Рет қаралды 38,105
Hi everyone, welcome to this video in the "Finding Your First Bug" in this series I'm going to go over some good first bugs: explain what they are, how to find them, show some examples of real bugs in the wild that paid out and finally do a practical example with Burp on a real target.
In this video, we follow up from: "Choosing Your Target" and go in-depth on what to do next. This is all about creating your own bug bounty methodology and figuring out how to approach the target. We cover choosing an asset, recon, poking the application, note-taking and when to give up.
Resources I mention in the Video:
- FuzzDB Discovery github.com/fuzzdb-project/fuz...
- Payload All The Things methodology + recon github.com/swisskyrepo/Payloa...
- FuzzDB API fuzzing github.com/fuzzdb-project/fuz...
Further Watching:
- STÖK Bug Bounty Methodology with Jason Haddix • HOW TO APPROACH A NEW ...
- Nahamsec It’s the little things BSides Portland (Recon talk) • Ben Sadeghipour - It’s...
- Bug Bounty Hunter Methodology Bug Crowd Level Up • LevelUp 0x02 - Bug Bou...