19 min read

Categories

AMA with Infosec Community


🔥 This is a special 50th AMA, the Infosec Community came together and answered the AMA questions 🔥


  • Beginner should focus on which types of bug?

    • “Learn about every kind of bugs. Not in depth. This will help you identify places in a application where a bug can be found and then you go deeper at that time and learn by doing.” - answered by @sillydadddy


  • How much important is consistency in bug bounties..I am going to start in bug bounties..I know it’s not quantifiable but still how much should I give it until I get bounty?

    • “It is different for different people. I have seen people getting bugs consistently in their first month of BB and also people who dont even after year!” - answered by @sillydadddy


  • How to establish a Bug Bounty methodology for someone who is a beginner (considering that you are not focusing on a single type of vulnerability)? Do you have any methodology references to base on?

    • “Kindky refer ‘OWASP Testing Checklist’”. - answered by @sillydadddy

    • “Here are the best recon methodologies that I’ve found: https://securib.ee/beelog/the-best-bug-bounty-recon-methodology/.” - answered by securibee

    • “Methodology is everywhere-

      • @zseano - very superb and point to point methodology.

      • @Jhaddix - Recon - from start to end - Detailed good for recon purpose.

      • @NahamSec - Recon Guy -post video on his YT”

      • Methodologies you can find on many places-

        • Medium blogs.

        • Github Search.

        • Youtube.

        • Even @harshbothra_ have a very detailed video + blog on this.

        • Methodologies is broad. Once I get advice from my brother @iamsarvagyaa. Make your own Method. Instead of using other.

      • Methodologies Depend on the Target-

        • Network based.

        • Web App based.

        • Source Code based.

        • Android based.

        • Adjust method based on these.

        • Methodologies - Web: Recon + Application

        • Recon is detailed => Combination of recon tools + Application Testing type Recon So Recon is Detailed.

      • @InsiderPhD have awesome video on Recon.

      • Now, What Exactly you need to make own Methodologies?

        • See, Web application is consists of many things => Domains + Subdomains + Applications [Functionalities on them ] + WAFs + CDNs + Strict Policies etc.

        • Understand them. Read RULES => Break RULES.

      • Talking about Internet RULES => Read Documentations

        • Need to understand Application Logic - And do opposite things which application saying.

        • Make Methodologies as Chunks =>

          1. Recon Tools wise.
          2. Application Functionalities wise.
          3. Application Vulnerability wise - Like Attacks.
      • 1. Recon Tools = Automate the stuffs.

      • 2. App Functionalities = Password reset, login, account setting etc = Understand these type of functionalities and break them.

      • 3. App Vul => Pick a bug and read about them and applying it on application.

      • These days what exactly people doing =>

        1. Run tools automation.

        2. Finding information discl vul - google dorks + github dorks.

        3. Experienced person => understand the application logic and testing for it.” - answered by @LearnerHunter

    • “Connect with the community. Follow and learn from them.” - answered by @Great_Rohitas

    • @zseano methodology is the best, and most fun! Don’t rely on tools (it’s more fun doing manual hacking!), and spend time deep diving into a target. Obviously recon is important, and @Jhaddix has some amazing videos on that. And look into types of vuln that interest you.” - answered by @xnl_h4ck3r

    • “First pick a vuln maybe like file upload and research the topic by searching for already disclosed reports or medium articles or on youtube and try and make a list of them and start testing.” - answered by @_ItsGood_

    • “You might want to have a look at this web application hacker’s handbook: https://gist.github.com/jhaddix/6b777fb004768b388fefadf9175982ab.” - answered by @PeterChari


  • How can I developed my skills as a bughunter?

    • “There are a lot of options these days to practice and develop the skills! All the best!:

    • “First theory side of things start small bu researching easier vulns by reading articles or reports or watching youtube tuts and stuff and make notes. Once you have a general idea of what is vuln and how they occur try going in depth and start practing on above mentioned sites.” - answered by @_ItsGood_

    • “Read writeups” - answered by @codersanjay

    • “Simple methodology for beginners who know basics:

      1. Check the tech stack of target everytime.

      2. Go by most recent findings, and write ups,try a few if possible.

      3. Atleast try each attack mentioned in OWASP online test guide.

      4. Then think how u chain atleast two issues” - answered by @Vibraniumash


  • How can I tell about myself that I am successful bughunter?

