in Cybersecurity. ▪ How can you be a successful bug hunter? ▪ Things needed to move forward in Bug Bounties ▪ Can Bug Bounty be opted as a career option. ▪ Myths about the certifications. ▪ Tips/Tricks
veins, started at early age near to 10 years back form now. ▪ As it was my passion due to no access to PCs and Laptops, used internet cafes to learn and try stuff. ▪ All these years I was passively working in this field, from past 3 years I though of becoming active in this field. ▪ In past 3 years I have achieved many things that I haven’t though of too.
is a bit difficult but possible. ▪ Some people take up to 6 months of continuous hard to get 1st bounty. ▪ Be motivated, today might not be yours but tomorrow will be definitely yours. ▪Eat -> Sleep -> Hack -> Repeat
with basics. ▪ Understand the workflow of the applications. ▪ Like for example start with some basic development (Web/Mobile) ▪ Understand how the data is transferred for browser to servers. ▪ Then move forward with hacking, Application security, Network security, IOT security…etc. ▪ Nowadays almost in every field there is a bug bounty program.
you know how to built, then it would be a lot easier for you to break it. ▪ Learn the “Art of googling” ▪ Something you might lose up you patience too like, you might work for 15-18hrs per day for continuous 10-15 days, and end up not getting anything. ▪ Learn to use all the resources over the internet like, try read blog that might open up your mind. ▪ If you are okay with coding learn to automate stuff. Like automating your information gathering process or git recon process.
follow my mind map that is update on regular bases, so you might gets best of best resources to any vulnerabilities over the internet. ▪ Try to escalate the vulnerabilities like if you found HTML injection escalate it to XSS attack. ▪ If you found CSRF vulnerability try to escalate it to Full account takeover. ▪ Earlier Bug Bounty was about any vulnerabilities now its all about it’s bypass. ▪ Automation is the key, Automate as much as possible.
Bug Bounty can definitely chosen as a career option. ▪ If you start bug bounty at early age and are eager to move your career in cybersecurity domain, you need not worry about your job. ▪ As cybersecurity is the only domain, whatever might be the situation jobs will be there. ▪ Try joining some Private bug bounty platforms like Synack, Detectify, cobalt (SAAS)...etc
and try to escalate issues instead of simply reporting it. ▪ Read H1 Hacktivity. ▪ Google, Censys, Shodan. ▪ Learn the ways to bypass the vulnerabilities. ▪ Get started with bugcrowd platform as its more researcher supportive platform.