Security Memo

Search (Ctrl+K)

SearchSearch

Recent Notes

See 1423 more sorted by tag →

bug bounty

created Jan 08, 2024updated Apr 16, 20243 min read

Sources: NahamSec, The Cyber Mentor, Insider PhD

Tips

  • make a procedure/checklist/methodology (i.e. what to check for, like recon, PHP type juggling, SSRF, etc)
  • don’t spray the same vuln over a bunch of programs
  • look for complex programs
  • don’t be stuck just consuming content; actually put skills to practice; learn and do in parallel
  • try to understand the functionalities of the target application/service; try to use the features available first, before trying to hack them
  • hack on a VDP (vuln disclosure program) before doing bug bounty (e.g. hackerone active programs); submitting stuff on hackerrone will likely cause people to invite you to private programs

How to Get Started with Bug Bounty - InsiderPhD - YouTube

  • traditional learning pipeline
    • learn about security
    • do CTFs
    • find bugs
    • BAD. Start doing things instead of just learning.
  • CTFs are not perfect – too vulnerable compared to real apps
    • Not to say that they are not hard.
  • better way to learn:
    • try to find bugs on the target
    • encounter something new? try a CTF challenge, or read a writeup about it (e.g. in a real CVE disclosure)
    • try what you learned on the target
    • rinse and repeat
  • Spoiler: cyber security is hard
  • immerse yourself:
    • don’t just read stuff at current experience level
    • read stuff you don’t completely understand but you try to
    • follow Twitter people who post complex writeups
    • read disclosure reports
    • be comfortable with new stuff, with the unknown; get inspired
  • resources
    • actually hacking something: HackerOne, BugCrowd, Synack, Intigriti
      • try even if you don’t anything
      • trial-by-fire learning
      • kind of scary, but take the leap of faith
    • OWASP: OWASP Top 10, bypasses, bug classes (more mitigation-oriented, but still useful for red teaming, etc)
    • CTFs: Hacker101 (high level in CTF may give invitations to private programs!), DVWA, Juice Shop, actual CTFs, etc
    • courses: TCM, Pentester Lab, PortSwigger Web Security Academy
    • videos: InsiderPhD, STOK, TCM, MIT OCW, recordings of people actually doing bug bounty
    • tools & tool tutorials: Burp Suite
    • conferences: DEFCON, BSides, BlackHat (to learn: YT recordings, to network: in-person)
    • Podcasts: The Bug Bounty Podcast, Darknet Diaries, Security Now, Risky Business
    • books: OWASP Testing Guide, etc (not the best way to learn)
    • certs: …
    • write-ups & disclosures: @disclosuredh1, HackerOne Hacktivity, Twitter, etc
    • aggregators & newsletters: Pentester Land
    • community: Twitter #BugBounty #bugbountytips, Hacker101 Discord, Bug Bounty Forum, etc
    • teach others: make YT videos, help someone solve a CTF, write tutorials, mentor someone
  • study plan
    • practice on CTFs
    • consume disclosure reports and writeups
    • hack real targets (ASAP/parallel)
  • beyond beginner
    • consuming beginner resources might become boring at sometime
    • get involved in the community!
      • share resources
      • participate or organize IRL meetups
      • release tools
      • share tips
    • identify weaknesses
    • attend more conferences
    • read more writeups to see how other people approach a problem
    • read security newletters (Pentester Land)

Graph View

Backlinks

  • No backlinks found