)

*Resources:-

 1.Books:-

      1.For Web:-

           1.Web app hackers Handbook

           2.Web Hacking 101

           3.Hacker’s playbook 1,2,3

           4.Hacking Art of exploitation

           5. Mastering modern Web pentesting

           6.OWASPTesting guide

 

1.For Mobile:-

      1.Mobile application Hacker’s Handbook

      2.Youtube Channel:-

           1.Hacking:-

                  1.Live Overflow

                   2.Hackersploit

             3.BugCroud

             4.hak5

             5.hackerone

       

 2.Programming:-

             1.Thenewboston

             2.Codeacademy

3.Writeups Articles , Blogs

     1.Medium (infosec writeups)

     2.HackeronePublic reports

     3.OWASP

     4.Portswigger

     5.REDDIT(Netsec)

     6.DEFCONConference Videos

     7. Forums

4.Start !

     1.Select a platform:

         1.Hackerone

         2.BugCrowd

         3.open Bug Bounty

         4.Zerocopter

         5.Antihack

         6.Synack(Private)

  

 5.Choose Wisely (First not for bounty)

 6.Select a bug for hunt

 7.Exhaustive

 8.Not straightforward always

 

*Report:-

   1. Create a description report

   2.Follow responsible Disclosure

   3.Create  POC and steps to reproduce

*Word For wisdom:-

   1.Patience is the key , takes years to master , don’t fall for overnight success

   2.Do not expect someone will spoon feed you everything

   3.Confidence

   4.Not always for Bounty

   5.Learn a lot

   6.Won’t find at the beginning, don’t lose hope

   7.Stay focused

   8.Depend on Yourself

  9.Stay updated with infosec world.

Note: If You want to know more about it then send a msg to CyberiaWolf

Thank yo for Checking CyberiaWolfSolution Article