That tweet is only intended for Beginners/Freshers in bug bounty hunting who just started learning about this or want to start! If you are already doing hunting or doing labs then Maybe this won't be too much helpful to you. Thanks!
It all depends on interest and hard work, not on degree, age, branch, college, etc.
What to study?
- Internet, HTTP, TCP/IP
- Networking
- Command line
- Linux
- Web technologies, javascript, PHP, java
- At least 1 prog language (Python/C/JAVA/Ruby/Golang etc..)
Choose your path (imp)
- Web pentesting
- Mobile pentesting
- Desktop apps
Resources:
- Books
For web
-
Web app hackers handbook
-
Web hacking 101
-
Hacker's playbook 1,2,3
-
Hacking art of exploitation
-
Mastering modern web pen testing
-
OWASP Testing guide
-
Bug Bounty Bootcamp. For mobile
-
Mobile application hacker's handbook
Youtube channels:
- Live Overflow
- Hackersploit
- Bugcrowd
- Hak5
- Hackerone
Must Check: https://blog.intigriti.com/2020/10/05/top-20-bug-bounty-youtube-channels-to-follow-in-2020/
Programming:
Academind CS Dojo Derek Banas freeCodeCamp Joshua Fluke LevelUpTuts Life of Luba The Coding Train
Writeups, Articles, blogs ( I have given below some awesome writeups )
- Medium (infosec writeups)
- Hackerone public reports
- http://owasp.org
- Portswigger
- Reddit (Netsec)
- DEFCON conference videos
- Forums
Practice (imp)
Tools
- Burpsuite
- nmap
- dirtbuster
- sublist3r
- Netcat
Testing labs
- DVWA
- bWAPP
- Vulnhub
- Metasploitable
- CTF365
- Hack the box
Start! ( Don't Forget this masterpiece- https://book.hacktricks.xyz/ )
Practice Owasp Top 10 and Master at least one Bug.
-
Master In Burpsuite and Nmap
-
Top Tools that will be used on a daily Basis
https://www.hackerone.com/ethical-hacker/100-hacking-tools-and-resources
- Read and practice at Portswigger Academy
https://portswigger.net/web-security
- Read On a daily basis
https://hackerone.com/hacktivity
https://pentester.land/list-of-bug-bounty-writeups.html
https://bugbountyguide.com/hunters/books.html
https://owasp.org/www-project-web-security-testing-guide/v42/
https://github.com/devanshbatham/Awesome-Bugbounty-Writeups
https://github.com/nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters/blob/master/assets/basics.md
https://github.com/trimstray/the-book-of-secret-knowledge
https://www.bugcrowd.com/hackers/bugcrowd-university/
https://medium.com/tag/bug-bounty-writeup
- Checklists
https://github.com/OWASP/wstg/tree/master/checklist
https://www.youtube.com/watch?v=uKWu6yhnhbQ ( Methodology )
Select a platform
-
Hackerone
-
Bugcrowd
-
Open bug bounty or any RDP
-
Zerocopter
-
Antihack
-
Synack (private)
-
YesWeHack
-
Choose wisely (first not for bounty)
-
Select a bug for hunt
-
Exhaustive search
-
Not straightforward always
REPORT:
- Create a descriptive report
- Follow responsible disclosure
- Create POC and steps to reproduce
Words of wisdom
- PATIENCE IS THE KEY, takes years to master, don't fall for overnight success
- Do not expect someone will spoon feed you everything.
- Confidence
- Not always for bounty
- Learn a lot
- Won't find at the beginning, don't lose hope
- Stay focused
- Depend on yourself
- Stay updated with the infosec world
The Best skill you can have is Google. Do learn it, it's not only a search bar but more than that! do some Dorking and have tailored results that you want. You can not always be dependent on others, thus learning google is crucial.
Thanks.
