Skip to content

This is a resource factory for anyone looking forward to starting bug hunting and Ethical hacking would require guidance as a beginner.

License

Notifications You must be signed in to change notification settings

Rahul121119251ganesh/Ethical-hacking-Roadmap

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

18 Commits
 
 
 
 

Repository files navigation

Ethical-hacking-Roadmap & bug hunting Roadmap

This is a resource factory for anyone looking forward to starting bug hunting and Ethical hacking would require guidance as a beginner.

Hi! I'm Ashutosh chandra shah . I am currently working as a Security Engineer . I am creating this repository for everyone to contribute as to guide the young and enthusiastic minds for starting their career in bug bounties. More content will be added regularly. Keep following. So let's get started!

NOTE: The bug bounty landscape has changed since the last few years. The issues we used to find easily an year ago would not be easy now. Automation is being used rigorously and most of the "low hanging fruits" are being duplicated if you are out of luck. If you want to start doing bug bounty, you will have to be determined to be consistent and focused, as the competition is very high.

Introduction

What is a bug?

  • Security bug or vulnerability is “a weakness in the computational logic (e.g., code) found in software and hardware components that, when exploited, results in a negative impact to confidentiality, integrity, OR availability.

#What is Bug Bounty?

A bug bounty or bug bounty program is IT jargon for a reward or bounty program given for finding and reporting a bug in a particular software product. Many IT companies offer bug bounties to drive product improvement and get more interaction from end users or clients. Companies that operate bug bounty programs may get hundreds of bug reports, including security bugs and security vulnerabilities, and many who report those bugs stand to receive awards.

#What is the Reward? There are all types of rewards based on the severity of the issue and the cost to fix. They may range from real money (most prevalent) to premium subscriptions (Prime/Netflix), discount coupons (for e commerce of shopping sites), gift vouchers, swags (apparels, badges, customized stationery, etc.). Money may range from 50$ to 50,000$ and even more.

What to learn?

Technical

Computer Fundamentals

https://www.comptia.org/training/by-certification/a

https://www.youtube.com/watch?v=tIfRDPekybU

https://www.tutorialspoint.com/computer_fundamentals/index.htm

https://onlinecourses.swayam2.ac.in/cec19_cs06/preview

https://www.udemy.com/course/complete-computer-basics-course/

https://www.coursera.org/courses?query=computer%20fundamentals

Computer Networking

https://www.youtube.com/watch?v=0AcpUwnc12E&list=PLkW9FMxqUvyZaSQNQslneeODER3bJCb2K

https://www.youtube.com/watch?v=qiQR5rTSshw -https://www.youtube.com/watch?v=L3ZzkOTDins

https://www.udacity.com/course/computer-networking--ud436

https://www.coursera.org/professional-certificates/google-it-support

https://www.udemy.com/course/introduction-to-computer-networks/

NetworkChuck: https://www.youtube.com/c/NetworkChuck

Operating Systems

https://www.youtube.com/watch?v=z2r-p7xc7c4

https://www.youtube.com/watch?v=_tCY-c-sPZc

https://www.coursera.org/learn/os-power-user

https://www.udacity.com/course/introduction-to-operating-systems--ud923

https://www.udemy.com/course/linux-command-line-volume1/

https://www.youtube.com/watch?v=v_1zB2WNN14

Command Line

Windows:

https://www.youtube.com/watch?v=TBBbQKp9cKw&list=PLRu7mEBdW7fDTarQ0F2k2tpwCJg_hKhJQ

https://www.youtube.com/watch?v=fid6nfvCz1I&list=PLRu7mEBdW7fDlf80vMmEJ4Vw9uf2Gbyc_

https://www.youtube.com/watch?v=UVUd9_k9C6A

Linux:

https://www.youtube.com/watch?v=fid6nfvCz1I&list=PLRu7mEBdW7fDlf80vMmEJ4Vw9uf2Gbyc_

https://www.youtube.com/watch?v=UVUd9_k9C6A -

https://www.youtube.com/watch?v=GtovwKDemnI

https://www.youtube.com/watch?v=2PGnYjbYuUo

https://www.youtube.com/watch?v=e7BufAVwDiM&t=418s

https://www.youtube.com/watch?v=bYRfRGbqDIw&list=PLkPmSWtWNIyTQ1NX6MarpjHPkLUs3u1wG&index=4

