Syed Mushfik Hasan Tahsin

Syed Mushfik Hasan Tahsin

18-07-2021

18:22

Hello, If you are just getting started into bug bounties and can't find enough resources, this thread might help you to find a way πŸ‘‡

Learn and Practice More. These Resources are open playgrounds for learning and practicing: 1. @WebSecAcademy (My Most Favorite Free Lab) 2. @RealTryHackMe 3. @PentesterLab Here you can learn and practice at a time.

And... @BugBountyHunt3r is a standalone thing in my views, it's paid but worth every penny. It can get you from the beginning to a level where you get much confidence to get started with real world targets.

Wanting to deep dive into different bug classes? 1. Read Writeups from @InfoSecComm 2. Read disclosed @Hacker0x01 reports 3. @BugBountyHunt3r Has Compiled The H1 Reports and categorized them (1/2)

Youtube Channels? 1. @NahamSec (He Has Interviews with a lot of great hackers from the community) 2. @stokfredrik (His video will give you a lot of motivations and knowledge) 3. @InsiderPhD (Her Videos Will Help you to get started) [1/2]

4. @PwnFunction (He has great explained videos on different bug classes) 5. @TomNomNom also has a lot of great videos. 6. @zseano (He has great mentoring videos) 7. @0xReconless (He has a lot of great content out there)

Some More In The List: 8.@codingo_ (He explains everything well❀️) 9.@hakluke (He Explains very well Too)

Some FAQ: 1. Do I Need To Learn How To Code? - Being able to read code is enough, get some basics and you are good to go. But Learning to code is really an advantage but not compulsory. As you will be dealing with web Knowing HTML,CSS and JS Basics are must (1/2)

2. When I have to shift to real world? - There are no specific time for this. You have an idea how the website works and know how to look for some bugs. Just give it a try then. No one can learn anything perfectly without giving it a shot. (2/2)

Need some more insight for a testing methodology? "@zseano's Methodology" is a game changer:

More Resources: by @payloadartist

As by the name you can understand that here you will be getting Bug Bounty Reports Explained: by @gregxsunday

Don't Know How I Missed it out, Kontra is a great place for Practicing OWASP Top 10. It has many publicly disclosed bugs recreated for you to practice. WEB | AWS | API | Frontend Bugs.


Follow us on Twitter

to be informed of the latest developments and updates!


You can easily use to @tivitikothread bot for create more readable thread!
Donate πŸ’²

You can keep this app free of charge by supporting 😊

for server charges...