RESEARCH METHODOLOGIES FOR BUG BOUNTY HUNTERS

Good morning everyone , its me Kamal Sharma from Nepal. Cyber security has been so important in today’s world. Social media has drastically changed our life. We are so attached to social media that we can’t even stay a single minute without them now. Millions of accounts are created daily and billions of users access them daily. So many users are unknown to social networking details, they don’t care messages, login informations and other details that may invite potential security threat to networking world. Many black hat hackers are threatening this field, so many programs have added bug bounties program to lure people towards ethical hacking and protecting their servers. So bug bounties are not just for bounties, it is also essential to keep secure data and prosperous future of humanity.

So lets begin, how to begin our careers in bug bounties. There are certain methodologies we can follow to enter into bug bounties.

See entire list of programmes through hackerone.com or bugcrowd.com that offer bug bounties.Then find a suitable target by using different recon tools. Google dorks is pretty the best. You may use shodan search engine which give idea about servers, devices, operating systems and all that may be useful. Finding target is the most important process in bug hunting. The more idea you get about target, the more it will be beneficial in later steps. So spend enough time in this process. Use nmap to track ip address and see open ports available or not, Use OWASP ZAP to find security threats which may even help in finding good target. Use burp suite to find http requests, get idea about the parameters used, and understand the complete process how the target is working.Now after finding suitable target, start enumerating its subdomains using sublist3r, dirb, dirbuster, gobuster etc. You can find many tools of enumerating subdomains in github too.Next step is exploiting the target. For exploiting you can use metasploit along with BeEF to hook the browser. You can attempt intruder attack. Make sure you pay good attention every time response is seen. Carefully observing every response help you to succeed faster. You should be able to get access control in this step.Now next step is PRIVILEGE ESCALATION. Here you will be trying to gain more access over the target. Simply elevate your security findings.Then cover the tracks, and simply report the bug. Make sure you report in an understandable way with good reproductive steps. Provide poc also because they will be asking it, so it is good to give initially.

These are the steps which is used by every hackers all over the world from beginners to professionals. Don’t panic and don’t burn out soon. It needs enough time . Enjoy reading writeups, they help you so much.

Okay we are serving networking world through our efforts. We need to be fresh and get time with our families, should enjoy nature and should watch movies too. If you want something to happen, entire universe conspires to make it happen. Thank you buddies, feel free to contact me if you need any help.

Twitter: https://twitter.com/bim_kamal