New Bug Hunter, looking to get started


#1

Hello everyone, i am very excited to start my bug crowd journey and hope to engage with many of you and learn form the talent that is here as well as help in any way I can from my own experience. I have spent the last two days reading the recommended reading on bug crowds forum sites and almost feel ready to start looking at some programs.

I would be very grateful for any advice for a newbie bug hunter. Just a bit about me, i am Director of information Security for a mid-size company and do everything from NIST compliance to some in house pen testing (nothing to hardcore). Hang out in the Kali distro mainly as that is where I am most comfortable, but may add Zap to the bag.

One question i had was; can you private message or chat with other researchers? Again thanks so much for the advice and taking the time to read this, cheers!


#2

Hi @WhiteHatter28,

if you are “Director of information Security for a mid-size company” I think you are more than ready to find bugs. I’m not even a security researcher but I usually find bugs anyway (it’s my main income).
I hope someone else with a better CV is willing to answer your question and guide you.

About your last question: yes, usually you can reach them via Twitter (very useful for following other bug bounty participants too) or some Slack channel like https://bugbountyforum.com. However, I can’t guarantee that everyone is going to write back.

Cheers!


#3

Hello bro plz refer me to BBF


#4

@stefanofinding thank you so much for your answer it is much appreciated and gives me some confidence that this is not over my head. I will admit in my role I do not get to do a much red team testing as I would like, but I am hoping to change that and learn from the talent on Bug Crowd and the programs here to improve myself as a threat hunter.

Thanks for the info on Slack i use it often, but I am not on Twitter so i will have to rely on the forum and Slack. I am glad to have made your digital acquaintance, i see you are very active and helpful on the forum. Look to speaking more in the future.

Cheers!


#5

@Sajid_Ali, not sure what you’re asking here? Cheers!


#6

Hi @Sajid_Ali, I don’t have such power.
From what I understand they take their time to accept new requests of invitations, so be patient. However, in my opinion, being there is not going to change how good you are finding vulnerabilities. So, not hurry to being invited. :+1:
Best.


#7

I think Sajid is talking about Bug Bounty Forum.


#8

You are very welcome. I’m glad you got confidence, which is going to be useful to not give up when you are not finding any vulnerability for days or weeks.
I understand that maybe your role may not be hands on all the time, but it’s just a matter of spending more time as you mentioned.

The good thing about Twitter is that many bug hunters are there and usually their tweets are related to what they find and things like that. However, it may take you time to find the “gems” :smile:.
The bug bounty forum is good too, because the members are active. And it’s 99% talking about bug hunting and related stuff.
Sure! I’m glad to help whenever I can. Sometimes I take longer to reply but I always do it.

Cheers!


#9

Thanks so much @stefanofinding, I am actually starting a Twitter just so I can communicate with all the other researchers. Thanks again for the words of encouragement and advice! Cheers.

p.s. sorry for the delay in response


#10

I’m glad to know that, I hope you find it useful.
You’re welcome!
Cheers.