Yay🥳, I was awarded $750 bounty on @Hacker0x01! #TogetherWeHitHarder It's my first ever bounty. It took me 2 years to get my first payout. Yeah,it took me that long to get a reward and I am so glad I did it. A little tip for those who are struggling with bug bounty hunting
A 🧵
A 🧵
1. I don't have a background in Coding or much knowledge about computers. I started from scratch watching @NahamSec recon videos on yahoo and copying the same commands as he did😂and getting familiar with the tools and commands in Linux
2. And also reading books related to bug bounty hacking like "The Web Application Hackers Handbook".When I was reading this book,I went like reading 20 or 30 pages without understanding a single thing. It occurs don't worry.After sometime and additional reading you will grasp it
3. My biggest mistake was ignoring the basics. When I explain this, I'm referring to things like how web applications work, how websites interact with the server, what an API is, what SSL cert are, what domain records are
what web requests and responses are, request and response headers, and other web technologies. I skipped over everything and started hacking right away, which gave me a lot of confusion while hunting.
4. When you are learning a new bug type like xss First ask what is it, take notes, what can we really do with it, what do I really need to know in order to hunt for xss like learning JavaScript, what are HttpOnly and Secure cookies?
5. Take effective notes while you learn about it and search for your topic. This is quite helpful and helps you develop your memory.
6. When you are learning bug types It is better to have it planned to start from, server side or client side bugs and don’t do only vulnerale labs and reading writeups
do it on the target that you are currently hunting on until the WAF blocks your IP :) or you confirmed the target is not actually vulnerable
7. Also, don’t just go from target to target when hunting. Focus on one program for this x time or for these x days. I think it is the most common mistake for starters. I have found this bug because I have focused on the program for a few days.
8. use google. Google will be your best friend In this journey don't just ask people randomly or top hunters for their bug bounty tips or how to get started there are a plenty of resource out there to learn from,I personally only DM folks if I can't find my answer on the internet
9. Being consistent when you are starting hunting is the biggest thing. When you have got your first payout, don't worry because the bounty will force you to be constant 😁
10. When you feel like giving up, please come back to this tweet. It took me 2 years and I didn't regret the time and effort I put in to learn and hunt bugs on programs. This community needs people like you, and you can make a difference!
Last but not least, Many loves hugs and sincere thanks to those who are making significant contributions to the community and to my fav hackers @thedawgyg @NahamSec @infosec_au @InsiderPhD @Jhaddix @HusseiN98D @codingo_ @zseano @TomNomNom @rez0__ @stokfredrik @infosec_au
@securibee @hacker_ @hakluke @vickieli7 @BountyOverflow @payloadartist @tabaahi_ @_zwink @BugBountyHQ @gregxsunday @GodfatherOrwa @ADITYASHENDE17 @EdOverflow
⚡️Like, follow and share it with more people who really need this
• • •
Missing some Tweet in this thread? You can try to
force a refresh
