As promised, we invite resourceful experts in the Cybersecurity domain to share knowledge and practical experiences with the community.
@zealsham, a bug bounty hunter with Hackerone shares his experience on how he got started in Bug Hunting as a medical lab scientist.

Also, he took us through a practical session where we performed Reconnaissance, google dorking, sub domain discovery, github dorking and shared some secrets on how to hack ethically and get paid for it.

Key Takeaways:
- You need recon to get prior information on what you can work with
- When performing reconnaissance, what you're looking for could be assets, contents and behaviours
- Subdomain are less secure than the main domain. Get the least point of entry
- You need to google for things you don't know and things you want to be sure you know
- You have to think smart and like a developer to be successful in bug hunting

свернуть