35% Discount on all courses till 25th Jan 2023- New Year Offer

Call Us
Blog
Cloud Computing

Want to be a winner, change your bug bounty concepts Philosophy now!

blog_img

Want to be a winner, change your bug bounty concepts Philosophy now!

Many businesses across all sectors make significant investments in cybersecurity, including by launching bug bounty programmes to accelerate the discovery of vulnerabilities in their systems.

In bug bounty programs, anyone from around the world who already has skills and knowledge as a security researcher, penetration tester, or white hat hackers is welcome to legally perform testing on web applications, android applications, or iOS applications and find flaws or different vulnerabilities within a scope target.

Let’s check out in this blog what skills are required to become a good bug bounty hunter and how you can master those skills. Each has its own set of methodologies and techniques; you must determine which one is best for you or create your own.

Before getting started with bug bounty, learn the below-mentioned topics and try to practise while learning:

  • Windows and Linux fundamentals
  • Learn the fundamentals of Windows, group and policies, active directory, the basics of PowerShell, Windows services, and vulnerabilities. In terms of linux, fundamentals such as linux basic terminal commands, linux direcrory structure, managing linux users and groups, managing and monitoring linux services and processes, and familiarity with the enviornment must be learned. Linux is a necessary skill for someone wishing to work in the field of cyber security.

  • Basics of web application
  • Here, we have to learn all the concepts of web applications like understanding of URL, role of client and server, request and response header working, catching service and catche, owasp top ten vulnerabilities of web application.

  • Programming language
  • Programming language are essential to getting started in bug bounty, programs. Every web app or android application is build with the help of one or more programming languages. Every programming languages has the same basics step, the only difference is how they are presented.

    Best programming language to get started is python, learn the basic syntax, working of loop, working of if-else, list, tupples, dictionaries, basics of functions, files I/O, exception heading, socket programming, and many more.

  • Networking concepts should be clear
  • Networking concepts are essential to learn not only for bug bounties; this will also help in other domains of cyber security. In networking, learn the 3-way handshake, TCP headers and UDP headers, secure socket layer, OSI model architecture, network topologies, TCP/IP protocol, subnetting, tunneling, protocol services, and port numbers, as well as network security vulnerabilities.

  • Basics of server
  • The concept of server should be clear; this concept will also be useful for software developer and other cyber security domains. To understand what a server is, what types of server exist, how servers work, and how passwords are stored in servers.

    After we have learned all of the fundamental concepts, we must practise them at an online practise platform or a buggy web application. In addition, we’ll look at what hacking steps are required to find bugs in any web application.

    There are five steps of hacking, let’s see what are those:

  • Reconnaissance
  • Scanning
  • Ganning access
  • Maintaining access
  • Clearing tracks
  • The most important steps are the first two steps, i.e., reconnaissance and scanning. Most tools are used at this stage to find the loophole in any application or network.

    While doing reconnaissance, it’s divided into two parts: active recon and passive recon. In active recon we interact with the target network (hosts, employees, etc) and we can used tools like port scanning, vuln scans, web app scanning. We use publicly available information in passive recon by using tools like whois, OSINT, and search engine dorks.

    To find subdomains of the traget website, we can use tools like sublist3r, Amass, subfinder, dirbuster, etc. There are many tools for different purposes. For network scanning there are several tools like Zenmap, Nmap, Ettercap, Metasploit, and many more.

    The most important tools for every beginner need to learn are:

  • Nmap
  • Metasploit
  • Amass
  • Burpsuite / OWASP Zap
  • Wappalyzer
  • We now need to put everything we’ve learned into practice, so here are some vulnerable platforms where we can do so:

  • bWAPP(Buggy Web Application platform)
  • OverTheWire(This platform will help to clear the linux commands)
  • WebGoat
  • Hackthissite
  • TryHackMe
  • HackTheBox
  • All of the vulnerable platforms mentioned above are free to use, there are more free platforms available like portswigger academy and CTF (Capture the flag) platforms (PicoCTF, CTFtime, Hacker101 CTF, etc).

    When you feel confident after solving all the CTF challenges and all the OWASP top 10 vulnerabilities. Then you’re ready to begin your bug bounty campaign.

    In bug bounty, there are different platforms available to get started, like HackerOne, BugCrowd, Open Bug Bounty, and Integriti. These are the individual platforms for bug bounty, but some of the companies are running their own bug bounty platforms, such as Facebook, Google, Github, etc. Also, when you become a professional in bug bounty some of the private programmes are also available at BugCrowd and HackerOne. It totally depends on your previous reports of the POC (proof of concept).

    While choosing the target at the bug bounty platform, we must look for a target that is not very popular. It will help with better reconnaissance at the target application. Try to do more as much reconnaissance as possible, and the first step to doing reconnaissance is to start with passive recon after that, find all the subdomains of the target application with the help of different tools and filter them with Http and Https (using the Httpx tool).

    After doing a perfect recon, you will get lots of information about the target application, such as:

  • List of all live subdomains
  • List of different IPs and open ports
  • Sensitive data exposed on github
  • Hidden endpoints
  • Juicy directories with sensitive information
  • Publicly exposed secrets
  • Hidden parameters
  • Low hanging vulnerabilities such as Rxss, open redirect, SQLi
  • Scope from 1x to 1000x
  • Better recon will help to increase the attack surface, which means more vulnerabilities. Finding untouched endpoints will help to get fewer duplicates. Recon will help you increase your attack surface and may allow you to find vulnerabilities, but the ultimate goal is to dig your target the deepest.

    Conclusion:

    Beginner in web application or android penetration testing should first learn the fundamentals before practicipating in bug bounty programs. Without learning all the basic, it’s a waste of time to directly enter bug bounty programmes.

    Those who are professional in pentration testing or vulnerability assessment can start doing bug bounties because they are already working as testing engineers. Also, some of the professionals recommend starting with building the application because, once you are familiar with the building of application, it will not take much time to find their vulnerabilities.

    Bug bounty are simply a programme that allows you to find vulnerabilities in target application by putting your skills and knowledge to use.

    Keep learning and keep exploring!

    image

    CCIE Enterprise Infrastructure Training Institute. Certified CCIE Instructors. NH is Famously Known For CCIE Training Program. International Students. View Our Programs.

    Social Links