***************************************************
******** Hacking "Bug Bounty" Roadmap *******
***************************************************
[1]
#bugbounty #bugbountytips #bugbountytip
******** Hacking "Bug Bounty" Roadmap *******
***************************************************
[1]
#bugbounty #bugbountytips #bugbountytip
[2]
2. What to study?
1. Internet, HTTP, TCP/IP
2. Networking ( CCNA )
3. Command line
4. Linux
5. Web technologies, "JAVASCRIPT" "PHP" "SQL"
6. Atleast 1 prog language(Python/C/JAVA/Ruby..)
3. Choose your path(imp)
1. Web pentesting
2. Mobile pentesting
3. Desktop apps
2. What to study?
1. Internet, HTTP, TCP/IP
2. Networking ( CCNA )
3. Command line
4. Linux
5. Web technologies, "JAVASCRIPT" "PHP" "SQL"
6. Atleast 1 prog language(Python/C/JAVA/Ruby..)
3. Choose your path(imp)
1. Web pentesting
2. Mobile pentesting
3. Desktop apps
[3]
4. Resources
Books
For web
1. Web app hackers handbook
2. Web hacking 101
3. Hacker's playbook 1,2,3
4. Hacking art of exploitation
5. Mastering modern web pen testing
6. OWASP Testing guide
4. Resources
Books
For web
1. Web app hackers handbook
2. Web hacking 101
3. Hacker's playbook 1,2,3
4. Hacking art of exploitation
5. Mastering modern web pen testing
6. OWASP Testing guide
[4]
For mobile
1. Mobile application hacker's handbook
Youtube channels
1. Hacking
1. Live Overflow
2. Hackersploit
3. Bugcrowd
4. Hak5
5. Hackerone
2. Programming
1. thenewboston
2. codeacademy
For mobile
1. Mobile application hacker's handbook
Youtube channels
1. Hacking
1. Live Overflow
2. Hackersploit
3. Bugcrowd
4. Hak5
5. Hackerone
2. Programming
1. thenewboston
2. codeacademy
[5]
3. Writeups, Articles, blogs
1. Medium (infosec writeups)
2. Hackerone public reports
3. owasp.org
4. Portswigger
5. Reddit (Netsec)
6. DEFCON conference videos
7. Forums
3. Writeups, Articles, blogs
1. Medium (infosec writeups)
2. Hackerone public reports
3. owasp.org
4. Portswigger
5. Reddit (Netsec)
6. DEFCON conference videos
7. Forums
[6]
5. Practice (imp)
1. Tools
1. Burpsuite
2. nmap
3. dirbuster
4. sublist3r
5. Netcat
2. Testing labs
1. DVWA
2. bWAPP
3. Vulnhub
4. Metasploitable
5. CTF365
6. Hack the box
5. Practice (imp)
1. Tools
1. Burpsuite
2. nmap
3. dirbuster
4. sublist3r
5. Netcat
2. Testing labs
1. DVWA
2. bWAPP
3. Vulnhub
4. Metasploitable
5. CTF365
6. Hack the box
[7]
6. Start!
1. Select a platform
1. Hackerone
2. Bugcrowd
3. Open bug bounty
4. Zerocopter
5. Antihack
6. Synack (private)
6. Start!
1. Select a platform
1. Hackerone
2. Bugcrowd
3. Open bug bounty
4. Zerocopter
5. Antihack
6. Synack (private)
[8]
Road:✌🏼
1. Choose wisely (first not for bounty)
2. Select a bug for hunt
3. Exhaustive search
4. Not straightforward always
REPORT:
5. Create a descriptive report
6. Follow responsible disclosure
7. Create POC and steps to reproduce
Road:✌🏼
1. Choose wisely (first not for bounty)
2. Select a bug for hunt
3. Exhaustive search
4. Not straightforward always
REPORT:
5. Create a descriptive report
6. Follow responsible disclosure
7. Create POC and steps to reproduce
[9/1]
Words of wisdom
1. PATIENCE IS THE KEY, takes years to master, don't fall for overnight success
2. Do not expect someone will spoon feed you everything.
3. Confidence
4. Not always for bounty
5. Learn a lot
6. Won't find at the beginning, don't lose hope
Words of wisdom
1. PATIENCE IS THE KEY, takes years to master, don't fall for overnight success
2. Do not expect someone will spoon feed you everything.
3. Confidence
4. Not always for bounty
5. Learn a lot
6. Won't find at the beginning, don't lose hope
[9/2]
7. Stay focused
8. Depend on yourself
9. Stay updated with infosec world
7. Stay focused
8. Depend on yourself
9. Stay updated with infosec world
@threadreaderapp unroll
• • •
Missing some Tweet in this thread? You can try to
force a refresh
