What is Bug Bounty?
Bug Bounty is a deal offered by many websites and software developers by which individuals can receive recognition and compensation for reporting bugs, especially those pertaining to exploits and vulnerabilities. How to Get Started into Bug Bounty By HackingTruth
Basic Technical things to get started-:
There are many things you have to learn but I cannot list of all of them here. I’m listing a few important topics and you should learn more by yourself.
HTTP — TCP/IP Model
Linux — Command line
Web Application technologies
Networking basics
Learning Basics of HTML, PHP, Javascript
Choosing your initial Path-:
Choosing a path in the bug bounty field is very important, it totally depends upon the person’s interest but many of the guys choose the web application path first because according to me it’s the easiest one. How to Get Started into Bug Bounty By HackingTruth
Web application Security Testing
Mobile Application Security Testing
Books-:
1–Modern Web Penetration Testing
2–The Hacker Playbook Practical Guide
3–The web application hackers handbook
4–Web Hacking 101
5-The Hacker Playbook 2 Practical Guide To Penetration Testing
6–The Hacker Playbook 3 Practical Guide To Penetration Testing
7–Hands On Bug Hunting for Penetration
8-OWASP Testing Guide
9-Mobile Application hacker’s handbook
10-Breaking into Information Security: Learning the Ropes 101
YouTube Channels-:
- Live Overflow — https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w
- Hackersploit –https://www.youtube.com/channel/UC0ZTPkdxlAKf-V33tqXwi3Q/videos
- Kumar Atul Jaiswal — https://www.youtube.com/channel/UCa2s3RmE4B-hRsgKSjJLx_w
- Bugcrowd — https://www.youtube.com/channel/UCo1NHk_bgbAbDBc4JinrXww
- Open Security Training — https://www.youtube.com/user/OpenSecurityTraining
- Hackerone –https://www.youtube.com/channel/UCsgzmECky2Q9lQMWzDwMhYw
- Stok — https://www.youtube.com/channel/UCQN2DsjnYH60SFBIA6IkNwg
- nahamsec — https://www.youtube.com/channel/UCCZDt7MuC3Hzs6IH4xODLBw
- CyberMentor — https://www.youtube.com/channel/UC0ArlFuFYMpEewyRBzdLHiw
- PwnFunction- https://www.youtube.com/channel/UCW6MNdOsqv2E9AjQkv9we7A/featured
Security Conference talks you should watch-:
1-Akhil George- https://www.youtube.com/channel/UCsVp13y6_bsj56V3hSph6eg/playlists
2-DEF CON 23 — Jason Haddix — How to Shot Web: Web and mobile hacking in 2015-https://youtu.be/-FAjxUOKbdI
Follow these guys on Twitter-:
1-Frans Rosén
2-Mathias Karlsson
3-dawgyg
6-Olivier Beg
7-Jobert Abma
8-STÖK
9-Gerben Javado
10-Tanner
11-NahamSec
12-Yassine Aboukir
13-Geekboy
14-Patrik Fehrenbach
15-Nathan
16-Th3G3nt3lman
17-Prateek Tiwari
Resources to Learn:
Testing Labs:
1-https://www.hacker101.com/
2-https://pentesterlab.com/
3-https://www.hackthebox.eu/
4-http://www.dvwa.co.uk/
5-https://xss-game.appspot.com/
6-https://www.vulnhub.com/
7-https://hack.me/
8-https://owasp.org/www-project-juice-shop/
9-https://tryhackme.com/
Tools:
Synack
Cobalt
1-https://labs.detectify.com/
2-https://medium.com/bugbountywriteup
3-https://blog.appsecco.com/
4-https://philippeharewood.com/
5-https://www.geekboy.ninja/blog/
6-https://medium.com/bugbountywriteup/bug-bounty-hunting-methodology-toolkit-tips-tricks-blogs-ef6542301c65
Vulnerability Name
Vulnerability Description
Vulnerable URL
Payload
Steps to Reproduce
Impact
P1 -Critical: Vulnerabilities that cause a privilege escalation from unprivileged to admin or allow for remote code execution, financial theft, etc.
P2 -High: Vulnerabilities that affect the security of the software and impact the processes it supports.
P3 -Medium: Vulnerabilities that affect multiple users and require little or no user interaction to trigger.
P4 -Low: Vulnerabilities that affect singular users and require interaction or significant prerequisites to trigger (MitM) to trigger.
P5 -Informational: Non-exploitable vulnerabilities in functionality. Vulnerabilities that are by design or are deemed an acceptable business risk to the customer.
I hope you liked this post, then you should not forget to share this post at all.
Thank you so much :-)
- Burpsuite
- nmap
- Netcat
- OwaspZap
- Kali Linux
- Sqlmap
Bug Bounty Platforms-:
Invite based Platforms:
Synack
Cobalt
Blogs you should follow-:
1-https://labs.detectify.com/
2-https://medium.com/bugbountywriteup
3-https://blog.appsecco.com/
4-https://philippeharewood.com/
5-https://www.geekboy.ninja/blog/
6-https://medium.com/bugbountywriteup/bug-bounty-hunting-methodology-toolkit-tips-tricks-blogs-ef6542301c65
Sample format of report:
Vulnerability Name
Vulnerability Description
Vulnerable URL
Payload
Steps to Reproduce
Impact
Vulnerabilities Priorities:
P1 -Critical: Vulnerabilities that cause a privilege escalation from unprivileged to admin or allow for remote code execution, financial theft, etc.
P2 -High: Vulnerabilities that affect the security of the software and impact the processes it supports.
P3 -Medium: Vulnerabilities that affect multiple users and require little or no user interaction to trigger.
P4 -Low: Vulnerabilities that affect singular users and require interaction or significant prerequisites to trigger (MitM) to trigger.
P5 -Informational: Non-exploitable vulnerabilities in functionality. Vulnerabilities that are by design or are deemed an acceptable business risk to the customer.
I hope you liked this post, then you should not forget to share this post at all.
Thank you so much :-)
- Hacking Truth by Kumar Atul Jaiswal