Bug Bounty Equals Big Money In 2019
So what the hell is a Bug Bounty? Seriously, unless you have been living under a rock for the last few years, you must surely know all about this new form of making money from finding bugs in the coding on web applications where hackers can make a shit load of money in doing so.
I first learned about this whole Bug Bounty gold rush after reading some articles on the BBC news site which featured some dude from California who makes like 100k every year for just 20 hours hacking every week. Then I got hooked!
The great thing about it all is that ANYONE can do it as you don’t have to be a proficient highly skilled hack guru. Far from it, you just have to learn a few things but I will cover that bit later.
There’s even a great and powerful tool out there that is just making life easier for hackers.
There are even companies out there that help you be a great hacker and show you everything you need in order to find the bugs far better and a lot easier. We will cover that topic in a few moments.
One of my favorite hackers out there right now is Jason Haddix, who created BugCrowd. In the hacking world, he is a legend.
The Best Bug Bounty Programs
By far the best Bug Bounty programs out there that are helping every professional hacker and noob to become skilled enough to be able to take their laptops and turn them into ATMs are HackerOne and Bugcrowd.
Using only minimal hacking skills, a lot of Indians and even the British are flocking in their droves to these American based companies that are helping to line the pockets of the luckiest and hardest working hackers who will get paid very well to do what they love best; hack their faces off. It’s a win-win for everyone right? Nope, not everyone is blessed with the right hacking skill set that will see them join the ranks of all the best hackers.
But in fairness to these Bug Bounty companies, they provide you with all the right books, tools, and guidance to help ANYONE become a shit hot hacker and get paid well for THINKING OUTSIDE THE BOX.
Watch the video above for more info about starting Bug Bounty programs such as Bugcrowd and try to get what you need from the video in order to whet your appetite. Seriously there are script kiddies out there in places as far away as India making thousands for just finding bugs through a number of hacking ways which in my view means that anyone with the right vulnerability scanner can start doing it.
So What Does It Take To Become A Bug Bounty Hunter?
Actually, first off you must love money! Let’s face it, who doesn’t?
Secondly, you must have some basic computer hacking skills and be able to code or have some knowledge of a couple of computer programming languages like Linux, PHP, HTML etc
Then you must go away, learn Linux and get as many Ethical hacking skills behind you and arm yourself with every hackers favorite tool, KALI LINUX. (I will be doing a full review of Kali Linux very soon).
Kali Linux is just a mega hacking tool used by all the best ethical hackers, and penetration testers and it contains hundreds of the best hacking tools all rolled into one. The best two tools on it for finding bugs are
- BurpSuite (Proxy Server/Scanner/Intercepter)
- Metasploit (Network Sniffer/Scanner)
These are the only tools you need to use in order to find your juicy bugs via platforms like HackerOne and Bugcrowd for big companies who will pay you handsomely for securing their network.
And the above tools and more can be found on Kali Linux which is by far the best tool that any hacker can use to find bugs if you use the tools the right way and point them in the right direction. (Legally of course).
So i would say, if you are a beginner, don’t let anyone tell you that you can’t use Kali Linux, as I strongly believe in learning by doing things and if you do get put off by Kali Linux, there is another one out there called Parrot OS which I haven’t used yet but its apparently noob friendly.
So I would say, perfect for beginners but it doesn’t stop you from playing with Kali Linux and getting to know all the commands and do what I did and sign up for all those Bug Bounty Facebook and Telegram groups. I will add a few below.
Then get your ass on Twitter, follow some great hackers such as Jason Haddix and Kevin Mitnick and just go to work.
What Are The Most Common Bugs?
There are lots of them but the 3 most common bugs that I tend to find which can be written off with just a THANK YOU or a small bounty are
- REFLECTIVE XSS (CROSS SITE SCRIPTING)
- XMLRPC.PHP (WORDPRESS) INJECTION/DOS ATTACK/BRUTE FORCE LOGINS
- SQL INJECTION (LOGIN PAGES/DATABASE SERVERS)
Just focus on doing those hack methods and finding the bugs and you will be minted in no time. I know many hackers who have been paid out thousands just for a finding few of these bad boys.
All these methods of hacking and more can be found on Youtube and even the best hacking courses (FREE) can be found on Udemy and Youtube if you look properly for them.
Go to this website SUIP.BIZ and look for the Google scanner, and use it wisely to find you the right hacking courses. You can thank me later.
SIGN UP TO HACKER ONE >>>>>> HERE
SIGN UP TO BUGCROWD >>>>>>> HERE