Hello everyone, I hope you all are doing great.
I am back with another writeup.
Every day I see many people asking questions about bug bounties/penetration testing and most of them are how to get started as a complete beginner.
In this blog, we will discuss how someone who is not finding bugs can start Bug Bounty once again but with different methods and mindset.
So before learning about anything the first question is:
Who is a bug bounty hunter?
But before knowing about bug bounty hunter you must know what bug bounty is. So'm simple words a Bug bounty is a reward (money) given to an ethical hacker for finding a vulnerability or a bug in a website, application, software, or other systems.
And now from this, we get to know that a bug bounty hunter is an ethical hacker who finds and reports the vulnerability.
Ok, now we know what bug bounty is and what a bug bounty hunter is but how can you yourself become one is the most important question. So for that, we will get to all the steps required for a person to become a bug bounty hunter and be successful in it.
So we have some topics and we will cover them one by one.
Web Applications
Web applications are created so that we can do our work online. But as the internet is growing faster so today we have web applications for each and every task. These tasks include:
Shopping (Amazon, Flipkart)
Social networking (Facebook, Instagram)
Banking (All Banks)
Web search (Google, Bing)
Auctions (eBay, E-auction)
Gambling (No Need to take the name you know about them)
Webmail (Gmail)
Interactive information (Wikipedia)
These are only some but the list is never-ending.
If we cover each topic then it can't be covered in a blog so as this blog is on tips for bug bounty let's move to the tips.
Tip 1: Think and be like an Ethical Hacker
Thinking like an ethical hacker doesn't mean you need to do some extra stuff but it means you have to think out of the box.
As ethical hackers have all the things organized and to be like them you need to do the same.
Checklist
Hacking is an art and the ethical hacker is the artist. As other artists need tools you will also require tools and a good checklist is one of them.
A checklist will provide you with a consistent repeatable process that can be used for almost every application. This will allow you to have a repeatable process and be more consistent with your testing. A good checklist is your first to think like an Ethical Hacker.
Here is a good checklist that can be your starting point.
Taking Notes
Top Ethical Hackers are also people just like us but what makes them different is documenting their work.
Like you were hunting on a target 6 months back now you wanted to check what you found on your first day or you got an exploit and you know there is a functionality that is vulnerable to that but you don't know where the functionality was or what was that domain.
The only real way to do this would be to look back at your notes. How are you supposed to remember in detail what you did 6 months ago without notes?
Here are some note-taking software:
And my personal favorite Notion
Burp Logs
Burp Suite is a MUST-HAVE if you’re doing web application testing. If you’re looking at a single application or a single endpoint and want to inspect it closely Burp is the only tool you will need.
The http proxy logs that Burp provides are going to be more detailed than the notes we take by hand.
These will provide each and every request we made through our browser and allow us to see what exactly and also when we did it.
There have been several instances where I needed to know what I did on an engagement that happened several months prior and was able to easily access this information by reviewing my Burp logs, which showed exactly what I did, and when I did it.
Tip 2: First one to know about new stuff
To be successful in this field you should know about new exploits, methodologies, techniques, technologies, and tooling that are being put out every day.
You will need to know where to look for those new CVEs and exploits, who to follow for the best techniques and methodologies, and a community of people to turn to if you have questions or need someone's expertise.
CVE
You need to be among the first to know whenever a new vulnerability comes out. A general rule is that you will not get paid for a finding that is a duplicate, which means you must be the first person to make the finding
NIST
NIST maintains one of the best vulnerability databases out there. The NIST vulnerability database is constantly being updated with new vulnerabilities in real-time as they come out.
And now this one is my personal favorite one to get ahead of everyone while having fun.
If you are active on Twitter you must know about the great infosec community. People are posting about new CVEs, exploits, and POCs every single day. All the information can be used to find vulnerabilities and be the first one to report them.
Github
Most of the new CVEs don't have a working proof of concept. And without a working POC, we have to spend hours writing a custom exploit and that may also not work. And if you do not know how to write exploits then you will have to wait for someone to release a public POC. But These POCs are been uploaded to Github. So everytime you need a exploit or POC you should once give github a try.
As this list is very big so we will cover this in parts. Stay Tuned for Part 2
I love you enjoyed this one and have learnt something new from this.
I see you next time 😉
Till then,
Take care, Happy Hacking!
コメント