3 min read


AMA with Vishnuraj

Tips for Beginners 🔰

  • Which is your interesting bug till now? And tips to find this kind of bug ?

    • There are lots. But one which was surprising for me was an unexpected RCE.MediumTips for starting- Read, read read blogs. Try to find the same bug in similar applications.

  • when you started bug bounty, did you start by focusing on a single class of bugs or tried to learn different type of bugs

    • Single type bug. Blogs+videos+reports. And testing it on different programs, multiple platforms. Easy to get bugs and helps to learn the vuln in depth.

  • What bugs should beginners Focus on?

    • What you feel more interested into. That will keep you on track. If you have any application that you use most, start with that. You will know the working completely anyway. Like, whatsapp or facebook.I started with Facebook as I used to spend more time on that and know the working

  • I am learning and i have lots of stuff to complete when i see all things i think it would take one year and i do hunting in between .What you suggest , what should i do .

    • Start by choosing one bug. Learn everything about it. Try to apply that in pgms. You will feel more accomplished and can easily step it slowly by studying more vuln

  • Should I stick on a single program for days or should I change the focus to some other programs after a span of time ?( If my focus is only on idors and api )

    • Depends.If you stick with one single program, You will know it in and out. Also, when an update comes for the same, you can easily spot the change.

  • what is your bigest bugboutytip secret that only known to you but didnt disclosed

    • luck

Tips For API Hacking 💻

  • Any tips for API hacking?

    • Focus on IDORS and Auth bugs. Better chances than web app The best one you can find for API testing : Youtube

Tips for Sensitive information ℹ

  • While hunting most of the time which dork you found sensitive information in Github?

Tips For P1 Bugs🥇

  • How do u consistently pull off so many P1 s ? What kind of bugs are they ? Are they mostly in fresh private programs or in old programs also ?

    • For manual testing and finding P1’s, I would say newer programs or wide scope one’s,CVE exploits,IDOR,auth bypass

  • How to look for high and critical bugs is it a good idea for a beginner to look for those bugs ?

    • Understand application logic first. thoroughly.Then it will be easy to spot btw what is ok to happen and what is not.

  • Rce via Java deserialisation Can you elaborate this? What are the best approach for P1?(beginner).

    • I am not good with that mate.

Tools 🛠

  • In what tools you have invested your money?

    • Nothing much. Good vps and burpsuite . You just need a browser to start bug hunting Medium

Checklist ✅

  • Do you prepared any check list for specific attacks? If yes please guide the approach.

    • The best one is the developer documentation for the application. That contains all the scenarios and user privileges or data you need.

Role Model 🦸‍♂️

  • Do you have any role model ? Hunters you look up to or follow ?

    • Yes, frans rosen and jason haddix

Burnouts 🔥

  • How you can choose your target!!!And when you feel like lost what are you doing

    • Depends on what you like to hunt. If you like IDOR, choose an application that have multiple user roles. Etc