Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

Only a single person gets paid for a vulnerability when found. These duplicates kill the ego and drain the mind. This article is about overcoming the duplicate vulnerability issues.

If you use the same methodology as everyone else, you'll find the same bugs—IDORs, business logic flaws, etc. The author compares bug hunting to a treasure map where all of the obvious spots have already been picked clean. What's the solution? Become a vulnerability expert. Become the best at XSS, IDORs, etc. This isn't about quick wins; it's about building up the necessary skills.

The next issue surrounds program selection. Most people don't have a rhyme or reason for picking a program. Understand the program/product working inside and out; a good way is to be a power user on the platform.

Choose programs that are likely to have issues with the expertise learned. It may be close to finding the right program. But it will be more fruitful in the end. Success in bounty hunting is about being different.