I received my first bounty by targeting a small, relatively unknown, sub domain connected to a large public program. It used to belong to a small company that was recently bought out by the big one so I figured it might be an “untapped resource” if you will.
Ahaha my dissertation was on deciphering ancient languages, my wallpaper is a graphic I made for my dissertations, not Egyptian but greek! The writing system is called Linear B
It might help to force yourself to pick a program and just say "this week I am going to work on X, and I'm going to look for bug type Y and Z" like go deep
I have mixed opinions, I think a few years ago XSS was great! But now there's a lot involved to finding an XSS bug and most are being found by pros with significantly more expertise in bypassing WAFs. However, other people tell me that this gives beginners a good chance to learn how javascript/hacking can work. So if you ask me XSS is dead or dying for beginners. If you ask others XSS is a good first bug still.
You can find this in my Finding Your First Bug series or my video on Live API Hacking, both have step by step guides. To find websites to hack you register on a bug bounty platform like HackerOne, Bugcrowd, Intigriti etc, and choose a target like I'm showing on this video
zeus cybersec 0: How the web works (Web application hackers handbook - free at HackerOne is great for this) 1: How to use burp (my videos + practice) 2: What bugs are out there and the signs of them (my videos) 3: How to exploit these bugs (practice on CTFs /real targets)
@@InsiderPhD thing is I am in this field for 1 year.Preparing for oscp and done many oscp like ctfs.I am more of a network guy but I love web security too.I have done dvwa and Over the wire Natas challenge.I have a good idea on advancd used of Burpsuite.What ctfs/books do you recommend for Getting good in web?Also I don't feel confident as I have given most of my time to ctfs be it network or web.Please help me Katie🙁How can I boost my confidence and what web related books/ctfs should I finish before dipping my feet into bug bounty?
I think given your experience you need to START HACKING. It’s always going to be tough but that’s eventually where you want to be so pick a bug, pick a target and just START HACKING. Will it be hard, of course! But nothing worth doing is easy!
hbbss hbbss IDORs for sure, not that technically complex, and you can just methodically test endpoints one by one. Relies more on determination than technical skills
Check out the whole series, especially Business Logic and IDORs which I think are great first bugs when you haven't got a lot of technical skills yet. You can also practice with CTFs
I’m unfortunately not a great RU-vidr lmao and it took me a few attempts to get the audio right, for the moment just increase the volume but in the future I have fixed this issue!
@@InsiderPhD i ran it on big speakers used earphones did eq on chrome to boost high end still was quite low. hoping to see a fix soon. thanks for resonding. #ayylmao for life.