Hi, users of HackingBlogs! My name is Dipanshu Kumar, and I will be your guide throughout this thrilling 10-day Bug Bounty Bootcamp. I will walk you through every stage of learning bug bounty hunting during this bootcamp. Before moving on to more significant ideas like CVE feeds, picking the best bug bounty platform, and much more, we’ll start with the fundamentals, including virtualization and understanding the OWASP Top 10. Additionally, we will explore critical recon workflows and vulnerabilities like CSRF, XSS, and subdomain takeover. Therefore, let’s begin Day 1 and lay a strong basis for your bug bounty adventure!
“The first step to a successful hunt is preparation. Create a clear strategy, secure your tools, build your knowledge base, and set up your infrastructure. When it’s ready, carry out the strategy and begin looking for weaknesses!“
What Hardware Should One Use For Bug Bounty ?
It makes no difference if you’re using a fancy gaming PC or a used laptop. You can begin hunting as long as you have an operating system, 8GB of RAM, and a 250GB hard drive, along with the information in this page!
Let’s Learn About Virtualisation : Vmware , Virtualbox….
By using virtualisation, you can create separate environments for various jobs and run numerous operating systems on a same computer. This is made possible by tools that create virtual machines (VMs), such as VMware, VirtualBox, and Hyper-V. This facilitates the operation of legacy apps, testing, and resource optimisation. Additionally, you may run apps in isolated environments without the overhead of full virtual machines (VMs) thanks to lightweight alternatives offered by containerisation systems like Docker. These technologies are essential for effective system administration, development, and security testing.
By establishing a layer between the operating system and the hardware, virtualisation enables the operation of numerous virtual machines (VMs) or containers on a single physical system.
A hypervisor controls and distributes hardware resources (CPU, memory, and storage) to every virtual machine in VM-based virtualisation (using programmes like VMware or VirtualBox). Every virtual machine runs a different operating system. Applications are run in separate environments known as containers with containerisation (like Docker), which is lighter. These are more effective than virtual machines (VMs), particularly when it comes to rapidly deploying software across various settings, because they share the host operating system but stay apart.
It is time to set up your virtual machine after downloading your virtualisation software. Any Linux distribution will function, but Kali Linux is what I advise. It is perfect for your hunting setup because it comes preinstalled with a variety of tools for penetration and security testing.
Master the Basics of Organization Before You Begin
“If you plan on doing this professionally you need to act professionally.“
In the long term, maintaining organisation will be quite beneficial. Keeping thorough records of your actions, tool output, and engagement progress will significantly increase your success rate, particularly if you want to engage your target over several days, months, or even years. It is perfect for your hunting setup.
Building Checklists
Using a checklist enables you to systematically examine everything and clearly identify any gaps. It is useless to rely solely on memory because you may forget what you have previously done months later. Using a checklist makes it simple to monitor your progress and promptly respond to enquiries on previous actions.
Owasp Checklist : A Great Example For Beginners
This extensive checklist makes it easy to keep track of what has been checked and what still need attention because it covers almost every aspect of manual application testing. You will probably add to it or make your own version as you get more experience.
Taking Notes : “If you don’t make notes, you’ll fall behind the code!”
Although nobody likes taking notes, they are essential for increasing your chances of success. You will want to know what you did on the first day if you have been evaluating a target for months. Examining your notes is the only practical approach to monitor that progress.
Everybody has a favoured method for taking notes. While some people might prefer the conventional pen-and-paper method in a diary, others might use digital tools like JSON notes. It all comes down to what suits you the best. Consistency is crucial, regardless of whether you like the physical sensation of handwriting or prefer a digital format for ease of use and searchability. Evernote, OneNote, Notion, and Google Keep are well-known note-taking applications that each provide special features to keep you productive and organised.
That is it! There are many publications online that provide a greater explanation of Kali than I could, so I hope you can put it up yourself. Make it a habit to Google things and learn new things every day if you want to become a hacker. Continue to be trustworthy, avoid lying to yourself, and never give up! The hustle never ends.
I will be guiding you through creating CVE feed sources the next time we meet, assisting you in keeping informed of the most recent developments in cybersecurity. Choosing the appropriate bug-hunting platform and setting up an RSS feed will also be covered.
