2 min read


AMA with Ninad Mathpati

Red Team Member at @Synack 🔥 | Security Engineer at @Arisglobal ⚙️ | @Detectify Crowdsource ✨ | Author 📘

  • As a bug hunter, when should I leave the program and say it’s very secure? What should I do in order to join Synack and what is the process of joining?

    • As a security researcher, we should never say a target is safe, there will be some or the other loopholes in the target. Its just that you might not be getting that vulnerability but others may get it. So keep trying.

    • Regarding synack, you should have prior bug bounty experience and a good knowledge of web and network penetration testing.

  • Let’s say I’ve done some bug Bounty courses, I know OWASP top 10, I’m reading write-ups, what now? I mean how and where I can start some actual hunting?

    • Once you are done with understanding the basics of OWASP top ten, after that its upto you, either you can jump to labs or bug bounty programs. Give a try everywhere, you will get either bounty or learning from that. You have nothing to lose here.

    • To start practice you can look for-

      1. http://bugbountyhunter.com (Paid but worthy)

      2. Pentesterlab (Paid but worthy)

      3. Portswigger labs (Free and worthy)

    • Over to all this just for your reference you can refer my security workbook on Pentesting here.

    • To start actual hunting you can pick any program from the below platforms-

      1. Hackerone

      2. Bugcrowd

      3. Intigriti

      4. Yeswehack

  • How to find targets?

    • As of me, select some 10 targets having larger scope and understand those targets for about a month and then decide which one you would prefer to make money on. Here in bug bounties understanding the workflow of the application is very important if you want to be successful.

  • Which bug category would you master first if you have to start your journey from start?

    • I would pick anything in random and understand the basics related to that issue and then move forward with it.

  • How to recon better?

    • Rather than a tip I would rather give you a advice be updated in the community, start using the tools created by community floks, that would help you. Just for my recon process you can refer the below link. Hope this helps: https://workbook.securityboat.in/resources/web-app-pentest/reconnotes.

    • If you are not getting anything from you recon methodology then its time to change that. Look for new tools and services use them and check if you can make a good use of it.

  • What’s the roadmap for cobalt core?

    • Here it is:

    • Application -> Assessment -> interview -> Background verification -> Selected Yes/ No.

The original twitter AMA can be found here :- https://twitter.com/sillydadddy/status/1424286827951759367