2 min read

Categories

AMA with TESS


  • What’s your top 3 favourite bug bounty programs? Is it necessary to have burp suite professional edition for the beginner like me who’s just starting doing bug bounties?

    • To be honest with you, I don’t have any favorite programs and Burp Suite Professional is not necessarily important in the begining. I had Burp Community for almost most a year and I would advice you to stick with Burp Community and Better get a good understanding of it then switch to Burp Suite Professional.


  • How do you approach already hunted target like who has around 500 bugs already reported?

    • If it’s wildscope, I would do asset enumeration, try to gather as much as subdomains possible, fingerprint they’re framework, bruteforcing directories, paths with @assetnote wordlists depending on that cms but if you do asset enumeration and understand the Web-Application nicely.

    • You will end up understanding alot of things and then go for they’re features such as anything lets say for e.g:- web application allows you to send emails as referral, I would say look for they’re employees emails and try to fuzz email parameters and play with the functionality.



  • What is your hunting methodology? Which is your niche bug (which type of bug you hunt most and focus on)? Any notes you can share?

    • My hunting methodology is mostly manually looking for bugs, If I started hunting on a target, I mostly learn what type of functionality they got and in what way I can abuse it, and focus mostly on cms based hunting like lets say IIS application then I would mostly run IIS Wordlist and focus on such bugs via reading other bug hunters reports on IIS based vulnerability.



  • Do you have automation scripts? What is your approach on that stuff?

    • Mostly I hunt manually, I lack in automation but I’m trying to fix that. I’m trying to JavaScript so I can play with Vulnerabilities while exploiting them.


  • What do you prefer more, hunting solo or hunting in squad and why?