rahmetu Profile picture
Sep 12, 2022 16 tweets 8 min read Read on X
Yay🥳, I was awarded $750 bounty on @Hacker0x01! #TogetherWeHitHarder It's my first ever bounty. It took me 2 years to get my first payout. Yeah,it took me that long to get a reward and I am so glad I did it. A little tip for those who are struggling with bug bounty hunting

A 🧵 Image
1. I don't have a background in Coding or much knowledge about computers. I started from scratch watching @NahamSec recon videos on yahoo and copying the same commands as he did😂and getting familiar with the tools and commands in Linux
2. And also reading books related to bug bounty hacking like "The Web Application Hackers Handbook".When I was reading this book,I went like reading 20 or 30 pages without understanding a single thing. It occurs don't worry.After sometime and additional reading you will grasp it
3. My biggest mistake was ignoring the basics. When I explain this, I'm referring to things like how web applications work, how websites interact with the server, what an API is, what SSL cert are, what domain records are
what web requests and responses are, request and response headers, and other web technologies. I skipped over everything and started hacking right away, which gave me a lot of confusion while hunting.
4. When you are learning a new bug type like xss First ask what is it, take notes, what can we really do with it, what do I really need to know in order to hunt for xss like learning JavaScript, what are HttpOnly and Secure cookies?
5. Take effective notes while you learn about it and search for your topic. This is quite helpful and helps you develop your memory.
6. When you are learning bug types It is better to have it planned to start from, server side or client side bugs and don’t do only vulnerale labs and reading writeups
do it on the target that you are currently hunting on until the WAF blocks your IP :) or you confirmed the target is not actually vulnerable
7. Also, don’t just go from target to target when hunting. Focus on one program for this x time or for these x days. I think it is the most common mistake for starters. I have found this bug because I have focused on the program for a few days.
8. use google. Google will be your best friend In this journey don't just ask people randomly or top hunters for their bug bounty tips or how to get started there are a plenty of resource out there to learn from,I personally only DM folks if I can't find my answer on the internet
9. Being consistent when you are starting hunting is the biggest thing. When you have got your first payout, don't worry because the bounty will force you to be constant 😁
10. When you feel like giving up, please come back to this tweet. It took me 2 years and I didn't regret the time and effort I put in to learn and hunt bugs on programs. This community needs people like you, and you can make a difference!
Last but not least, Many loves hugs and sincere thanks to those who are making significant contributions to the community and to my fav hackers @thedawgyg @NahamSec @infosec_au @InsiderPhD @Jhaddix @HusseiN98D @codingo_ @zseano @TomNomNom @rez0__ @stokfredrik @infosec_au
⚡️Like, follow and share it with more people who really need this

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with rahmetu

rahmetu Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

:(