Bug Bounty Tips and My Journey

Bug Bounty Tips and My Journey

Hi everyone! It's been a while since my last post, and I owe you an explanation.

Over the past two months, I've shifted my focus from Capture the Flag (CTF) challenges to Bug Bounties. Unlike CTFs, Bug Bounties have strict confidentiality rules, meaning I can't always disclose the details of the bugs I find. That's why things have been a bit quiet here on the blog, but rest assured, there are some exciting CVEs coming soon! I'll also be sharing insights on what I've been up to.

Why Bug Bounties?

This shift in focus has sparked curiosity, and I've received many messages on LinkedIn asking, "How did you get started with Bug Bounties?" and "I've started hunting but haven’t found anything—should I give up?"

How I Got Started

I first heard about Bug Bounties back in high school, but it wasn't until 2022 that I made the jump from being a physicist to a cybersecurity enthusiast and bug hunter. The catalyst for this change? Well, that’s a story for another post.

How I Built My Skills

I realized I needed to start from scratch, so I dove deep into learning. Like many beginners, I found myself overwhelmed by the sheer amount of information available. I spent money on paid courses that, unfortunately, taught me little to nothing. But amid those false starts, I found PortSwigger, a platform designed for learning web security.

PortSwigger offers hands-on hacking labs, perfect for beginners. I completed all the beginner-level labs before diving back into Bug Bounties. At first, I struggled to solve the labs without guidance, but over time, I developed a strategy that I still use today: trying solutions on my own and referring to help only when absolutely stuck.

My Return to Bug Bounties

After completing the beginner labs, I returned to Bug Bounties. Ironically, my first real vulnerability discovery was on PortSwigger's own website! I found another open redirect, but this time I demonstrated its impact by showcasing how it could lead to an SSRF (Server-Side Request Forgery). I reported it to their team, and they fixed it the next day.

Practice Makes Perfect

If you're getting started, I can't stress enough how important it is to practice. Platforms like Pwnable.kr, Root-Me, Hacker101, and TryHackMe are invaluable for building your skills. I also highly recommend HackTheBox for more advanced challenges.

Choosing Bug Bounty Platforms

If you're just starting, it's a good idea to focus on less competitive Bug Bounty platforms. Platforms like HackerOne and Bugcrowd are highly competitive but offer great rewards. However, I suggest checking out Yogosha, HuntrDev, and Intigriti, as they tend to have lower competition and can be more rewarding for new hunters.

Vulnerabilities I've Found

Throughout my journey, I've discovered a wide range of vulnerabilities, from Remote Code Execution (RCE) to SQL injection and session hijacking. I don't focus on low-hanging fruit but always look for ways to amplify the impact of my findings.

My Methodology

I prefer manual exploitation, as it yields the best results for me. Automation can be useful, but there's nothing like manually exploring vulnerabilities and discovering how they can be exploited. Your methodology will evolve over time, so find what works best for you.

Conclusion

If I could give you one piece of advice, it would be this: focus on reconnaissance and research. Take your time to thoroughly understand the program you're working on, and don't rush. Spend at least 10 to 15 days gathering information before you begin testing. Persistence is key.

I hope this post helps anyone just starting out with Bug Bounties. If you have any questions or want to share your experiences, feel free to reach out. Happy hunting!

And remember, always do your research!