NahamSec (Ben), a full-time bug bounty hunter, walks through the fundamentals of getting started in bug bounty hunting. He covers the mindset needed (curiosity and passion), the four major bug bounty platforms (HackerOne, Bugcrowd, Intigriti, YesWeHack), how to evaluate and select programs based on bounty ranges, scope, and company activity, and recon strategies including reverse WHOIS lookups, subdomain enumeration with tools like Subfinder and httpx. He also demonstrates a real Red Bull RCE bug chain involving reverse proxy path traversal, an exposed Jolokia instance, and Tomcat credential brute-forcing. Additional topics include blind XSS, IDOR variants, threat modeling per company, and non-cash bounty programs like United Airlines miles.
Sort: