What are they doing right?
Posted in BugBounty Discussion by @bit3c0de




bit3c0de

Researcher

Hello all. I am new to this bug bounty thing. And i have marveled at what i have seen over the past 2 months. I am a pentester at a company in my country. I do it well and discover issues, follow up on them with developers till they have them closed and we finally deploy the applications.

However, i have been having a very huge challenge finding bugs on these bug bounty forums. I see so many people easily bagging over $1000-$10,000 so easily and so oftenly. What are they doing right? Is there like a secret cheatsheet for the leet? How do they get these new companies so fast? Also is there a way to know of new companies that join in fresh into a certain program? Because i feel like the early bird will catch the worm so quickly.

I have twitted the big scorers for mentoring but noone ever responds. I will however not give up on my quest.


Posted on 2018-11-24



plenum

Researcher

Hello, Let me start by simply saying there is no secret, it is simply skill and experience bugbounty field is really competitive you have to continuously learn and grow your skills there are two kind of bug hunters at least from what i have seen:

  1. Bug farmers they would basically report anything from request limiting to missing security headers.
  2. The no jokers : these guys spend alot of time on a specific program and often end up with big payouts and some really cool bugs .

All major platforms have these private programs, and basically the better you are the more invites you get and the more chance you join early ==more chances to find stuff. But it is not a rule you can still find bugs and get paid.

Just keep hunting and keep learning new stuff Regards Plenum


Posted on 2018-11-26 at 10:02:23pm (GMT)