Finding Your First Bug: Getting Started on a Target (Part 1)
- Published on: 12/13/2019
- Hi everyone, welcome to this video in the "Finding Your First Bug" in this series I'm going to go over some good first bugs: explain what they are, how to find them, show some examples of real bugs in the wild that paid out and finally do a practical example with Burp on a real target.
In this video, we follow up from: "Choosing Your Target" and go in-depth on what to do next. This is all about creating your own bug bounty methodology and figuring out how to approach the target. We cover choosing an asset, recon, poking the application, note-taking and when to give up.
Resources I mention in the Video:
- FuzzDB Discovery https://github.com/fuzzdb-project/fuzzdb/tree/master/discovery
- Payload All The Things methodology + recon https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Methodology%20and%20enumeration.md
- FuzzDB API fuzzing https://github.com/fuzzdb-project/fuzzdb/blob/master/discovery/common-methods/common-methods.txt
- STÖK Bug Bounty Methodology with Jason Haddix https://www.201tube.com/video/aNQg9mg4WNI/video.html
- Nahamsec It’s the little things BSides Portland (Recon talk) https://www.201tube.com/video/YT5Zl2jW3wg/video.html
- Bug Bounty Hunter Methodology Bug Crowd Level Up https://www.201tube.com/video/Qw1nNPiH_Go/video.html