    • “Success is different for different people. You define what success means to you!” - answered by @sillydadddy

    • “The day when you can find bugs at ur will and not by luck, I will define it as a successfull bug hunter.” - answered by @_ItsGood_

    • “When you are sure you are going to find some vulnerability everyday.” - answered by @codersanjay

    • “It all depends what you motivation is and how you see success. I’d say if you are finding some bugs and enjoying it!” - answered by @xnl_h4ck3r


  • How can I earn the most possible amount of bounties per month?

    • “By hardwork and most importantly persistance and perseverance!” - answered by @sillydadddy

    • “Earning large amount of money for a beginner is tough specially when you do not have enough exp but onces you put time in doing something and do not give up that when you will start getting results.” - answered by @_ItsGood_

    • “Practising and hunting as many vulnerabilities as possible in the wild.” - answered by @codersanjay


  • How do you manage data in burpsuite when the program is large?

    • “Rename the tab with some hint regarding the request. Cleanup the tabs. Delete uneccessary ones. And organise it!” - answered by @sillydadddy

    • “Logger++. While using BurpSuite -> in between during time just save the request to another file only important one. Make note on notebook too, might come in handy. Organizing things better.” - answered by @LearnerHunter

    • “Apart from wonderfull advices above mentioned remember that making notes is extremly important and it will help you a ton so make sure to spend a little time on it too.” - answered by @_ItsGood_

    • “Use regex to add items in the Scope. Also, if you have a hard time with regex you can add just a string that is in all of your targets. Eg: “yahoo”. All domains and subdomains containing the word “yahoo” will get logged in the burp history!” - answered by @KabirSuda


  • How do you decide which domain/sub domain you’ll focus more and which domain you won’t be spending much time? What is the thought process behind it?

    • “I will definitely spend time on an asset with lots of functionalities. More functionality, more code, more bugs! Dups mean you found a real bug but someone found it earlier thats all . He found it because he looked at the application before you that’s all . Finding dupes is a good sign of improvement” - answered by @sillydadddy

    • “Don’t get discouraged by dupes! you managed to find an actual valid bug this means you are doing it right.” - answered by @0xSaltyHash

    • “I would actually get all screenshots of the subdomains. Check one by one , if I find login/ more functionality/403 , I will spend time on those first! I would go for it!” - answered by @codersanjay

    • “This is a problem which I also suffer with I would say when beginning the journey as bbhunter luck is the factor which is responsible for you getting the perfect target since you dnt have ur fav vulns or type of targets chosen yet. Apart from that you should spend time on the target without actually hacking on it and get the feel for the target and see if u wanna hack on it or not. If the problem still persist than simply pick a target with wide scope like google or amazon would be a great start.” - answered by @_ItsGood_

    • “Domain/Subdomains Lists =>

      1. Search for common interesting subdomains like stages,qa,dev.

      2. Screenshot of those subdomains.

      3. Check for those subdomains which showing login page,403 and some weird subdomains.

      4. Check for those subdomains which have many functionalities.” - answered by @LearnerHunter

  • How to get private invite in Bugcrowd?


  • On which type of bugs should beginners start with? I learnt SQLi but I am unable to find single SQLi bug that’s why what type of bug can beginner hunt?

    • “Please read web hackers handbook and do @PortSwigger web security academy labs. It will be a good start. I would suggest to learn everything in a broad way and then focus on specifics!” - answered by @sillydadddy

    • “Start with XSS and OpenRedirect.” - answered by @codersanjay

    • “Web Hackers Handbook & https://leanpub.com/web-hacking-101. Pentesterlab and burpsuite lab will help you to learn and practice on bug classes, so in the end you’ll know which bug types you like and you’ll prioritize to find.” - answered by @AldoTheCrott

    • “SQLi isn’t too common these days, but IDOR is everywhere and a good one for beginners I think, plus Open Redirects. Then XSS, which is such a wide topic by itself with so many fun elements to it” - answered by @xnl_h4ck3r

    • “It generally depends on the person but if you ask me I would hands down go for IDOR or XSS.” - answered by @_ItsGood_

    • “You can refer to @stokfredrik video on how to get started on bug bounties. That’s how I started.” - answered by @Brownstan4


  • How to master XSS?

    • “Start small with javascript and next learn about things like XSS protections, lastly learn about the different contexts of XSS and practice a lot.” - answered by @theXSSrat


  • How to do recon on big scope targets like google and how do you look for hidden params or endpoint on these big scopes as there are lots and tons of file to assess?


  • How to start red teaming journey?