All your reference:
- Learn From Bugs Disclosure
- XSS https://medium.com/@corneacristian/top-25-xss-bug-bounty-reports-b3c90e2288c8
- RCE https://medium.com/@corneacristian/top-25-rce-bug-bounty-reports-bc9555cca7bc
- Race Condition https://medium.com/@corneacristian/top-25-race-condition-bug-bounty-reports-84f9073bf9e5
- IDOR https://medium.com/@corneacristian/top-25-idor-bug-bounty-reports-ba8cd59ad331
- Open Redirect https://medium.com/@corneacristian/top-25-open-redirect-bug-bounty-reports-5ffe11788794
- Wordpress https://medium.com/@corneacristian/top-25-wordpress-bug-bounty-reports-f208ea2dad3f
Some Bug Bounty tools:
dnscan https://github.com/rbsec/dnscan
Knockpy https://github.com/guelfoweb/knock
Sublist3r https://github.com/aboul3la/Sublist3r
massdns https://github.com/blechschmidt/massdns
nmap https://nmap.org
masscan https://github.com/robertdavidgraham/masscan
EyeWitness https://github.com/ChrisTruncer/EyeWitness
DirBuster https://sourceforge.net/projects/dirbuster/
dirsearch https://github.com/maurosoria/dirsearch
Gitrob https://github.com/michenriksen/gitrob
git-secrets https://github.com/awslabs/git-secrets
sandcastle https://github.com/yasinS/sandcastle
bucket_finder https://digi.ninja/projects/bucket_finder.php
GoogD0rker https://github.com/ZephrFish/GoogD0rker/
Wayback Machine https://web.archive.org
waybackurls https://gist.github.com/mhmdiaa/adf6bff70142e5091792841d4b372050 Sn1per https://github.com/1N3/Sn1per/
XRay https://github.com/evilsocket/xray
wfuzz https://github.com/xmendez/wfuzz/
patator https://github.com/lanjelot/patator
datasploit https://github.com/DataSploit/datasploit
hydra https://github.com/vanhauser-thc/thc-hydra
changeme https://github.com/ztgrace/changeme
MobSF https://github.com/MobSF/Mobile-Security-Framework-MobSF/
Apktool https://github.com/iBotPeaches/Apktool
dex2jar https://sourceforge.net/projects/dex2jar/
sqlmap http://sqlmap.org/
oxml_xxe https://github.com/BuffaloWill/oxml_xxe/ @cyb3rhunt3r
XXE Injector https://github.com/enjoiz/XXEinjector
The JSON Web Token Toolkit https://github.com/ticarpi/jwt_tool
ground-control https://github.com/jobertabma/ground-control
ssrfDetector https://github.com/JacobReynolds/ssrfDetector
LFISuit https://github.com/D35m0nd142/LFISuite
GitTools https://github.com/internetwache/GitTools
dvcs-ripper https://github.com/kost/dvcs-ripper
tko-subs https://github.com/anshumanbh/tko-subs
HostileSubBruteforcer https://github.com/nahamsec/HostileSubBruteforcer Race the Web https://github.com/insp3ctre/race-the-web
ysoserial https://github.com/GoSecure/ysoserial
PHPGGC https://github.com/ambionics/phpggc
CORStest https://github.com/RUB-NDS/CORStest
retire-js https://github.com/RetireJS/retire.js
getsploit https://github.com/vulnersCom/getsploit
Findsploit https://github.com/1N3/Findsploit
bfac https://github.com/mazen160/bfac
WPScan https://wpscan.org/
CMSMap https://github.com/Dionach/CMSmap
Amass https://github.com/OWASP/Amass
10 Awesome Firefox Extensions to Enhance Your Pentesting/Bug bounty Hunting.
- FoxyProxy Standard FoxyProxy is an advanced proxy management tool that completely replaces Firefox's limited proxying capabilities.
- Firefox Multi-Account Containers Multi-Account Containers lets you keep parts of your online life separated into color-coded tabs that preserve your privacy.
Containers+authorize = broken access control bugs!
- PwnFox PwnFox is a Firefox/Burp extension that provides useful tools for your security audit. Features include:
Single click BurpProxy Containers Profiles Toolbox injection Security header remover
FoxyProxy + Containers = pwnfox
- HackTools Hacktools is a web extension facilitating your web application penetration tests, it includes cheat sheets as well as all the tools used during a test such as XSS payloads, Reverse shells to test your web application.
- Wappalyzer Identify technologies on websites
- Shodan The Shodan plugin tells you where the website is hosted (country, city), who owns the IP and what other services/ ports are open.
- DotGit An extension to check if .git is exposed in visited websites.
URL: https://addons.mozilla.org/en-US/firefox/addon/dotgit/
- Open Multiple URLs Opens a list of URLs
URL: https://addons.mozilla.org/en-US/firefox/addon/open-multiple-urls/
- Cookie-Editor
Cookie-Editor lets you efficiently create, edit and delete a cookie for the current tab. Perfect for developing, quickly testing, or even manually managing your cookies for your privacy.