Programming

C

https://www.youtube.com/watch?v=irqbmMNs2Bo

https://www.youtube.com/watch?v=ZSPZob_1TOk

https://www.programiz.com/c-programming

Python

https://www.youtube.com/watch?v=ZLga4doUdjY&t=30352s

https://www.youtube.com/watch?v=gfDE2a7MKjA

https://www.youtube.com/watch?v=eTyI-M50Hu4

JavaScript

https://www.youtube.com/watch?v=-lCF2t6iuUc

https://www.youtube.com/watch?v=hKB-YGF14SY&t=1486s

https://www.youtube.com/watch?v=jS4aFq5-91M

PHP

https://www.youtube.com/watch?v=1SnPKhCdlsU

https://www.youtube.com/watch?v=OK_JCtrrv-c

https://www.youtube.com/watch?v=T8SEGXzdbYg&t=1329s

Where to learn from?

Books

Web Application Hacker's Handbook: https://www.amazon.com/Web-Application-Hackers-Handbook-Exploiting/dp/1118026470

Real World Bug Hunting: https://www.amazon.in/Real-World-Bug-Hunting-Field-Hacking-ebook/dp/B072SQZ2LG

Bug Bounty Hunting Essentials: https://www.amazon.in/Bug-Bounty-Hunting-Essentials-Quick-paced-ebook/dp/B079RM344H

Bug Bounty Bootcamp: https://www.amazon.in/Bug-Bounty-Bootcamp-Reporting-Vulnerabilities-ebook/dp/B08YK368Y3

Hands on Bug Hunting: https://www.amazon.in/Hands-Bug-Hunting-Penetration-Testers-ebook/dp/B07DTF2VL6

Hacker's Playbook 3: https://www.amazon.in/Hacker-Playbook-Practical-Penetration-Testing/dp/1980901759

OWASP Testing Guide: https://www.owasp.org/index.php/OWASP_Testing_Project

Web Hacking 101: https://www.pdfdrive.com/web-hacking-101-e26570613.html

OWASP Mobile Testing Guide :https://www.owasp.org/index.php/OWASP_Mobile_Security_Testing_Guide

Writeups

Medium: https://medium.com/analytics-vidhya/a-beginners-guide-to-cyber-security-3d0f7891c93a

Infosec Writeups: https://infosecwriteups.com/?gi=3149891cc73d

Hackerone Hacktivity: https://hackerone.com/hacktivity

Google VRP Writeups: https://github.com/xdavidhu/awesome-google-vrp-writeups

Blogs and Articles

Hacking Articles: https://www.hackingarticles.in/

Vickie Li Blogs: https://vickieli.dev/

Bugcrowd Blogs: https://www.bugcrowd.com/blog/

Intigriti Blogs: https://blog.intigriti.com/

Portswigger Blogs: https://portswigger.net/blog

Forums

Reddit: https://www.reddit.com/r/websecurity/

Reddit: https://www.reddit.com/r/netsec/

Bugcrowd Discord: https://discord.com/invite/TWr3Brs

Official Websites

OWASP: https://owasp.org/

PortSwigger: https://portswigger.net/

Cloudflare: https://www.cloudflare.com/

YouTube Channels

English

zSecurity: https://www.youtube.com/c/zSecurity

Insider PHD: https://www.youtube.com/c/InsiderPhD

Stok: https://www.youtube.com/c/STOKfredrik

Bug Bounty Reports Explained: https://www.youtube.com/c/BugBountyReportsExplained