    • “Learn wireless,externel,internal pentesting (mainly AD pawnage with out making any noice with the tools and spraying). Social Engineering , OINT etc. To start, I would say checkout CRTP by @nikhil_mitt & @SecurityTube.” - answered by @sillydadddy

    • “I recommend you Rangeforce. Register community edition and practice.” - answered by @secureitmania


  • How to manage time between learning new hacking stuff, hunting on application and manage mental health (time for relaxing)?

    • “Whenever you hunt for bugs or learning new stuff mental health is important. If you feel I am feeling not good. Take rest talk with your friends. After 2 or 3 days again start learning new stuff.” - answered by @th3cyb3rc0p


  • If someone wants to join @SynackRedTeam as a researcher or as a triagers on @Bugcrowd, @Hacker0x01, @intigriti, what should be the roadmap?

    • “Highly recommend getting comfortable in a scripting language, competing in CTF’s, and spending time in an app like Hack the Box or TryHackMe. Make write-ups or videos too to practice communicating findings - that’s what truly makes a great triager.” - answered by @AppSecTutor


  • How do you guys organise bug bounty notes in trello? Any youtube video/other resources on this?


  • How can he/she make there own methodology in bug bounty or in recon?

    • “I think best way to make your own methodology is try everything and see what’s best for you. If it works for you add them to your methodology.” - answered by @AnubhavSingh_



  • I am using @PentesterLab to enhance web application hacking skills what should be next step?

    • “Read Medium blog and try Portswigger labs, Pentesterlab, tryhackme web basic room and test some real target and finally your skilled is up.” - answered by @root_crusher

    • “My suggestions: Portswigger labs - Pentesterlab - tryhackme(web vulnerability related rooms)- real targets.” - answered by @th3cyb3rc0p

    • “Next step :- hack on real target to more enhance your skills.” - answered by @AnubhavSingh_


  • As a beginner as I study about vulnerabilities each one looks as I should hunt for this, then this… how to tackle that?

    • “Find what vulnerability type interests you, and commit time (weeks) to watching talks on it, doing challenges on it, and potentially even writing your own challenge in it for others to solve. It takes time and focus to get your knowledge above the rest of the hunters.” - answered by @AppSecTutor


  • How to deal with lack of consistency?

    • “Practise makes perfect.” - answered by @zseano


  • My first and last two bounties were almost two year ago. Whenever I try getting back into bug bounty, I either just give up on my target or struggle finding a good target to hack on. Any advice?

    • “I think you choose any target where there are many subdomains then you practice on that target for at last 15 days you may not be able to find bugs and if you can it may be duplicated but not hopeless because you can do anything it is your next target select it will help a lot to do and your self confidence will increase a lot.” - answered by @root_crusher


  • How many bug types one should focus at a time, specially if it’s a big scope company?

    • “Don’t get distracted by what other people find. Pick a bug type you’re interested in the most and stick to that as long as you enjoy it. Everyone brings a unique set of knowledge to the table, that person who found the IDOR might have been working on that for a long time already.” - answered by @yougina


  • How to focus bug bounty and learning parallel? How to develop own methodology any reference? How to get own cve. What are easiest targets?

    • “Learn in the go. When you don’t understand something Google it, Read writeups everyday, practise and learn everyday. I personally follow @zseano methodology, spend as much time on the target, understand it and hack it!” - answered by @codersanjay


  • How to know when you should stop and report the bug you found or keep digging/chaining bugs to maximize the impact?

    • “It’s on you if you feel you can something more out of it, then dig more, if not then just report.” - answered by @fuxksniper


  • Is Burpsuite Pro recommended? How about dev tools instead?

    • “It is never recommend, You can overcome most of limitations with some tweaks in burp like: Intruder limitations with turbo intruder, Search in target with logger++, Collaborators with nuclei tool.” - answered by @fuxksniper


  • What is the CVSS Score for Broken Link Hijacking (Twitter)?

    • “Most of the time, broken Twitter links are not considered a vulnerability or are low-severity issues. So in this case, it would be low or Informative. However, if you do come across a web app that loads a script from an expired domain, then you basically got a stored xss.” - answered by @0xblackbird

    • “It depends, if that is something which has large traffic, it would be medium-high else it would be low-medium.” - answered by @codersanjay


  • Why burp over Zap?

    • “Burp is industry standard. You find it everywhere, it’s like admin over carlos. In features and support it’s also better, and you will get answer if you try both on same target.” - answered by @fuxksniper


  • Good platform to sharp your website pentesting skill?

