How to succeed in bug bounty as a non-talented bug hunter

By
When I started bug bounty hunting about 4 years ago. I looked up information about top bug bounty hunter and wondered how are they hunting bugs and grow their H1 reputation so fast. 1 year later, when I found my 1st, 10th, 20th bugs. I still had this question. Because although I had found some bugs, it took me a few days to find one.

Recently, as I get more mature in bug bounty. I start to develop a deep understanding for a program. I see many attack surfaces that other people don't realize. When this program releases a new feature, I check if this feature can be abused to attack the attack surfaces A, B, C or D. Oftentimes, at least 1+ bugs are found.

When I keep hunting on this program and discover a new attack surface, I check if any existing features can be abused to attack this attack surface. Oftentimes, at least 1+ bugs are found.

When there is no new released feature and attack surfaces. I sometimes  wander the program, looking at already tested features and to my surprise. There is a function that I have not tested yet. When I try to abuse this function to attack my known attack surfaces, the chance to find bug is high.

My point is, when we invest enough time and attention in a program. We understand it deeply and know many attack surfaces that other don't. Then we can find many bugs and they usually take much less effort than other shallow-programs.


Currently, I have one program like this


Back to the question of how top hunters hunt so fast. It is possible if they have not one, but multiple programs that they understand deeply.

This is a relief, because at the beginning, I thought top hackers have crazy technical skills, 10 times better than me. It seems overwhelm and I felt like it is impossible reach their level, when looking at how much bugs they have found. I feel some imposter syndrome too.

Nevertheless, top hackers are still very impressive. They have great technical skills, still better than me. But they seem to have a good work ethic. It is very time consuming to convert a new program into a deeply-understood programs. And not any program can be converted to a deeply-understood programs (small scope, unreliable program team, etc). So it takes effort, time and patience to find one such program.

You may say it takes luck too. But to me, luck is just a side-effect of working consistently.

Anyway, that's one way for a non-talented bug hunter can become a top bug hunter.

Comments

  1. Jean BolĂ­varMarch 7, 2024 at 8:24 AM

    I had forgotten to check your blog for a while. Thanks you for this post, insightful as always.

    ReplyDelete
  2. EApril 21, 2024 at 5:35 PM

    Thanks for the post, but I think technical skill is a huge gap between the newbie and the top.
    Technical skill requires a lot of time and effort to practice and accumulate experience which beginners lack and need to work hard on.
    Usually, it's precisely due to differences in technological understanding that vulnerabilities arise, whether the differences of developer and the bug hunter or the newbie and the top.

    ReplyDelete
    Replies
    1. trieulieuf9August 30, 2024 at 11:12 PM

      Technical skill is always good to have. But there are many factors that help in how much success a bug hunter have. A bug hunter who earns $1,000,000 in bounty surely doesn't have 10x technical skill more than a bug hunter who earns $100,000, he may choose better programs, aims for specific bug types, socialize and collab more, automate his work, work more hours, etc.

      Delete

Post a Comment

Comments are very welcome. I read all comments!

Popular posts from this blog

Beginner Tutorial - How to learn the Technical Skill and Hacker Mindset That Are Required to Find Your First Bug Bounty.

By
In 2023, there are so many bug bounty resources for beginners, much more than before. I believe this is a bad thing for beginners, because now, they have to deal with so much unnecessary distractions just from choosing and sticking to a learning path alone. The over-abundance of free resources also fuels procrastination, we usually see people jumping from one learning path to another, without actually touch a real target. In this article, I will show you how much learning is enough. So you can get out of your learning rabbit holes and start hunting on a real target. By the way, this article aims to help you find bugs in IDOR, Information Disclosure, Business Logics, Broken Access Control. It may not help you to find injections bugs or misconfiguration bugs. Because I don't know how hunt them myself. # Technical Skill If you can solve Practitioner labs in PortSwigger with relatively ease, you have enough technical skill to hunt bugs: - https://portswigger.net/web-security/logic-flaw
Read more

The power of focus

By
A quote in the movie John Wick 1: John Wick is the main of focus, commitment and sheer will Out of all the good traits, the movie writer chooses only 3 traits to describe how bad ass John Wick is. That shows how powerful focus is. I believe he also gets his excellence skills thank to these 3 traits. Focus, commitment and sheer will are pretty similar to each others, they show that the man can stick to something for a long period of time, without switching goal, despite inconvenient challenges. If we apply this to bug bounty, it means, we make a goal, and stick to it, despite all self-doubts. For example, Losef is a beginner, who tries to find his first bug, he sets a goal to hunt on a program for 7 days. In day 1, he feels overwhelmed by how much details his target has. In day 2, he tests features one by one, but finds nothing, he feels down. In day 3, he feels that you have hit a steel wall, which he cannot even imagine how to get pass it. In day 4, he notices the program stats, which
Read more