Looking for Bug Bounty Tips/Advice

atykin · July 23, 2020, 3:06am

Hi! I’m new to the bug bounty scene. I was a junior software developer before I got fired when this pandemic started. Hence, I can pretty much read code and I also know how to deploy my own website on a server using IaaS platforms (I still don’t know how to use Docker though).

As for my bug hunting skills, all that I can do is some basic recon using sublist3r, amass, and tomnomnom’s assetfinder, as well as some basic SQLi and basic XSS (reflected and stored). I also know how to use some of BurpSuite’s functionalities like Intruder and Repeater for XSS and some other injection stuff. I’m always watching and studying videos made by Stök, Tomnomnom, NahamSec and TheCyberMentor (I learned all these basic hacking skills from him).

I’m looking for tips on how to approach a large scope, and what to look for (aside from data input parameters and file uploads). Any suggestions for other attacks that I could learn at my current skill level would also help. Thanks!

messede · July 23, 2020, 2:38pm

Welcome to 0x00sec , kindly head over to our dicord channel for better interaction and faster response

vict0ni · July 23, 2020, 10:02pm

IMHO recon is as important as your hacking skills, so make sure you do that right. That’s not only finding subdomains but also endpoints, directories etc.

As to what you should look for, depends also on your knowledge. There are some standard things you can look for, like data input, file uploads, javascript files, outdated products etc. but every web app is different in one way or another.

You can either focus on a couple of vulns, like SQLi and XSS that you mentioned and then, step by step broaden your skills. PortSwigger is really helpful.

You can join us on Discord for more discussions

atykin · July 25, 2020, 3:37pm

Thank you for the replies! I appreciate it.

P.S. I just also joined the discord channel. Looking forward for more learnings from all of you.

Arour_Mohamed · June 13, 2023, 6:47pm

hello im beginner too but im on low level im learning js now and in same time im learning Recon from yt channel that u watching nahmsec, can u advice me when i complet js can i start look for xss and what knowldge u have bro ???
this my roadmap
i know some very very basic things web how work ,http, some linux basic commands !!
js -php-mysql -owap10 - practice >>>> real world !!

ayrad · June 17, 2023, 9:47pm

#Bugbounty #Bugbountytip #Bugbountytips, are the go to go if you want to follow some tips on twitter. (even though there is a lot of copy/paste just for the clout)

Mr5Robot · August 12, 2023, 11:28pm

Hi I am also new in hacking, before I was studying medicine and now cybersecurity, do you know a good tutorial for CTF ? I mean a real-world scenario ?