Bug Bounty

UsualSuspect7

Hey Everyone,


I'm interested in learning more, how to make money with bug bounty. I would like to start the pen-testing side to my security career. I'm looking for a good book to get me going. 

tedjames

If you want to get into penetration testing with the goal of becoming a bug bounty hunter (me, too), I recommend taking some online courses. eLearnSecurity has a great Penetration Testing Student course. I learned a lot. I also just finished Zaid Sabih's Website Hacking course on Udemy. I learned a lot more. https://www.udemy.com/user/zaidsabih/  Zaid shows you how to create your own Kali Linux home lab and then shows you various tools and techniques that you can use in the real world. You can't beat the price.

Infosec_Sam

If you do end up taking online courses, I encourage you to check out the pentesting cyber range over on Infosec Skills! We've got several labs that you can work through on real VMs in the cloud (no VM escape attacks please!) that cover a wide array of pentesting concepts. Feel free to give it a spin with our 7-day free trial — you're more than welcome to cancel if you find that it's not really your jam. I've given a couple of the labs a try and I'm really into them!

JDMurray

Have by a look at the information on all the major bug bounty brokerage sites like HackerOne. These sites will determine what organizations you can pentest, what will be pentested, and what and how you will get paid for your vulnerability discoveries.

jmarkg7

HackerOne has a great format for BugBounty. Ive submitted a few and they respond quick with details about your finds.

JDMurray

Here's a maintained listing of Bug Bounty HOW TOs and links to partisipating organizations: https://github.com/djadmin/awesome-bug-bounty