Community Manager at Infosec!
Who we are | What we do
Bug Bounty

Hey Everyone,
I'm interested in learning more, how to make money with bug bounty. I would like to start the pen-testing side to my security career. I'm looking for a good book to get me going.
I'm interested in learning more, how to make money with bug bounty. I would like to start the pen-testing side to my security career. I'm looking for a good book to get me going.
CISSP, CCENT, CCNA R/S, CCNA Cyber OPs, Security+, CySA+, CSAP+
Comments
-
tedjames Scruffy-looking nerfherdr Member Posts: 1,179 ■■■■■■■■□□
If you want to get into penetration testing with the goal of becoming a bug bounty hunter (me, too), I recommend taking some online courses. eLearnSecurity has a great Penetration Testing Student course. I learned a lot. I also just finished Zaid Sabih's Website Hacking course on Udemy. I learned a lot more. https://www.udemy.com/user/zaidsabih/ Zaid shows you how to create your own Kali Linux home lab and then shows you various tools and techniques that you can use in the real world. You can't beat the price. -
Infosec_Sam Security+, CCENT, ITIL Foundation, A+ Madison, WIAdmin Posts: 521 Admin
If you do end up taking online courses, I encourage you to check out the pentesting cyber range over on Infosec Skills! We've got several labs that you can work through on real VMs in the cloud (no VM escape attacks please!) that cover a wide array of pentesting concepts. Feel free to give it a spin with our 7-day free trial — you're more than welcome to cancel if you find that it's not really your jam. I've given a couple of the labs a try and I'm really into them!
-
JDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 12,084 Admin
Have by a look at the information on all the major bug bounty brokerage sites like HackerOne. These sites will determine what organizations you can pentest, what will be pentested, and what and how you will get paid for your vulnerability discoveries.
Forum Admin at www.techexams.net
--
LinkedIn: www.linkedin.com/in/jamesdmurray
Twitter: www.twitter.com/jdmurray -
jmarkg7 CASP+, CySA+, Sec+ Registered Users Posts: 20 ■■■□□□□□□□
HackerOne has a great format for BugBounty. Ive submitted a few and they respond quick with details about your finds. -
JDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 12,084 Admin
Here's a maintained listing of Bug Bounty HOW TOs and links to partisipating organizations: https://github.com/djadmin/awesome-bug-bounty
Forum Admin at www.techexams.net
--
LinkedIn: www.linkedin.com/in/jamesdmurray
Twitter: www.twitter.com/jdmurray