Vickie Li: https://www.youtube.com/c/VickieLiDev

Hacking Simplified: https://www.youtube.com/c/HackingSimplifiedAS

Pwn function :https://www.youtube.com/c/PwnFunction

Farah Hawa: https://www.youtube.com/c/FarahHawa

XSSRat: https://www.youtube.com/c/TheXSSrat

Zwink: https://www.youtube.com/channel/UCDl4jpAVAezUdzsDBDDTGsQ

Live Overflow :https://www.youtube.com/c/LiveOverflow

Loi Liang Yang :https://www.youtube.com/c/LoiLiangYang

David Bombal :https://www.youtube.com/c/DavidBombal

Domain of Science : https://www.youtube.com/c/DomainofScience/videos

Hindi

Spin The Hack: https://www.youtube.com/c/SpinTheHack

Pratik Dabhi: https://www.youtube.com/c/impratikdabhi

Bitten Tech: https://www.youtube.com/c/BittenTech

THE BBH: https://www.youtube.com/c/THEBBH

Join Twitter Today!

World class security researchers and bug bounty hunters are on Twitter. Where are you? Join Twitter now and get daily updates on new issues, vulnerabilities, zero days, exploits, and join people sharing their methodologies, resources, notes and experiences in the cyber security world!

Twitter expert Infosec People's To Must Follow!

  1. Ben Sadeghipour : https://twitter.com/NahamSec

  2. STÖK : https://twitter.com/stokfredrik

  3. TomNomNom : https://twitter.com/TomNomNom

  4. shubs : https://twitter.com/infosec_au

  5. Emad Shanab : https://twitter.com/Alra3ees

  6. payloadartist : https://twitter.com/payloadartist

  7. ʀᴇᴍᴏɴ : https://twitter.com/remonsec

  8. Aditya Shende : https://twitter.com/ADITYASHENDE17

  9. Hussein Daher : https://twitter.com/HusseiN98D

  10. The XSS Rat : https://twitter.com/theXSSrat

  11. zseano : https://twitter.com/zseano

  12. Corben Leo : https://twitter.com/hacker_

  13. Vickie Li : https://twitter.com/vickieli7

  14. GodFather Orwa : https://twitter.com/GodfatherOrwa

  15. Ashish Kunwar : https://twitter.com/D0rkerDevil

  16. Farah_Hawaa : https://twitter.com/Farah_Hawaa

  17. Jason Haddix : https://twitter.com/Jhaddix

  18. @brutelogic : https://twitter.com/brutelogic

  19. gregxsunday : https://twitter.com/gregxsunday

We highly appricate every researcher and bug hunter contrubuting there time and support to the community.

PRACTICE! PRACTICE! and PRACTICE!

CTF

Hacker 101: https://www.hackerone.com/hackers/hacker101

PicoCTF: https://picoctf.org/

TryHackMe: https://tryhackme.com/ (premium/free)

HackTheBox: https://www.hackthebox.com/ (premium)

