Hackonology Forums
How to become a Bug Bounty Hunter - Printable Version

+- Hackonology Forums (https://hackonology.com/forum)
+-- Forum: Cyber Security (https://hackonology.com/forum/forumdisplay.php?fid=123)
+--- Forum: Training and Tutorials (https://hackonology.com/forum/forumdisplay.php?fid=139)
+--- Thread: How to become a Bug Bounty Hunter (/showthread.php?tid=573)



How to become a Bug Bounty Hunter - Pentester - 07-19-2021

Step 1) Start reading!
There are some go-to books that you can buy to help you learn the basics and essentials of penetration testing and bug hunting. Since bug bounties often include website targets, we’ll focus on getting you started with Web Hacking and later we’ll branch out.

Your two go-to books are the following:

The Web Application Hacker’s Handbook
This is an absolute must-read and considered the web-app hacker’s ‘bible’. This book starts from square one, walking you through getting Kali Linux installed all the way through using tools and finding exploits.

OWASP Testing Guide v4
Highly suggested by Bugcrowd’s Jason Haddix

For further reading:

Penetration Testing

The Hacker Playbook 2: Practical Guide to Penetration Testing

The Tangled Web: A Guide to Securing Web Applications 

And for our Mobile hacking friends:

The Mobile Application Hacker’s Handbook

iOS Application Security

Step 2) Practice what you’re learning!
While you’re learning it’s important to make sure that you’re also understanding and retaining what you learn. Practicing on vulnerable applications and systems is a great way to test your skills in simulated environments. These will give you an idea of what you’ll run up against in the real world.

Hacksplaining
This is a great site to learn a bit more about various web hacking techniques and how they’re done. It’s actually more of a practical walk-through. Super useful!

Penetration Testing Practice Labs
This site has a massive list of practice apps and systems for several hacking scenarios. Use this list to find new testing labs and sites to practice your skills.

Step 3) Read tech write-ups and POCs (Proof of Concepts) from other hackers and watch tutorials on YouTube!
Now that you’ve got a baseline understanding of how to find and exploit security vulnerabilities, it’s time to start checking out what other hackers are finding in the wild. Luckily the security community is quite generous with sharing knowledge and we’ve collected a list of write-ups & tutorials:

Bug Bounty write-ups and POCs
Collection of bug reports from successful bug bounty hunters.

Bug Hunting Tutorials
Our collection of great tutorials from the Bugcrowd community and beyond.

/r/Netsec on Reddit
Netsec on Reddit is almost exclusively tech writeups and POCs from other researchers. A fantastic resource.

JackkTutorials on YouTube
Jackk has created many tutorials that walk you through CSRF, XSS, SQL Injection, Target Discovery and much more.

DEFCON Conference videos on YouTube
Watch all of the talks from DEFCON over the years. Very useful resource.

Hak5 on YouTube
Hak5 typically focuses on hardware hacking, but in addition to that they also have the ‘Metasploit Minute’ show, HakTip: NMap and much more.

Awesome-Infosec
This is a curated list of helpful security resources that covers many different topics and areas.

Step 4) Join the community!
You’re joining a global community of over 29,000 hackers. Luckily many of these hackers are happy to share their knowledge with a fellow polite & curious researcher.

Step 5) Start learning about bug bounties
Okay, now you’re at the point where it’s almost time to start hunting for bounties. But first, let’s learn how bug bounties work and how to get started, just to make sure we maximize our chances of success.

Source : BugCrowd