First steps in bug hunting

How did you get into bug bounty hunting?

I came across the term Bug-Bounty while browsing Twitter back in 2020 if I remember it correctly. I watched a bunch of videos related to the topic mainly from InsiderPHD, Stök and Nahamsec. I remember they always said you should start on a random program and try it yourself to get experience (just like black-box web security testing in my opinion) so I started on a fully random program and got lucky on the first day and found a low severity information leak. But I felt I didn't know enough so I returned to youtube and online resources for learning more.

Hacker insight

Do you have any tips for our audience on what you do when you approach a new target?

In my opinion I still don't have much experience in Bugbounty but I'd suggest everyone who wants to get involved to start on a random program with actual functionality and stay with it for at least 1-2 weeks. Just use it as a normal user but at the same time think about possible vulnerabilities.

About the testing methodology

Do you follow a pre-defined methodology or do you prefer to change your methods regularly?

I usually take a quick look-arund or click-through the app to gain insight whats the main functionality and what shouldn't be possible. Both authorization and logic flow-wise.

Do you have any favorite tool or favorite wordlist to test with?

I'd call BurpSuite and ffuf my 2 favorite tools and I usually go with seclists when I need a wordlist. The merhodology really depends on the app but if I have to choose I'd say I follow one.

Favorite bug classes

Do you have any favorite vulnerabilities to focus on during testing?

I like authorization issues and application logic related bugs. In penetration testing, I came across some Blind SQL injections which I really enjoyed exploiting.

Certifications and Achievements

Do you have any security certificates? How important do you think certifications are nowadays?

No, but my CCNA is in progress because of university and I'm planning on doing OSCP in the next 2-3 years.

What would you consider your most impressive achievement? What bounty are you most proud of?

For my most impressive achievement I'd say a Path Traversal to RCE bug in the Windows client of Keybase (CVE-2021-34422, My Blogpost going into more detail)

Future of bug bounty

Can bug bounty hunting be a full-time job?

Many people have proven that it could be a full time job however I think it's a bit risky. But if you are dedicated and persistent enough with enough knowledge you can do it for sure.

What is the role of automation in security testing?

I think automation could be useful on barely tested/new programs but manually going through the app would yield more severe issues even on already tested applications.

What is your impression of HACKRATE?

When I first saw Hackrate I thought it was a little competitor for Hacktify but through the years I really think it grew bigger and better. I really enjoy the limited time programs here which I didn't see anywhere else yet.