VulnHub: https://www.vulnhub.com/

HackThisSite: https://hackthissite.org/

CTFChallenge: https://ctfchallenge.co.uk/

Attack-Defense: https://attackdefense.com/

Alert to win: https://alf.nu/alert1

Bancocn: https://bancocn.com/

CTF Komodo Security: https://ctf.komodosec.com/

CryptoHack: https://cryptohack.org/

CMD Challenge: https://cmdchallenge.com/http://overthewire.org/

Explotation Education: https://exploit.education/

Google CTF: https://lnkd.in/e46drbz8

HackTheBox : https://www.hackthebox.com/

Hackthis : https://www.hackthis.co.uk/

Hacksplaining : https://lnkd.in/eAB5CSTA

Hacker Security : https://lnkd.in/ex7R-C-e

Hacking-Lab : https://hacking-lab.com/

HSTRIKE : https://hstrike.com/

ImmersiveLabs : https://immersivelabs.com/

NewbieContest : https://lnkd.in/ewBk6fU5

OverTheWire : http://overthewire.org/

Practical Pentest Labs : https://lnkd.in/esq9Yuv5

Pentestlab : https://pentesterlab.com/

Hackaflag BR : https://hackaflag.com.br/

Penetration Testing Practice Labs : https://lnkd.in/e6wVANYd

PicoCTF : https://picoctf.com/

PWNABLE : https://lnkd.in/eMEwBJzn

Root-Me : https://www.root-me.org/

Root in Jail : http://rootinjail.com/

SANS Challenger : https://lnkd.in/e5TAMawK

SmashTheStack : https://lnkd.in/eVn9rP9p

The Cryptopals Crypto Challenges : https://cryptopals.com/

Try Hack Me : https://tryhackme.com/

Vulnhub : https://www.vulnhub.com/

W3Challs : https://w3challs.com/

WeChall : http://www.wechall.net/

Zenk-Security : https://lnkd.in/ewJ5rNx2

Cyberdefenders : https://lnkd.in/dVcmjEw8

LetsDefend : https://letsdefend.io/

Vulnmachines : https://vulnmachines.com/

Rangeforce : https://www.rangeforce.com/

Ctftime : https://ctftime.org/

Pwn college : https://dojo.pwn.college/

PentesterLab: https://pentesterlab.com/referral/olaL4k8btE8wqA (premium)

Free Money CTF :- https://bugbase.in/

Online Labs

PortSwigger Web Security Academy: https://portswigger.net/web-security

OWASP Juice Shop: https://owasp.org/www-project-juice-shop/

XSSGame: https://xss-game.appspot.com/

BugBountyHunter: https://www.bugbountyhunter.com/ (premium)

W3Challs : https://w3challs.com/

Offline Labs

DVWA: https://dvwa.co.uk/

bWAPP: http://www.itsecgames.com/

Metasploitable2: https://sourceforge.net/projects/metasploitable/files/Metasploitable2/

BugBountyHunter: https://www.bugbountyhunter.com/ (premium)

W3Challs : https://w3challs.com/

Bug Bounty Platforms

Crowdsourcing

hackenproof: https://hackenproof.com/

Bugcrowd: https://www.bugcrowd.com/

Hackerone: https://www.hackerone.com/

Intigriti: https://www.intigriti.com/

YesWeHack: https://www.yeswehack.com/

OpenBugBounty: https://www.openbugbounty.org/

Bugbounty japan: https://bugbounty.jp/

safeHat: https://safehats.com/

Individual Programs

Meta: https://www.facebook.com/whitehat

Google: https://about.google/appsecurity/

All bug hunting platform - chaos.projectdiscovery: https://chaos.projectdiscovery.io/#/

cybersecurity news

Seytonic: https://www.youtube.com/c/Seytonic

Grant Collins: https://www.youtube.com/channel/UCTLUi3oc1-a7dS-2-YgEKmA/videos

hardware hacking

Joe Grand: https://www.youtube.com/c/JoeGrand

Jeff Geerling :https://www.youtube.com/c/JeffGeerling

Computerphile: https://www.youtube.com/user/Computerphile/videos

Lennert :https://twitter.com/LennertWo

Bug Bounty Report Format

Title

The first impression is the last impression, the security engineer looks at the title first and he should be able to identify the issue. Write about what kind of functionality you can able to abuse or what kind of protection you can bypass. Write in just one line. Include the Impact of the issue in the title if possible.

Description

This component provides details of the vulnerability, you can explain the vulnerability here, write about the paths, endpoints, error messages you got while testing. You can also attach HTTP requests, vulnerable source code.

Steps to Reproduce

Write the stepwise process to recreate the bug. It is important for an app owner to be able to verify what you've found and understand the scenario. You must write each step clearly in-order to demonstrate the issue. that helps security engineers to triage fast.

Proof of Concept

This component is the visual of the whole work. You can record a demonstration video or attach screenshots.

