Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
Nithin 🦹‍♂️ Profile picture
@thebinarybot
Aug 15, 2022 8 tweets 3 min read Read on X
It is especially hard for beginners to choose the right program to hunt on.

Over the years, I have learnt enough from my personal experience what program to choose and what not to, especially if you're just starting out.

Here's a thread on choosing the right bug bounty program.
1. Developing the hunter mindset is hard at the very start and personally I feel it's better to go for the the low-hanging fruits. To catch low-hanging fruits, you should pick a target that experts would go past.
2. Firstly, go for VDPs. VDPs / unpaid programs are ignored by experienced hunters and you can use these to get some experience and fame. You might also get private invites after building some fame.
3. Next, choosing programs with large scope. Higher the attack surface, higher the chances. But experience players will also be hunting here. The catch is to look for those low payout bugs experience people will overlook.
4. Also, when beginning you might want to find those programs that have a fast response time. This would help you mentally as well.
5. Once all of this is checked, make sure that the program treat it's responders well. There are some programs that despite being underpaid treat reports badly. You don't want to associate yourself with these.
Choosing the right program matters a lot. Especially when you're just starting out, you'd want to have fast response, proper feedback. These should be the goals and not money. Of course after some experience, money will follow ;)
That's a wrap!

If you enjoyed this thread:

1. Follow me @thebinarybot for more of these
2. RT the tweet below to share this thread with your audience

#bugbounty #infosec #bugbountytips

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Nithin 🦹‍♂️

Nithin 🦹‍♂️ Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @thebinarybot

Nithin 🦹‍♂️ Profile picture
Apr 10, 2024
Top 10 Browser Extensions for Bug Bounty Hunters and Security Researchers 🧵👇

2024 Edition.
1️⃣ Wappalyzer: A technology profiler that identifies the technologies used on websites, from CMS to JavaScript libraries.

Available in: Google Chrome | Mozilla Firefox

🔗Link:

🔗Link: chromewebstore.google.com/detail/wappaly…
addons.mozilla.org/en-US/firefox/…
2️⃣ Hunter: Quickly find email addresses on websites with a single click.

Available in: Google Chrome | Mozilla Firefox

🔗Link:

🔗Link: chromewebstore.google.com/detail/hunter-…
addons.mozilla.org/en-US/firefox/…
Read 12 tweets
Nithin 🦹‍♂️ Profile picture
Apr 9, 2024
💉 You cannot ignore to lookout for SQL Injection vulnerabilities if you want to make $$$$ bounty.

To master SQL injections, open this thread of massive resources 👇
1️⃣ SQL injection by @PortSwigger

🌟 PortSwigger Academy offers excellent resources to learn about web vulnerabilities like SQL injection, providing interactive labs for practical skill enhancement.

portswigger.net/web-security/s…
@PortSwigger 2️⃣ Cheatsheet by @pentest_swissky

🌟 PayloadsAllTheThings serves as a goldmine 🏆 for database hacking, with cheat sheets 📝 for sneaky tricks to break in and mess around. 🕵️‍♂️💻

github.com/swisskyrepo/Pa
Read 7 tweets
Nithin 🦹‍♂️ Profile picture
Apr 8, 2024
🕵️‍♂️ New to bug bounty hunting? Here's a beginner-friendly thread with 10 must-do steps to kickstart your journey!

From starting small to staying ethical, this list has got you covered.😉
1️⃣ Begin with hacking VDPs

This will help you to develop skills gradually rather than aiming for big rewards right away.

2️⃣ Understand Program Rules:

Familiarize yourself with bug bounty program rules for each company before starting testing to avoid misunderstandings.
3️⃣ Focus on Specific Areas:

Concentrate on specific areas to dig deeper and identify more vulnerabilities instead of covering everything at once.
Read 10 tweets
Nithin 🦹‍♂️ Profile picture
Mar 31, 2024
Top 5 DevSecOps platforms to learn Cybersecurity in 2024 👇
1️⃣ AppSecEngineer: This platform offers hands-on, full-stack security training tailored to various skill levels and roles, including developers, cloud beginners, and security architects.

appsecengineer.com
2️⃣ Avatao: Avatao stands out with its gamified platform and hands-on training approach, providing an immersive learning experience for developers and security professionals alike.

avatao.com
Read 7 tweets
Nithin 🦹‍♂️ Profile picture
Mar 28, 2024
Github dorks are super useful and can easily get you $$$$ bounty with correct dorks 🚀

So what should I dork for?

Learn in this thread below 👇
1️⃣ First, what are GitHub dorks?
These are advanced search queries specifically crafted to find sensitive information like API keys, passwords, credentials, and more, often left exposed in code repositories.
2️⃣ Sensitive Information: Search for these words in different combinations:

Token, Secret, Credential, Access Key, Private Key, Authentication, Username, Database, Password, API Key, access_key
Read 7 tweets
Nithin 🦹‍♂️ Profile picture
Feb 24, 2024
If you want to master SQL injections, open this thread!

💉 SQL Injection is a P1 vulnerability and can easily help you earn $$$$💸 Image
2️⃣ Cheatsheet by @pentest_swissky

🌟 PayloadsAllTheThings serves as a goldmine 🏆 for database hacking, with cheat sheets 📝 for sneaky tricks to break in and mess around. 🕵️‍♂️💻

github.com/swisskyrepo/Pa…
@pentest_swissky 3️⃣ Hacking with SQLi by @secaura_

🌟 This is one of the BEST videos out there on SQL injections.

Read 10 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

Send Email!

:(