Scribd
Upload
19 views12 pages

Bug Bounty Hunting

The document provides a comprehensive guide on how to start learning bug bounty hunting, emphasizing the importance of foundational knowledge in networking and Linux. It outlines various resources for learning, including websites and YouTube channels, and stresses the need for practice through platforms like PortSwigger labs. Additionally, it addresses common questions regarding the time commitment and the necessity of certifications in the field.

Uploaded by

hoang181103
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
19 views12 pages

Bug Bounty Hunting

The document provides a comprehensive guide on how to start learning bug bounty hunting, emphasizing the importance of foundational knowledge in networking and Linux. It outlines various resources for learning, including websites and YouTube channels, and stresses the need for practice through platforms like PortSwigger labs. Additionally, it addresses common questions regarding the time commitment and the necessity of certifications in the field.

Uploaded by

hoang181103
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 12

BUG BOUNTY

HUNTING
BB002
How to actually learn

sachin
BB002-1
Questions.

1. How to start?
2. What to learn first?
3. Where to learn?
4. How to avoid false tips/content?
5. How long does it take?
6. Do i need certificates/degree?

sachin
BB002-2
1. How to start?

Start now
The only thing you need is internet.

There is no straight path to learn, you can start from anywhere as


shown in this diagram

xss sqli
recon

clickjacking

bash scripting
xxe ssrf
http headers
burpsuite

javascript
dorks exploits

sachin
BB002-3
2. What to learn first?

As i already told you that you can start learning from anywhere, But
first clear your basics so that you will not face any problem in learning
further.

a. Networking
You must have to know that how the internet works, learn about
http requests, ports, packets, server, ip, ssh, dns, mac, vpn ssl,
tcp/udp etc.

b. Linux
Use linux in cli mode so that you can learn bash commands
ex. cd, mv, cp, rm, cat, nano, xargs, find, git etc.

sachin
BB002-3
2. What to learn first?

After learning basics, your interest will force you to learn more and
then you can go with learning recon, vulnerabilities like xss, sqli, xxe.

In between you can also learn some crazy hacks like car hacking, wifi
deauth attack, flipper zero, raspberry pi board, etc.

Once you start watching these types of content, your device will
automatically start showing you hacking and technology related videos.

sachin
BB002-4
3. Where to learn?

Make Google your best friend.


You can find everything on google including, articles, videos, research
tools, wordlists, payloads, etc.

Recommended websites
medium.com → articles
github.com → tools, wordlists, payloads
youtube.com → practical videos, interviews, livecon, poc
twitter.com → cybersecurity experts views,
exploit-db.com → exploits, dorks
rapid7.com → vulnerability info
cve.mitre.org → cve details
nvd.nist.gov → cve details

sachin
BB002-4
3. Where to learn?

Recommended youtube channels


https://www.youtube.com/@NahamSec
https://www.youtube.com/@SpinTheHack
https://www.youtube.com/@BugBountyReportsExplained
https://www.youtube.com/@InsiderPhD
https://www.youtube.com/@rs0n_live
https://www.youtube.com/@LiveOverflow
https://www.youtube.com/@assetnote2016
https://www.youtube.com/@PwnFunction

https://www.youtube.com/@CodeManYoutube
https://www.youtube.com/@Fireship
https://www.youtube.com/@techchipnet

https://www.youtube.com/@TheXSSrat
https://www.youtube.com/@STOKfredrik
https://www.youtube.com/@codingo
https://www.youtube.com/@TomNomNomDotCom
https://www.youtube.com/@xdavidhu

sachin
BB002-4
3. Where to learn?

Practice

To find vulnerabilities in real life websites, i will suggest you to solve


portswigger labs

There you can find lots of labs that are designed for beginners to
advance level. There are multiple ways to exploit a vulnerability, these
labs help you to make your mind in such a way that it can think about
all the possibilities of hacking the website.

sachin
BB002-5
4. How to avoid false tips/content?

Methods

a. Follow trusted peoples content only


b. Don't run any tools or script without understanding
c. Double check each method yourself

There are lots of twitter account that reshares #bugbountytips content


without rechecking them, you must avoid those
If you want to run a code from someone's github repo, be sure to read it
first.

sachin
BB002-6
5. How long does it take?

12 Months

Yeah, If you really want to learn a skill you must give it 12 months
minimum.

Bug bounty is not the 15 hour game, To success in it you must learn it
everyday, If you keep learning this continuously for the next 6 months,
you will start seeing results.
I found my first paid bug in sixth month of my learning.

sachin
BB002-7
6. Do i need certificates/degree?

No/yes

It totally depends to you

As you learn more in this field, you will know for yourself whether you
want to pursue a certificate/degree or not.

If you are going with certificate make sure that it has:


a. Updated content and accepts by most of companies
b. Choose beginner friendly certs in starting then go with advance.

sachin
BB002-EOF

Be uniq
Be creative
Thanks for watching

Contact : https://shinchina.in https://t.me/shinchina

sachin

You might also like