Impact

Write about the real-life impact, How an attacker can take advantage if he/she successfully exploits the vulnerability. What type of possible damages could be done? (avoid writing about the theoretical impact) Should align with the business objective of the organization

Sample Report

Browser Extensions for Bug Bounty

  1. KNOXSS For Cross Site Scripting :

KNOXSS is a popular tool developed by Brazilian Security Researcher @Brutelogic . The tool aims to find Cross Site Scripting Vulnerability while we browse the website. If you are new to Cross Site Scripting attack We suggest you to check this post. The tool has two versions available, Community Edition which is free to use

Link - https://addons.mozilla.org/en-US/firefox/addon/knoxss-community-edition

  1. Wappalyzer :

Wappalyzer is a technology profiler that identifies the CMS, JS libraries, Frameworks and other technologies that the websites use. It will help you to focus the recon process on a certain technology or framework by identifying them with the current version of them. The alternative for this add-on can be Builtwith technology Lookup

Link - https://addons.mozilla.org/en-US/firefox/addon/wappalyzer

  1. Hackbar Addon

The security researchers will finds Hackbar tool to be extremely beneficial. When testing a web application or web server, we frequently alter the address bar’s settings. We repeatedly refresh webpages. All of these things frequently occur to us. Hackbar add-on aids us in reducing this time and performing our task quickly. The tool consist payloads for XSS attacks, SQL Injection, WAF Bypass Payloads, LFI Payloads etc.

Link: https://addons.mozilla.org/en-US/firefox/addon/maxs-hackbar Link: https://addons.mozilla.org/en-US/firefox/addon/hackbartool

4.FoxyProxy A Firefox addon called FoxyProxy helps to automatically switch an internet connection between one or more proxy servers. FoxyProxy, to put it simply, simplifies the manual process of modifying the Connection Settings in Firefox. It is very useful during pen testing work. It helps in turning off/on proxy in a single click. FoxyProxy also does have feature of bypassing proxy (Intercept in burp suite) for specific domains using blacklist and whitelist feature.

Link: https://addons.mozilla.org/en-US/firefox/addon/foxyproxy-standard

  1. DotGit An extension for checking if .git is exposed in visited websites. The addon also checks for exposed environment files (.env), security.txt and more while we browse the web. This addon helps us in finding information disclosure vulnerability. Sometimes exposing environment file and git file can have serious security impact.

Link: https://addons.mozilla.org/en-US/firefox/addon/dotgit

  1. User-Agent Switcher A user-agent switcher modifies your browser’s user agent. When communicating with a web server, your browser sends a string of text or a HTTP header called a “user agent” that contains information about the user’s operating system, current browser, rendering engine, and other important components. Based on the users agent the servers gives response to the user.

During penetration testing we can test for application by loading same application in different types of browser such as for a Mobile, for a PC, for a tablet etc. This is very handy for developers as well for testing responsiveness of a developed website.

Link: https://addons.mozilla.org/en-US/firefox/addon/user-agent-string-switcher

  1. ModHeader ModHeader addon helps in modifying HTTP request and response headers easily in a browser. By the use of this add-on we can search for vulnerabilities like Authorization Bypass, cookie modification, session data manipulation, Referrer Bypass etc. Once we set HTTP header that will be used on each website that we visit.

Link: https://addons.mozilla.org/en-US/firefox/addon/modheader-firefox/

  1. Beautifier & Minify You can easily minify and simplify CSS, HTML, and JavaScript code with the help of this add-on. During penetration testing we often land with large chunked JavaScript code which is difficult to read and get to understand the flow of code. In such time this addon help us in beautifully minifying code in readable format so that we can find flaws in source code.

Link: https://addons.mozilla.org/en-US/firefox/addon/beautifer-minify/

  1. Retire.js With retire JS we can find for vulnerable JavaScript library. It helps in finding known vulnerabilities sin js and few of the CVE affecting JS products.

Link: https://addons.mozilla.org/en-US/firefox/addon/retire-js/

  1. Email Extractor Automated email extraction tool that automatically saves email addresses from web pages that we visits. Main goal of this add-on is to collect possible exposed email address from source code and can aid in performing social engineering attacks, credential stuffing attack etc.

Link: https://addons.mozilla.org/en-US/firefox/addon/mailshunt-email-extractor/

  1. TruffleHog Chrome Extension The TruffleHog browser plugin scans visited websites for API keys and credentials and notifies you if any are found. This is helpful for conducting pentests and code reviews since it reveals keys that would otherwise be overlooked or need manual searching.

