.png)
3 weeks ago
25 BOOK THIS SPACE FOR AD
ARTICLE AD
“Failing to plan is planning to fail!”
Welcome back, Hackers!
To those returning after reading CHAPTER ONE, thank you and it’s great to have you back, and to new readers, welcome to the journey! In this chapter, I’ll be sharing my personal roadmap and the tools I’m using to aid my skills in bug bounty hunting. If you’re a beginner or just curious about the process, you’re in the right place—let’s get started!
Honestly, starting out in bug bounty hunting can be so hard, I mean it is hard because there is so much information to take in, and without a clear roadmap, it is easy to feel overwhelmed. After creating my roadmap, it has given me a structure and necessary things to focus on, helping me track progress, learn from each step, and stay motivated.
While there is a long list of things to learn as a beginner, the goal now is to start Hacking as quickly as possible. Below is the list of resources I personally recommend:
Bug Bounty Bootcamp by Vickie Li: This book is a summary of the core skills you need in a beginner-friendly way. I see it as a concise version of the OWASP Testing Guide, which is like my Engineering Mathematics textbook that I will always refer to for more detailed explanation.Zseano Bug Bounty Methodology: Since I am someone who loves manual testing, Zseano’s methodology has really opened my eyes to new things. I personally love his approach because it brings out the importance of thinking critically about each target, rather than relying on automation alone.Bug Bounty Playbook 1 and 2 by Ghostlulz: If you feel you are a little bit inclined towards the automation part, this book will definitely help you in creating your own personal automated methodology.PS: I have read all these books, I could have provided the link to download them but just consider this as a small test to learn how to use search engines. Tip: you should easily get them on GitHub.
Bug hunting is all about hands-on practice. Here’s a quick rundown of the tools I plan and recommend for anyone also starting out in bug hunting:
Burp Suite (Community Edition): This is essential for web application testing, especially for intercepting requests and testing payloads.ProjectDiscovery Tools: This is a suite of tools for recon and scanning, including Subfinder, Katana, Nuclei, and Httpx.Obsidian: The most important of all, for note-taking. I’ve been using Obsidian for a while now, especially in my academic studies and I can boldly say that it is the best note-taking app I have ever used.In the coming months, I’ll continue practicing with these tools and focus on vulnerabilities that are a bit easier to spot but still valuable to find. By sticking to this roadmap, I’m hoping to develop a solid foundation and refine my bug-hunting methodology.
If you’re looking for hands-on experience, there are lots of great sites to check out.
Personally, I’m not big on spending time with CTFs. If I want to pick up something new, I just head over to the PortSwigger site or find a real-life example to hack.
Please, make sure to always take notes when you are reading and be true to your set goals.
Thanks so much for reading! If you’d like to connect, I’d love to chat on Twitter/X. And if you’re a chess fan, check out my chess profile for a game or two.
If you’d like to support my journey, you can Buy Me a Coffee. ☺
Since school and studying have been a bit busy, I’m moving my blogs to a bi-weekly schedule to make sure each post has quality content.
CHAPTER THREE: My full Obsidian setup.
Don’t forget to follow me and subscribe so you don’t miss out.
Thank you. 🙂
Bengali (Bangladesh) · 
English (United States) ·