🧵A Thread:
2+ years in bugbounty here are my stats:
->Total reports: 403
⟢Resolved: 59
⟢N/A: 81
⟢Duplicate: 82
⟢Informative: 165
⟢Triaged: 13
⟢New: 3
Approach: Manual testing, 0% recon!
Here is what i learnt 👇
#BugBounty #Infosec
2+ years in bugbounty here are my stats:
->Total reports: 403
⟢Resolved: 59
⟢N/A: 81
⟢Duplicate: 82
⟢Informative: 165
⟢Triaged: 13
⟢New: 3
Approach: Manual testing, 0% recon!
Here is what i learnt 👇
#BugBounty #Infosec
1/n Initially starting everyone does mistakes, we grow up learning from others . So don't give up keep learning and stay persistent
2/n Stay humble with triagers, but there are times when ur report is valid but might be mistaken due to unseen reasons . it happened to me many times but have to be persistent in report and explain why i think it is valid or no dup
3/n most important thing i learnt is either be fast or do your own research and find ur own way. Whenever a program is fresh , spend more time on it and be fast. Top its leaderboard , once u do so be persistent and keep hunting. dont let others catch u🙃
3/n i did absolutely 0 recon in this two years , all approach was manual but recon will enhance ur knowledge , u'll find new assets to hack on, unseen or undiscovered assets by others
5/n I never looked for lfi, ssrf,rce,etc. My bugs included security misconfigurations, authentication bypass, business logic error and i still hit many criticals . So if u never look u will never find. So i focused on what i love but it'll change soon i am pretty sure
6/n i got many n/a because i saw some report disclosed on h1 hacktivity and it was. rewarded, same was case in other programs i hunted. reported but got n/a or have to self close. so it depends on team if they consider it valid or not
7/n Whenever i feel bored, i did some labs, read writeups/articles/blogs, watched videos!
8/n The first year went to learning , i bought new laptop and upgraded myself. Then i had clear goal of what to do. One thing is all want quick success but great things take time , 2-4 years or more . it depends person by person, consistency and seriousness towards it
9/n don't copy what others do, use ur own methodology if u want to avoid dupes, stick to 2-5 programs and understand their core to find more bugs easily.
10/n we all have own preferences, i personally like webapps with role functionality meanwhile someone might love to test commerce websites so u can just pick some and get started
11/n there is no need to rush, success isn't quick. It takes time , focus on ur mental health too. I dont believe there is a thing like burnout, its just u are pushing urself too much. Remember that timing matters too and ofc luck do matters somehow
12/n to avoid getting bored, u can just do other things like read/write related to same field or just do opposite of it whatever u prefer or gives u mental piece
13/ the more u learn, the more is there to learn. Cybersecurity is evolving field. Everyday there is new thing to learn. So to keep urself updated subscribe to podcasts, newsletters, etc
14/ i still get informatives and n/a sometimes no wonder xD. Spend ur time in learning more and hunt occasionaly in between or according to ur time management
15/n lets say i hit around 10k$ bounty in first year . The good thing was persistency and continuous learninng, exposure to many functionalities etc made me hit same amount in a week. So u can see the progress. the more u learn the more u earn! knowledge is key here
16/ there isnt any perfect path. U do mistakes, u understand the concepts, u apply and keep going thats how it works. so mistakes leads to progress.
17/n I am still learning and there is much more to learn and consume. For now i am hunting in between and often and focusing on learning other things. the reason is soon u will be bored of how little u know or the same told things u know. so keep learning and exploring new hobby
18/n lastly
- stay persistent, be humble and have clear vision
- learn more, hunt often, have fun enjoy the process
- focus on ur mental and physical health too
- if u are feeling low just do whatever u love, don't push urself much
- stay persistent, be humble and have clear vision
- learn more, hunt often, have fun enjoy the process
- focus on ur mental and physical health too
- if u are feeling low just do whatever u love, don't push urself much
i recently started doing writeups and getting into andriod pentesting. and i have started #Learn250 to keep myself updated daily . u can find repo link at:
github.com/AkashHamal0x01…
github.com/AkashHamal0x01…
dont forget to set goals ;)
so the plan is spend ur most of time learning , hunting for 1-5 hrs is enough in a day but u can extend if u want
I just wanted to share my experience,what real stats are😂
. U can see there are many dups, many na and many informative. It isn't easy. if u see money and go in directly then it's more hard. Have some basics first and u can get ur hands dirty
. U can see there are many dups, many na and many informative. It isn't easy. if u see money and go in directly then it's more hard. Have some basics first and u can get ur hands dirty
Note that even if u hit many bounties at some point of ur life maybe continuously and high value. It's doesn't matter ,at some point u'll be bored of doing same stuff that's when u will try to learn new thing or make new hobbies
• • •
Missing some Tweet in this thread? You can try to
force a refresh