Url: https://addons.mozilla.org/en-US/firefox/addon/cookie-editor/
- S3 Bucket List Finds Amazon S3 Buckets while browsing then records it in the add-on content.
Cheat Sheets:
XSS https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/xss.md https://github.com/ismailtasdelen/xss-payload-list
SQLi https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/sqli.md
SSRF https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/ssrf.md https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Server%20Side%20Request%20Forgery
CRLF https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/crlf.md https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/CRLF%20Injection
CSV-Injection https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/csv-injection.md https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/CSV%20Injection
Command Injection https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Command%20Injection
Directory Traversal https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Directory%20Traversal
LFI https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/lfi.md https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/File%20Inclusion
XXE https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/xxe.md
Open-Redirect https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/open-redirect.md
RCE https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/rce.md
Crypto https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/crypto.md
Template Injection https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/template-injection.md https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Server%20Side%20Template%20Injection
XSLT https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/xslt.md
Content Injection https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/content-injection.md
LDAP Injection https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/LDAP%20Injection
NoSQL Injection https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/NoSQL%20Injection
CSRF Injection https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/CSRF%20Injection
GraphQL Injection https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/GraphQL%20Injection
LaTex Injection https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/LaTeX%20Injection
OAuth https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/OAuth
XPATH Injection https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/XPATH%20Injection
Bypass Upload Tricky https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Upload%20Insecure%20Files
Awesome Bug Bounty Tools
https://github.com/vavkamil/awesome-bugbounty-tools
Lots of Write-ups: ( Reading them won't make you expert; Practice yourself.
1)Hacking LG WebOS Smart TVs Using A Phone https://medium.com/geekculture/hacking-lg-webos-smart-tvs-using-a-phone-3fedba5d6f50
2)Quick Heal Addressed Multiple Vulnerabilities in v19.0 https://cyberworldmirror.com/quick-heal-addressed-multiple-vulnerabilities-in-version-19-update-now/
3)Resetting Expired Passwords Remotely https://www.n00py.io/2021/09/resetting-expired-passwords-remotely/
4)Windows Event Logging & Collection Guidance https://github.com/JSCU-NL/logging-essentials
1)[Zomato Order] Insecure deep link leads to sensitive information disclosure https://hackerone.com/reports/532225
2)CVE-2021-22946: Protocol downgrade required TLS bypassed https://hackerone.com/reports/1334111
3)CVE-2021-22947: STARTTLS protocol injection via MITM https://hackerone.com/reports/1334763
4)Guest Users can create issues for Sentry errors and track their status https://hackerone.com/reports/1117768
5)$8,000 Bug Bounty Highlight: XSS to RCE in the Opera Browser https://blogs.opera.com/security/2021/09/8000-bug-bounty-highlight-xss-to-rce-in-the-opera-browser/
6)Using CodeQL to detect client-side vulnerabilities in web applications https://raz0r.name/articles/using-codeql-to-detect-client-side-vulnerabilities-in-web-applications/
7)HCRootkit / Sutersu Linux Rootkit Analysis https://www.lacework.com/blog/hcrootkit-sutersu-linux-rootkit-analysis/
8)CVE-2021-40847 flaw in Netgear SOHO routers could allow remote code execution https://securityaffairs.co/wordpress/122486/hacking/cve-2021-40847-netgear-soho-routers.html
9)Autodiscovering the Great Leak https://www.guardicore.com/labs/autodiscovering-the-great-leak/
1)Used email confirmation link reveals the email address which is tied to it https://hackerone.com/reports/1128358
