Hi! I’m new to the bug bounty scene. I was a junior software developer before I got fired when this pandemic started. Hence, I can pretty much read code and I also know how to deploy my own website on a server using IaaS platforms (I still don’t know how to use Docker though).
As for my bug hunting skills, all that I can do is some basic recon using sublist3r, amass, and tomnomnom’s assetfinder, as well as some basic SQLi and basic XSS (reflected and stored). I also know how to use some of BurpSuite’s functionalities like Intruder and Repeater for XSS and some other injection stuff. I’m always watching and studying videos made by Stök, Tomnomnom, NahamSec and TheCyberMentor (I learned all these basic hacking skills from him).
I’m looking for tips on how to approach a large scope, and what to look for (aside from data input parameters and file uploads). Any suggestions for other attacks that I could learn at my current skill level would also help. Thanks!