InfoSec Write-ups

A collection of write-ups from the best hackers in the world on topics ranging from bug bounties…

Follow publication

How to start Bug Bounty Hunting $$$$ in 2024??

Image Source: Internet

TL;DR: This guide is tailored for complete beginners. Learn how to hunt down digital bugs, improve cybersecurity skills, and earn $$$$$ along the way!

  • The majority of the assets are web. So it’s essential to learn web technology. It’ll help you to understand the game better & keep you ahead of the table. Learning languages like JS helps a lot. Once you know the basics of web (front-end, back-end, DB) flow, you can learn how to break it!
  • Your machine is your weapon! Learn OS, Be a pro in CLI. It’s essential in your journey. Most of the kids in this era already knew this stuff. Still, it should be mentioned.
  • Learn the basics: OWASP Top 10, CWE, CVE, CVD, 0day & their differences.
  • Research & Learn more about CWEs & where they can be visible. For example, in CWE-79: Cross-site Scripting, you must investigate the corresponding bug, where it can be reproduced & why it occurs (root cause). Then, you can think as a developer (you learned at the beginning) how this is possible at the code level. Then, you will understand how to prevent this.
  • Focus more on OWASP-TOP-10 vulnerabilities (Web, API, Android, whatever). And investigate the latest CVEs for those bugs. After doing this and familiarising yourself with the industry, you can slowly move on to practice.
  • Skill Assessment: Sharpen your skills by doing Labs like Portswigger, PentesterLab, Secure Code, etc. Read the related blogs once you find it difficult to solve these challenges. Use a keyword and google it. Learn more & pwn the challenge later. Read Blogs and write-ups daily (it’ll only take a little time). Subscribe to bug bounty blogs.
  • Watch videos of:
* LiveOverflow
* InsiderPhd
* Bug Bounty Reports Explained
* NahamSec
* Farah Hawa
* Rana Khalil
* John Hammond
* Ippsec
* rs0n_live
* Intigriti
* etc.

Their contents are outstanding.

  • Learn more about Public, Private, & VDP BB Programs and understand how it works. You can start hunting from a less competitive environment (up to you); people always suggest beginning with VDP.
  • Platforms for hunting bugs: https://www.trustradius.com/bug-bounty
  • Apple, Meta, Google, etc. have their reporting end-points (don’t forget)
  • How to escape from Duplicate: Build your methodology. You can learn from public resources & apply, but make some changes from what you learned from the public. It’ll take time; you must try harder & maintain the consistency to get to that level.
  • Important: Don’t share your methodology; you can share the resources & knowledge (Sharing is caring, but spoon feeding isn’t. I hope you understand).
  • Join discord & telegram channels (Bug Bounty/Infosec communities).
  • Please don’t stay inside any “Toxic community” that kills your peace of mind; you don’t have to carry criticism of idiots & charlatans. Only stay inside the healthy circle and share the contents.

Let’s learn and grow together.

For more updates about Offensive-Security & Hacking, Follow me: 7h3h4ckv157

Sign up to discover human stories that deepen your understanding of the world.

Free

Distraction-free reading. No ads.

Organize your knowledge with lists and highlights.

Tell your story. Find your audience.

Membership

Read member-only stories

Support writers you read most

Earn money for your writing

Listen to audio narrations

Read offline with the Medium app

Published in InfoSec Write-ups

A collection of write-ups from the best hackers in the world on topics ranging from bug bounties and CTFs to vulnhub machines, hardware challenges and real life encounters. Subscribe to our weekly newsletter for the coolest infosec updates: https://weekly.infosecwriteups.com/

Written by 7h3h4ckv157

Hacker | Hall of Fame: Google, Apple, NASA, 𝕏 (FKA Twitter) | Speaker: BlackHat MEA x1 | CVE ×4 | HTB Rank: Guru | P1 warrior - Bugcrowd | CS Engineer

Responses (1)

Write a response

The Security Response Center is a good choice~

--