THIS THREAD IS SPONSORED BY TheSopranos
[ Hidden Content! ]
Hello, beautiful people, in this tutorial I'm going to show you how to get started with bug bounty from zero. Before we start, I want to make a simple promise: making money through bug bounty programs is not easy. Especially in the beginning, your reports may be rejected, and you might not be able to earn a substantial amount. If you are looking for quick and easy money, then this tutorial is not for you.
REQUIREMENTS:
The requirements that I am about to list are crucial as they lay the foundation for developing a strong skill set to start your bug bounty journey.
Networking 101 (Target: Gain a thorough understanding of the key network concepts essential for ethical hacking)
Alternatives: CCNA, Network+, this repository
Programming (Target: Learn to code and develop small exploits using one or more programming languages)
Recommended languages: Python, SQL, PHP, Powershell, Bash, C, JavaScript, Rust)
Linux Basics (Target: Learning the basics of Linux)
Alternatives: Linux+, LPI
PLATFORMS
Okay now let's talk about the different platforms to use. There are two types of bug bounty programs:
- Public bug bounty programs
- Private bug bounty programs
Quite simply, public bug bounty programs are platforms open to everyone such as HackerOne, BugCrowd, Intigriti (the last one is good only if you're in Europe).
Benefits:
Companies are obligated to compensate you if a valid vulnerability is discovered.
You are more protected.
You increase your networking and you can be contacted by companies to work with them
You will be provided with a comprehensive scope encompassing all available domains (transparency)
Reputation system.
Disadvantages:
Due to the high volume of requests, companies may take a considerable amount of time to respond to you.
It is possible that one of your reports may be rejected, even if your vulnerability is valid.
High competition
Bug bounty platforms break the direct connection between hackers and developers.
GENERAL RESOURCES:
HackTricks
OWASP
This repository
This repository
PortSwigger
Pentestmonkey
Medium
REQUIREMENTS:
The requirements that I am about to list are crucial as they lay the foundation for developing a strong skill set to start your bug bounty journey.
Networking 101 (Target: Gain a thorough understanding of the key network concepts essential for ethical hacking)
Alternatives: CCNA, Network+, this repository
Programming (Target: Learn to code and develop small exploits using one or more programming languages)
Recommended languages: Python, SQL, PHP, Powershell, Bash, C, JavaScript, Rust)
Linux Basics (Target: Learning the basics of Linux)
Alternatives: Linux+, LPI
PLATFORMS
Okay now let's talk about the different platforms to use. There are two types of bug bounty programs:
- Public bug bounty programs
- Private bug bounty programs
Quite simply, public bug bounty programs are platforms open to everyone such as HackerOne, BugCrowd, Intigriti (the last one is good only if you're in Europe).
Benefits:
Companies are obligated to compensate you if a valid vulnerability is discovered.
You are more protected.
You increase your networking and you can be contacted by companies to work with them
You will be provided with a comprehensive scope encompassing all available domains (transparency)
Reputation system.
Disadvantages:
Due to the high volume of requests, companies may take a considerable amount of time to respond to you.
It is possible that one of your reports may be rejected, even if your vulnerability is valid.
High competition
Bug bounty platforms break the direct connection between hackers and developers.
GENERAL RESOURCES:
HackTricks
OWASP
This repository
This repository
PortSwigger
Pentestmonkey
Medium
![[Image: w61lOX3.gif]](https://patched.to/pbb-proxy/UUNCQ0JeTUoNGVgIBhBLGwVYDxhPBghZfGtSHgFZUA--/w61lOX3.gif)