Hi! I’m new to the bug bounty scene. I was a junior software developer before I got fired when this pandemic started. Hence, I can pretty much read code and I also know how to deploy my own website on a server using IaaS platforms (I still don’t know how to use Docker though).
As for my bug hunting skills, all that I can do is some basic recon using sublist3r, amass, and tomnomnom’s assetfinder, as well as some basic SQLi and basic XSS (reflected and stored). I also know how to use some of BurpSuite’s functionalities like Intruder and Repeater for XSS and some other injection stuff. I’m always watching and studying videos made by Stök, Tomnomnom, NahamSec and TheCyberMentor (I learned all these basic hacking skills from him).
I’m looking for tips on how to approach a large scope, and what to look for (aside from data input parameters and file uploads). Any suggestions for other attacks that I could learn at my current skill level would also help. Thanks!
IMHO recon is as important as your hacking skills, so make sure you do that right. That’s not only finding subdomains but also endpoints, directories etc.
As to what you should look for, depends also on your knowledge. There are some standard things you can look for, like data input, file uploads, javascript files, outdated products etc. but every web app is different in one way or another.
You can either focus on a couple of vulns, like SQLi and XSS that you mentioned and then, step by step broaden your skills. PortSwigger is really helpful.
hello im beginner too but im on low level im learning js now and in same time im learning Recon from yt channel that u watching nahmsec, can u advice me when i complet js can i start look for xss and what knowldge u have bro ???
this my roadmap
i know some very very basic things web how work ,http, some linux basic commands !!
js -php-mysql -owap10 - practice >>>> real world !!
#Bugbounty#Bugbountytip#Bugbountytips, are the go to go if you want to follow some tips on twitter. (even though there is a lot of copy/paste just for the clout)
Hi I am also new in hacking, before I was studying medicine and now cybersecurity, do you know a good tutorial for CTF ? I mean a real-world scenario ?