How to make money legally as a Hacker

1 year ago 59
BOOK THIS SPACE FOR AD
ARTICLE AD

cyberhansu

Photo by Alexander Grey on Unsplash

Bug hunting is the process of finding and reporting vulnerabilities in software, websites, or applications. It is an important part of cybersecurity and helps to identify and fix security issues before they can be exploited by attackers. There are many tools and techniques used in bug hunting, such as penetration testing, fuzzing, and code review.

In the context of cybersecurity, bug hunting is often associated with bug bounty programs. These programs are offered by companies and organizations to incentivize security researchers to find and report vulnerabilities in their software. In return for reporting a vulnerability, the researcher may receive a monetary reward or other recognition.

If you are interested in bug hunting, there are many resources available to help you get started. Google’s Bug Hunters community is a great place to learn about bug hunting and report vulnerabilities in Google products. Bug bounty platforms like HackerOne, Bugcrowd, and Synack also offer opportunities to participate in bug bounty programs and earn rewards for finding vulnerabilities.

What is bug bounty?

Identification and reporting of bugs and vulns in a responsible way.

2. All depends on interest and hardwork, not on degree, age, branch, college, etc.

What to study?

1. Internet, HTTP, TCP/IP
2. Networking
3. Command line
4. Linux
5. Web technologies, javascript, php, java
6. Atleast 1 prog language (Python/C/JAVA/Ruby..)

Choose your path (imp)

1. Web pentesting
2. Mobile pentesting
3. Desktop apps

4. Resources

Books

1. For web
1. Web app hackers handbook
2. Web hacking 101
3. Hacker’s playbook 1,2,3
4. Hacking art of exploitation
5. Mastering modern web pen testing
6. OWASP Testing guide

For mobile
1. Mobile application hacker’s handbook

Youtube channels

Hacking
1. Live Overflow
2. Hackersploit
3. Bugcrowd
4. Hak5
5. Hackerone

Writeups, Articles, blogs

1. Medium (infosec writeups)
2. Hackerone public reports
3. owasp.org
4. Portswigger
5. Reddit (Netsec)
6. DEFCON conference videos
7. Forums

Practice (imp)

Tools
1. Burpsuite
2. nmap
3. dirbuster
4. sublist3r
5. Netcat

🔥 Best ever Tools for Bug Bounty Hunters 🌐

→Amass
→Sublister
→Gauplus
→HTTPX
→Gf tool
→Kxss
→Sqlmap
→Commix
→Tplmap
→HYDRA
→John the ripper
→Evilwinrm
→Arjun
→Paramspider
→NoSQLmap
→NMAP
→Nikto
→FFUF
→403-Bypass
→Gobuster

Testing labs

1. DVWA
2. bWAPP
3. Vulnhub
4. Metasploitable
5. CTF365
6. Hack the box

Start!

1. Select a platform
1. Hackerone
2. Bugcrowd
3. Open bug bounty
4. Zerocopter
5. Antihack
6. Synack (private)

1. Choose wisely (first not for bounty)
2. Select a bug for hunt
3. Exhaustive search
4. Not straightforward always

REPORT:

5. Create a descriptive report
6. Follow responsible disclosure
7. Create POC and steps to reproduce

7. Words of wisdom

1. PATIENCE IS THE KEY, takes years to master, don’t fall for overnight success
2. Do not expect someone will spoon feed you everything.
3. Confidence
4. Not always for bounty
5. Learn a lot
6. Won’t find at the beginning, don’t lose hope
7. Stay focused
8. Depend on yourself
9. Stay updated with infosec world

Read Entire Article