Link: https://chrome.google.com/webstore/detail/trufflehog/bafhdnhjnlcdbjcdcnafhdcphhnfnhjc

  1. Fake Filler This extension’s goal is to make it easier and faster for developers and testers to test fill-up forms. It helps in filling all form inputs (textboxes, text areas, radio buttons, drop downs, etc.) with fake and randomly generated data.

Link: https://addons.mozilla.org/en-US/firefox/addon/fake-filler/

  1. Click-jacking This addon helps in finding clickjacking vulnerability by looking for absence of X-Frame-Options header in a website.

Link: https://addons.mozilla.org/en-US/firefox/addon/click-jacking/

  1. Cookie Editor Cookie-Editor helps you in manipulating the cookie of a website. A user can modify, delete, add cookie values for different purpose of tests. Vulnerabilities like session theft, privilege escalation, session misconfiguration etc. can be tested using this add-on.

Link: https://addons.mozilla.org/en-US/firefox/addon/cookie-editor/

Advance Recon & information gathering

  1. Shodan-Search for devices connected to the internet. ( https://www.shodan.io/ )

  2. Wigle-Database of wireless networks, with statistics. ( https://www.wigle.net/ )

  3. Grep App-Search across a half million git repos. ( https://grep.app/ )

  4. Binary Edge-Scans the internet for threat intelligence. ( https://www.binaryedge.io/ )

  5. ONYPHE-Collects cyber-threat intelligence data. ( https://www.onyphe.io/ )

  6. GreyNoise-Search for devices connected to the internet. ( https://www.greynoise.io/ )

  7. Censys-Assessing attack surface for internet connected devices. ( https://search.censys.io/hosts/ )

  8. Hunter-Search for email addresses belonging to a website. ( https://hunter.io/)

  9. Fofa-Search for various threat intelligence.

  10. ZoomEye-Gather information about targets. ( https://github.com/topics/zoomeye )

  11. Leak X-Search publicly indexed information. ( https://leakix.net/ )

  12. IntelligenceX-Search Tor, 12P, data leaks, domains, and emails. ( https://intelx.io/ )

  13. Netlas-Search and monitor internet connected assets. ( https://netlas.io/ )

  14. URL Scan-Free service to scan and analyse websites. ( https://urlscan.io/ )

  15. PublicWWW-Marketing and affiliate marketing research. ( https://publicwww.com/ )

  16. FullHunt-Search and discovery attack surfaces. ( https://fullhunt.io/search )

  17. CRT sh-Search for certs that have been logged by CT. ( https://crt.sh/ )

  18. Vulners-Search vulnerabilities in a large database. ( https://vulners.com/search )

19 Pulsedive-Search for threat intelligence. ( https://pulsedive.com/ )

  1. Packet Storm Security-Browse latest vulnerabilities and exploits.

  2. GrayHatWarefare-Search public S3 buckets. ( https://buckets.grayhatwarfare.com/ )

  3. viz.greynoise.io - GreyNoise Visualizer

  4. onyphe.io - Cyber Defense Search Engine

  5. vigilante.pw - Breached Database Directory

  6. dnsdumpster.com - DNS recon & research .phonebook.cz - Search for subdomains, email addresses, or URLS

Cybersecurity & Hacking Documentaries

Some Great Cybersecurity & Hacking Documentaries Recommendations!

