How to start in Bug Bounty Hunting: my personal experience
Hi! I’m Riccardo Malatesta, and in this article I will give you my point of view and show you how to start in Bug Bounty Hunting. [Link to the original article]
I work in offensive security and have been doing bug hunting for more than two years. It’s been a bumpy ride, but I’ve learned alot and achieved some decent results.
Just recently, I shared a couple of payments and when I do, I get some questions about how to get started and advice for beginners.
This really makes me happy, as it validates the work I do even more and gives me the opportunity to help others.
This is why I decided to write this article; a Tweet (or X?) is not enough to express myself at my best.
I’m definitely not the greatest, but, I know what I’m doing, and I’m confident in my abilities. I hope that my experience and my point of view can be useful to you.
So, let’s start! Who am I to speak?
My Background
I’ve always been interested in hacking. Since I was 14, I have viewed hackers with fascination. I thought they were some kind of mythical creatures with great powers.
This is why I chose to study computer science. I’ve learned how to program in different languages and in 2018 I encountered the world of bug bounty hunting.
I had submitted 5 or 6 valid reports on HackerOne, and triple that in N/A, informational and duplicates. Even though it was a failure, it helped me learn many things; how to write a report or even why a vulnerability is worth a payment.
After that, a lot happened. I had some work experience with penetration testing, learned a lot more, met a lot of great people in the industry, and received a lot more bounties.
At my best, I reached position 75 on YesWeHack, one of the best Bug Bounty Hunting platforms in Europe with over 35 thousands hacker.
Now that I’ve hit the brakes to study once again, I’m much further behind in the rankings. But don’t worry, I’ll get back up again.
I also got my OSCP and recently started studying for the CRTP by Altered Security.
This was my journey in a nutshell. Now, what are the steps to take if you’re just starting out in bug bounty hunting?
What can you do?
I made a lot of mistakes at the beginning and wasted a lot of time. If I could go back in time, I would do things differently. I don’t have a time machine, but at least you can learn from my errors.
The first thing I would do is study the most common web vulnerabilities. PortSwigger’s Web Security Academy is definitely the best resource available and it’s free too!
If you can spend some money, you should also check out PentesterLab Pro.
Learn the theory and practice as much as you can with the labs, but don’t get stuck in the learning process. You also need real-life validation (more on that later).
After learning how the most common vulnerabilities work, you should read and study public reports. I suggest you focus on reports that have received a bounty. This will help you get an idea on how to write a good report that gets paid.
Check Hacktivity on HackerOne to find all the bugs disclosed on the platform. Also, check this video by @InsiderPhD:
Don’t underestimate the power of a good report! Not only will it guarantee you a bounty, but sometimes even a bonus.
If you have done things correctly, by now, you should know how to discover a vulnerability and how to write a good report. It’s time to get your hands dirty!
Time to hunt!
Explore Bug Bounty Hunting platforms, find a program worth your time and search for your first vulnerabilities!
My favorite platforms are YesWeHack and Intigriti. HackerOne is the number one out there, so you should definitely spend some time on it.
You can also find many more opportunities here: “Bug Bounty Platforms: Open-Sourced Collection of Bug Bounty Platforms”.
A tip: look for a single vulnerability category at a time. For example, search specifically for XSS, a relatively easy and common vulnerability. This will allow you to be more focused, learn more about it, and increase your chances of success.
Another final extra tip: look for people who are on the same journey as you. You learn very quickly when you study with others, share resources and ask for help when you don’t know where to turn your head. Twitter or X is still a great place for this!
Conclusion
To recap, here are the steps to know how to get started with bug bounty hunting:
- Study the most common vulnerabilities
- Learn how to write a good report that gets paid
- Hunt for your first vulnerability
- Meet and collaborate with other hackers
I want to share with you a video that was very useful for me to get started: by STÖK
I also wanted to give a shout-out to some great hackers: MOPAM, drak3hft7 and Leo Rac. They are incredibly skilled and have helped me a lot on my journey, and still do. Give them a follow!
I hope this article was useful to you. If so, let me know in the comments or let me know what else you’d like me to talk about!
Until next time! 👋
- Riccardo Malatesta