bug-bounty | ethical-hacking | getting-started

Hunting for bugs – Getting started guide

The purpose of the next few lines is to give some tips for those who just started diving into hacking. The topic is divided into two parts. Firstly, I would like to present one way to build an elementary knowledge base; then, I’ll give you an idea of how you can use it in bug bounty.

Balazs PoznerDecember 02, 2020 · 6 min read · Last Updated:

Hunting for bugs – Getting started guide

The purpose of the next few lines is to give some tips for those who just started diving into hacking. The topic is divided into two parts. Firstly, I would like to present one way to build an elementary knowledge base; then, I’ll give you an idea of how you can use it in bug bounty.

Spoiler: bug bounty is not for beginners. You have to start with the basics and work hard to be successful in this field. You are on a good track while reading this blog.

1. About web hacking

Obviously, tons of useful materials available on the internet. Books, training videos, etc. I don’t even try to list them. I want to summarize what I found the most useful.

Web hacking is an extremely complex field, and there are different learning paths that you may find better for you. In this blog, you will find some tips, but I encourage you to get more opinions and find the best way to learn.

Nahamsec has also created his impressive list of the best resources.

Stating with OWASP Top 10 in detail is a reasonable choice. Peter Yaworski’s Web Hacking 101 book is also an excellent material to support you. Moreover, if you are just jumped into hacking, and you are not familiar with the basic tools of web hacking (Burp Suite, ZAP, etc.), you will also need some practical experience. I highly recommend trying CTF games. You need to build up your hacking environment based on your taste and then move to bug bounty programs.

The complete list would be endless, but the following resources can help you get started or improve your skills in web hacking:

  • HackTheBox – The most popular CTF platform. You can enhance your penetration testing skills while testing against systems (some of those systems are simulating real-world scenarios well). If you don’t want to install a virtual machine, Pwnbox is a useful feature for you.

  • IppSec – He is generating quality content for a long time on his youtube channel. He hacks boxes with a clear explanation. While you are not ready for a CTF, you can learn a lot from his videos, and you will identify which areas need improvement (for example, OS functions or network knowledge).

  • PortSwigger Web Security Academy – It’s something that worth mentioning. They are the creators of Burp Suite (the most popular tool in hacking by far).

  • Over The Wire Wargames – Maybe you will consider this old-school in the days when there are beginner ethical hacking courses specified for bug hunting. Being familiar with Linux commands can be extremely useful for you throughout your hacking journey.

  • Avatao – It’s more about secure software development, but there are some awesome challenges to get inspiration to go deeper into a topic.

  • Jason Haddix – The latest version of Bug Hunter’s Methodology should be bookmarked to watch more than once.

Continuous learning is essential for all of us in cybersecurity. When you are done with the basics, there are several online media to subscribe to. I prefer STÖK’s youtube channel to get new ideas.

To be curious is more important in this fast-changing field than the „years of experience” could be.

Deciding when you are ready for a bug bounty program will be your choice, but I would say that some CTF games experience is essential. „Rooted” experience as well as „the system crashed”. When you feel how easy to get a non-hardened system to crash, only then can you truly understand how important to avoid it in a production environment (and it’s a must to stay on the ethical side).

2. About bug bounty programs

When choosing the best bug bounty program for you, you should consider some parameters. Firstly, what systems are in the scope. There are different tactics. Somebody prefers to build a broad knowledge; others may want to develop more specialized skills.

The rewards are also essential. If the rewards are high, you will get higher amounts, but the competition will be bigger. And other factors can influence your choice: the name of the company, skills of the other side, and responsiveness can matters.

If you find awesome bugs, you will realize it’s only half of the story; the other half is to explain to others why these bugs you have found are awesome. Writing high-quality reports pays off (literally).

Some ethical hackers (mostly in the top 10 percent) are testing with automatization because they have realized they should minimize the effort while maximizing the profit. It can be a good strategy as soon as you do it uniquely or simply faster than others.

The top hackers earn massive amounts, but one thing must be noted here: you need special skills to consider bug bounty as a „stable source of income”.

Most bug hunters have favorite vulnerabilities (same reason – minimize the effort while maximizing the profit). For example, web cache poisoning attacks, different types of XSS, and subdomain takeover is quite popular. I recommend you to find your favorite one and go deeper into that kind of vulnerability. HackerOne’s Hacktivity is an absolutely stunning material to support you in. To understand these reports need specific knowledge, videos of „bug bounty reports explained” youtube channel (or similar) can help you a lot.

At HACKRATE, we are currently working on a fairly deep education platform with a partner, which will be announced soon. You can follow us on social media to be notified.

Written by Balazs Pozner
CEO and Founder of HACKRATE Ltd.