Bug Bounty Phase 0 - Practice and Research

Before you dive into Bug Bounty hunting or even when you're experienced, you should always practice your skills and keep learning new tools and tricks. If you don't you will get rusty at the types of issue you don't exploit much and so, you may fall into the trap of missing vulnerabilities.

The infosec community has a vast range of resources out there to help you and due to this, it can be very overwhelming to know where to begin. The below details our top tips, practice labs, virtual machines, tools and more to stay up-to-date:

Practice Labs

Labs are a great place to begin learning new skills and retraining old skills. Take a look below at our top resources for practicing in different technical areas:

"Give me six hours to chop down a tree, and I will spend the first four sharpening the axe"

Infrastructure

• Hack The Box

Web Applications

• OWASP Juice Shop
• BWAPP
• Hack The Box
• OverTheWire

APIs

• vAPI
• crAPI

Cloud

• CloudGoat

Blockchain

• Capture The Ether
• Damn Vulnerable DeFi

Mobile (iOS/Android)

• Damn Vulnerable iOS App (DVIA)
• Damn Vulnerable Bank

Bug Reports:

Without a doubt, one of the greatest resources for finding inspiration, staying relevant, up-to-date and learning new exploitation methods is to read bug reports from the various public program disclosures.  

"To know is to be sure and free of doubt. To be sure is to be clear about what you know and don't know. Knowledge, truly is power"

• HackerOne
• BugCrowd

Cyber Security and Bug Bounty Blogs

Similar to bug reports, you may consider keeping an eye on various well established cyber security blogs. Here are some examples:

"Knowledge is power. Sharing knowledge is the key to unlocking that power"

Regularly Updated

• Rekt News
• Youssef Sammouda
• EdOverflow
• Vickie Li
• Rez0

Not-so Regularly Updated

• @OMESPINO
• Arne Swinnen
• Bug Crowd Forum

Reddit is also useful for new information:

• /r/bugbounty
• /r/websecurityresearch
• /r/netsec

Resource Searching

As well as creating your own resources that work for you, it's a great idea to be constantly reviewing community tools, wordlists, google dorks, plugins, extensions and so fourth. If you find something new and think it could work for you, add it into your workflow. This is the best way to keep building a bug bounty pipeline that is successful. Here are some ideas of what to look out for on places like Twitter, GitHub, Reddit, Blogs, YouTube and more:

• New vulnerabilities and exploit code
• New Tools, Scripts and Templates (Nuclei)
• Burp Suite Extensions
• Browser Extensions
• Unique Wordlists
• Google Dorks

Cheat Sheets

Finally, cheat sheets are a good resource for quickly remembering how things work or as a reminder for techniques you may forgotten to try . Here are some examples:

• Awesome Pentest Cheat Sheets
• Bug Bounty Cheat-sheet

See the next part of our Bug Bounty Phase blogs:

Bug Bounty Phase 1 - Platforms

You may wonder where to begin when searching for bug bounty programs. This short blog aims to help you narrow down your search for the best platforms and programs to get you finding those elusive bugs.

GrizzlySec BlogBear