2)CSV injection in the credentials export https://hackerone.com/reports/1131887
3)Race condition allows sending multiple times feedback for the hacker https://hackerone.com/reports/1132171
4)AWS WAF analysis: How it works and how to attack it https://thexssrat.medium.com/aws-waf-analysis-how-it-works-and-how-to-attack-it-8a456e561c74
5)ffuf https://broad-frost-983.notion.site/ffuf-bd8180578bec4dd2986781e09df46cdc
6)New Remote Code Execution Vulnerability In Nagios Can Compromise Complete Network https://cyberworkx.in/2021/09/22/new-remote-code-execution-vulnerability-in-nagios-can-compromise-complete-network/
1)Privilege Escalation vulnerability in steam's Remote Play feature leads to the arbitrary kernel-mode driver installation https://hackerone.com/reports/852091
2)HTML Injection in Email https://hackerone.com/reports/1248585
3)A fever Worth 750$- [Accessing Private Projects ] https://medium.com/@shakti.gtp/a-fever-worth-750-accessing-private-projects-d113c561311f
4)Look Out For These Top 7 Things When Choosing A VPN Service https://cyberdessy.medium.com/look-out-for-these-top-7-things-when-choosing-a-vpn-service-801ed9a7b5ae
5)OMIGOD - CVE-2021-38647 https://www.alteredsecurity.com/post/omigod-cve-2021-38647 https://github.com/AlteredSecurity/CVE-2021-38647
1)MSSQL for Pentester: Hashing http://rajhackingarticles.blogspot.com/2021/09/mssql-for-pentester-hashing.html?utm_source=feedburner&utm_medium=email&utm_campaign=Feed%3A+HackingArticlesrajChandelsBlog+%28Hacking+Articles%7CRaj+Chandel%27s+Blog%29
2)zero-click RCE vulnerability in Hikvision security cameras could lead to network compromise https://portswigger.net/daily-swig/zero-click-rce-vulnerability-in-hikvision-security-cameras-could-lead-to-network-compromise
3)Ex-Apple Employee Exposes Apple M1 Chip’s Secrets https://analyticsindiamag.com/ex-apple-employee-exposes-apple-m1-chips-secrets/
4)IoT Security (Internet of Things Security) https://latesthackingnews.com/2021/09/20/iot-security-internet-of-things-security/
- Text injection or content spoofing on forbidden page https://hackerone.com/reports/1310925
2)Log Analysis using Splunk, Solving “Juicy Details TryHackMe” https://medium.com/@pandeydipanshu57/log-analysis-using-splunk-solving-juicy-details-tryhackme-92ea1b13eb0d
3)You are entering the XSS game area https://www.hackingtruth.in/2020/08/you-are-entering-xss-game-area.html
4)My Notes and What I Learned This Week! https://www.getrevue.co/profile/anugrahsr/issues/weekly-newsletter-of-anugrah-sr-issue-2-763659
5)Google Hacking Dorks 2021 https://hackersonlineclub.com/google-hacking/
6)Email Header Analysis – Use Cases Including SPF, DKIM & DMARC https://www.socinvestigation.com/email-header-analysis-use-cases-including-spf-dkim-dmarc/
7)QLOG provides enriched Event Logging for security-related events on Windows-based systems. https://github.com/threathunters-io/QLOG
1)Admin access !! https://dewangpanchal98.medium.com/admin-access-799b50694965
2)Investigating Scam/Phishing links campaign circulating in Whatsapp. https://kunaldas9.medium.com/investigating-scam-phishing-links-campaign-circulating-in-whatsapp-6bf89b2520eb
3)A small change and things go in your hand: Story of a $250 bounty https://fardeen-ahmed.medium.com/a-small-change-and-things-go-in-your-hand-story-of-a-250-bounty-5ddc43c31463
4)SIEM Monitoring using Wazuh by Francis Jeremiah https://hakin9.org/siem-monitoring-using-wazuh-by-francis-jeremiah/
5)Complete Google Dorks List in 2020 For Ethical Hacking and Penetration Testing https://gbhackers.com/latest-google-dorks-list/
6)Edward Snowden urges users to stop using ExpressVPN https://www.hackread.com/edward-snowden-stop-using-expressvpn/
7)How To Protect Yourself From Malicious Websites While Online https://latesthackingnews.com/2021/09/18/how-to-protect-yourself-from-malicious-websites-while-online/
8)Concealed Position is a local privilege escalation attack against Windows using the concept of "Bring Your Own Vulnerability". https://github.com/jacob-baines/concealed_position
9)A tool for generating multiple types of NTLMv2 hash theft files. https://github.com/Greenwolf/ntlm_theft
10)client-side prototype pollution https://github.com/BlackFan/client-side-prototype-pollution
There's a lot more on the internet that won't be completed! Here I am giving more than enough for the complete beginners, after brushing up your hands on this, you will automatically start finding stuff!
Thanks, I hope this helps - Feel free to connect/contact.
- Het Mehta ( twitter.com/hetmehtaa )