    • “The portswigger labs are pretty good, but you can also just start hunting, and you will learn along the way. And also try hack me / hack the box have some nice webpentesting labs.” - answered by @GrumpinouT


  • How do you motivate yourself in such a competitive field like bug bounty, where 99% (I mean majority) of the times you are going to fail? What helps you overcome the phase of self-doubts?

    • “I just do it when I feel like doing it. I’m not pushing myself to hunt for x amount of hours a day / a week, because that way I will lose motivation quickly. I also get motivation by looking up to other hunters that are doing better than me, and by just seeing/finding cool bugs. I’m don’t consider myself very experienced yet, but I think consistency is good, but don’t over do it or you will become bored of it (at least I will in my case). In my case, I never pushed myself, I just did it when I felt like it. If I didn’t find something, so be it. But I also don’t hunt enough in my opinion. I should do it more often for the next months.” - answered by @GrumpinouT


  • What do you find is the best way to keep notes on targets? Mindmaps, Notion, Obsidian, text files in folders or something else?

    • “I use notion as a knowledge base and obsidian for target specific notes. On my VPS I keep text based notes as well. Best is to play with different methods and see what works best for you.” - answered by @yougina


  • How can we learn exploitation part more in deep? How can we make our own exploits to prove the impact for some non conventional bugs as understanding and proving their impact is a bit difficult for the triagers?

    • “In my case, reading other peoples write-ups/posts has helped me a lot in learning different attack scenarios to prove the most possible impact. Also, learning a programming language helps when developing your own exploits. Hope that helps.” - answered by @0xblackbird

    • “In the start it be great if you find a vulnerabilities you should search google on how to exploit the specific tupe of vulnerabilities and how to increase the impact of chaining. Just a simple search on such topic and can help you a ton in increasing your impact and knowledge.” - answered by @_ItsGood_

    • “Read many writeups will help you finding bugs, especially chaining bugs.” - answered by @AldoTheCrott

    • “First, know about exploitation. Exploitation comes in pentesting as Chain. To exploit -> Must Find Vulnerability -> For this must know about vulnerabilities => For this must read about Rules => To read Rules documentation etc. What exactly you need is to find the projects - test them.” - answered by @LearnerHunter


  • Does one need to be a programmer in order to be a successful bug hunter? What is the best programming language would you recommend for a bug hunter?

    • “No, you don’t need to know any programming language to be successful but it definitely helps! Being able to automate all the boring stuff such as your usual reconnaissance process will give you extra time to spend on your target. The programming language doesn’t really matter.” - answered by @0xblackbird

    • “Not really, but basic html , javascript should do as a beginner. Rest all can be learnt as you go further!” - answered by @codersanjay

    • “Not really, but know coding can give you advantages because you know how applications are developed so it will help you when you’re hunting.” - answered by @AldoTheCrott


  • How to improve resume in cyber security and get a job based on experience not academic qualification?

    • “I got this from @thecybermentor: getting involved in the community really helps, for example, having a Youtube channel or a blog where you talk/write about your findings. Linking your bugbounty platform profiles helps as well.” - answered by @0xblackbird


  • Good resources to get better at automation and scripting?


  • How get started in bug hunting? Any beginner friendly resources?

    • “Don’t skip the basics, make sure you understand HTTP, HTML, etc. Do Portswigger labs. Follow the main bug bounty content creators on Twitter and YouTube. When you come across something you don’t understand, look into it until you do. Be patient. Take good notes, always.” - answered by @xnl_h4ck3r

    • “Well a simple rule is to start off, and learn everything on the go. Practise on portswigger labs, pentester labs, Hunt in the wild, learn on the go.” - answered by @codersanjay


  • Since you started hunting what has been your inspiration? How to keep my motivation after getting lots of bugs that are duplicate & N/A?

    • “The @BugBountyHunt3r platform itself, and the community around it has been my inspiration really. I am not motivated by the money, so the constant learning keeps me interested. Dupes and N/A will always will tough to deal with, but it’s that’s just part of the journey for us all.” - answered by @xnl_h4ck3r

    • “You should actually be proud of yourself even if they are dupes because they are valid. Concentrate on the vulnerabilities more, Bounties will come by itself. Don’t get demotivated by 50 dupes, wait for your 51th P1 or P2, your 1000$ bounty could be somewhere around.” - answered by @codersanjay


  • What payloads do you try when you come across a default.aspx endpoint?

    • “Well it depends isn’t it, if you want to find SQL /RCE etc, Ideally you would use a payload according the vulnerability you want to find on that page.” - answered by @codersanjay


The original twitter AMA can be found here :- https://twitter.com/sillydadddy/status/1395013778765271042