Discover and read the best of Twitter Threads about #30DaysOfBugBounty

Most recents (4)

Day 4⃣0⃣

Today we will start hacking the application we selected yesterday.
In my case it was farmOS - you might have choosen a different Open Source Software you found on github - which is fine, the methodology is the same.

What to do first?

Right, start the application…
Recap:

We installed @Docker so that we can automagically have it running without headaches.

Now make sure that docker is running and type

docker ps

into your terminal. Your output should look similar to this one (the CONTAINER ID, PORTS and NAMES might look differently) terminal output of docker ps command - shows farmOS containe
Read 12 tweets
Day 3⃣9⃣

I will teach you how to find bugs in open source software step by step

Lets go!
1. You use the query I posted yesterday to find potential targets: github.com/search?q=stars…

(You can adapt the number of stars to your liking, anything more than 50 stars should suffice)

You now have 1068 RESULTS - WAOW.
2. You get into your hacker mindset and figure out which ones are juicy targets🧃

but... How?

Easy, all you have to do is think about vulnerabilities...

What?

Ok, let me explain
Read 18 tweets
Day 3⃣8⃣

Let's get started with Offensive Security & Bug Bounty -

What do you need to know as a Beginner?

Let me tell you.

No organization in the whole wide world needs people that can just hack.

Why - a 🧵
I believe that purple teaming - a combination of Red - offensive - and Blue - defensive security, is the path of the future, and the ONLY PATH really.

But! Currently we are training people the entirely wrong way.
We train hackers to choose between offensive and defensive sides.

So naturally there is a unwritten conflict between the two - it's a cat & mouse game.

Red Team hacks, Blue Team patches / fixes / forwards issues to the development teams.

See the issue?
Read 12 tweets
Day 3️⃣ 3️⃣

What is the one thing that separates newbie bug hunters from the professionals - let me tell you
It’s persistence. The tools and ideas that for example @Jhaddix shows is his talks are far beyond the level I thought someone would use for Bug Bounty.

There was one Technique that blew my mind 🤯
It is scraping cloud provider IP ranges (proactively and recurring)

Imagine you are hacking on a program and you want to check which assets they have.

I assume at least 99% of what’s running on the web now is hosted by Cloud Providers (AWS, Azure, GCP, Digital Ocean etc)
Read 8 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!