  1. We Are Legion – The Story Of The Hacktivists - https://lnkd.in/dEihGfAg

  2. 21st Century Hackers - https://lnkd.in/dvdnZkg5

  3. Hackers Wanted - https://lnkd.in/du-pMY2R

  4. Hackers in wonderland - https://www.youtube.com/watch?v=fe8GsPCpE7E

  5. The Internet’s Own Boy: The Story Of Aaron Swartz - https://lnkd.in/d3hQVxqp

  6. Def Con: The Documentary - https://lnkd.in/dPE4jVVA

  7. Hackers Are People Too - https://www.youtube.com/watch?v=7jciIsuEZWM

  8. Secret History Of Hacking - https://lnkd.in/dnCWU-hp

  9. Risk (2016) - https://lnkd.in/dMgWT-TN

  10. Zero Days (2016) - https://lnkd.in/dq_gZA8z

  11. Guardians Of The New World (Hacking Documentary) | Real Stories - https://lnkd.in/dUPybtFd

  12. A Origem dos Hackers - https://lnkd.in/dUJgG-6J

  13. The Great Hack - https://lnkd.in/dp-MsrQJ

  14. The Networks Dilemma - https://lnkd.in/dB6rC2RD

  15. Web Warriors - https://lnkd.in/dip22djp

  16. Cyber War - Dot of Documentary - https://lnkd.in/dhNTBbbx

  17. CyberWar Threat - Inside Worlds Deadliest Cyberattack - https://lnkd.in/drmzKJDu

  18. The Future of Cyberwarfare - https://lnkd.in/dE6_rD5x

  19. Dark Web Fighting Cybercrime Full Hacking - https://lnkd.in/dByEzTE9

  20. Cyber Defense: Military Training for Cyber Warfare - https://lnkd.in/dhA8c52h

  21. Hacker Hunter: WannaCry The History Marcus Hutchin - https://lnkd.in/dnPcnvSv

  22. The Life Hacker Documentary - https://lnkd.in/djAqBhbw

  23. Hacker The Realm and Electron - Hacker Group -https://lnkd.in/dx_uyTuT

  24. Chasing Edward Snowden - https://www.youtube.com/watch?v=8YkLS95qDjI

  25. The Hacker Wars - https://www.youtube.com/watch?v=ku9edEKvGuY

  26. Hackers World - https://www.youtube.com/watch?v=1A3sQO_bQ_E

  27. In the Realm of the Hackers - https://www.youtube.com/watch?v=0UghlW1TsMA

  28. The Pirate Bay Away From Keyboard - https://www.youtube.com/watch?v=eTOKXCEwo_8

  29. Wannacry: The Marcus Hutchins Story - https://www.youtube.com/watch?v=vveLaA-z3-o

  30. THE INSIDE LIFE OF A HACKER - https://www.youtube.com/watch?v=CuESlhKLhCY

  31. High Tech Hackers Documentary- https://www.youtube.com/watch?v=l2fB_O5Q6ck

  32. Drones, hackers and mercenaries - The future of war - https://www.youtube.com/watch?v=MZ60UDys_ZE

Some additional Tips

Don't do bug bounty as a full time in the beginning (although I suggest don't do it full time at any point). There is no guarantee to get bugs every other day, there is no stability. Always keep multiple sources of income (bug bounty not being the primary). Stay updated, learning should never stop. Join twitter, follow good people, maintain the curiosity to learn something new every day. Read writeups, blogs and keep expanding your knowledge.

Always see bug bounty as a medium to enhance your skills. Money will come only after you have the skills. Take money as a motivation only. Don't be dependent on automation. You can't expect a tool to generate money for you. Automation is everywhere. The key to success in Bug Bounty is to be unique. Build your own methodology, learn from others and apply on your own.

Always try to escalate the severity of the bug, Keep a broader mindset. An RCE always has higher impact than arbitrary file upload. It's not necessary that a vulnerability will be rewarded based on the industry defined standard impact. The asset owners rate the issue with a risk rating, often calculated as impact * likelyhood (exploitability). For example, an SQL Injection by default has a Critical impact, but if the application is accessible only inside the organization VPN and doesn't contain any user data/PII in the database, the likelyhood of the exploitation is reduced, so does the risk.

Stay connected to the community. Learn and contribute. There is always someone better than you in something. don't miss an opportunity to network. Join forums, go to conferences and hacking events, meet people, learn from their experiences.

Always be helpful. Ashutosh c. shah

About

This is a resource factory for anyone looking forward to starting bug hunting and Ethical hacking would require guidance as a beginner.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published