Share this page!

Maik Ro Profile picture
Twitter logo
Oct 12 12 tweets 4 min read
Day 3⃣8⃣

Let's get started with Offensive Security & Bug Bounty -

What do you need to know as a Beginner?

Let me tell you.

No organization in the whole wide world needs people that can just hack.

Why - a 🧵
I believe that purple teaming - a combination of Red - offensive - and Blue - defensive security, is the path of the future, and the ONLY PATH really.

But! Currently we are training people the entirely wrong way.
We train hackers to choose between offensive and defensive sides.

So naturally there is a unwritten conflict between the two - it's a cat & mouse game.

Red Team hacks, Blue Team patches / fixes / forwards issues to the development teams.

See the issue?
IF red teamers only hack and point out vulnerabilities and potential attack paths - WHO has the knowledge to fix those?

You guessed right, not the Red Teamers.
But the Blue Team usually does not know it either

ONLY a sparring between both teams will help

Enter Purple Teaming.
OK - I understand now

but ...

How do you learn how to talk to Blue Teams or Developers as an offensive security person?

- Bug Bounty
- Code Review
- Mitigation Analysis
- Building vulnerable Apps yourself
I think Bug Bounty combined with code review is the easiest way to get started with Purple Teaming.

Now comes the kicker - there is a platform that gives you all that

+ the chance to get CVEs for the Bugs you find!

(Disclaimer: I found my first CVE in Open Source Software)
It's @huntrdev (huntr.dev) and I believe it is the best platform to get started with bug bounty and will also help your offensive security career A LOT.

Why?
1. You need to install & start the application that you want to hack.

Sometimes it's easy, sometimes this takes "a while...", even for seasoned professionals.
2. You can choose the size of the application that you want to hack.
If you want to look at only small applications, be my guest.

If you want to hack Laravel, Drupal or other hugely popular systems, you can do that as well!
3. You have the chance to find bugs in the code first and only hack them afterwards 🤯 - Code Review!

This also gives you the chance to hack first and then identify why it worked directly in the code

Pick your poison, any way works!
The only thing left to do is start.

How to find juicy repositories?

You can use my github search query:

stars:100..500 language:php archived:false

This will give you popular repositories written in php, currently you have more than 2000 to choose from.
Pick any!

@joehelle wrote a blog post that I used to report my first CVE - medium.themayor.tech/how-i-was-bore…

LETS GO - HACK the planet.

If you have questions or need someone to cheer for you - my DMs are open or you can reply here.

#BugBounty #30DaysOfBugBounty

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Maik Ro

Maik Ro Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @maikroservice

Maik Ro Profile picture
Oct 14
Day 4⃣0⃣

Today we will start hacking the application we selected yesterday.
In my case it was farmOS - you might have choosen a different Open Source Software you found on github - which is fine, the methodology is the same.

What to do first?

Right, start the application…
Recap:

We installed @Docker so that we can automagically have it running without headaches.

Now make sure that docker is running and type

docker ps

into your terminal. Your output should look similar to this one (the CONTAINER ID, PORTS and NAMES might look differently) terminal output of docker p...
Read 12 tweets
Maik Ro Profile picture
Oct 13
Day 3⃣9⃣

I will teach you how to find bugs in open source software step by step

Lets go!
1. You use the query I posted yesterday to find potential targets: github.com/search?q=stars…

(You can adapt the number of stars to your liking, anything more than 50 stars should suffice)

You now have 1068 RESULTS - WAOW.
2. You get into your hacker mindset and figure out which ones are juicy targets🧃

but... How?

Easy, all you have to do is think about vulnerabilities...

What?

Ok, let me explain
Read 18 tweets
Maik Ro Profile picture
Oct 7
Day 3️⃣ 3️⃣

What is the one thing that separates newbie bug hunters from the professionals - let me tell you
It’s persistence. The tools and ideas that for example @Jhaddix shows is his talks are far beyond the level I thought someone would use for Bug Bounty.

There was one Technique that blew my mind 🤯
It is scraping cloud provider IP ranges (proactively and recurring)

Imagine you are hacking on a program and you want to check which assets they have.

I assume at least 99% of what’s running on the web now is hosted by Cloud Providers (AWS, Azure, GCP, Digital Ocean etc)
Read 8 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

Send Email!

Email the whole thread instead of just a link!

Separate emails with commas

:(