Stuff from a Beginner Couple of Months

I am a retired software and hardware engineer and hacking was something i always wanted to try and i finally got the time. I am currently deep into the learning stage so i thought i would pass on a few things before i forget…old age does that to you!

First, stay away from programs that dont offer a bounty…if a company isnt willing to pay you for results than they are probably looking for free pentests or worse, just a checkbox on a company report. I had one bad experience on another site which was enough for me to leave and give bugcrowd a try.

Search engines are your best friend. It is amazing what is available on the internet. Basic search skills will reduce your overhead in many ways. Everything is on the internet…you just have to find it.

Dont be impatient. Portswigger has a great tutorials and labs. I have gone through about half of their labs so far. I dont spend a lot of time agonizing over a lab…if i cant get it in about an hour i hit the solutions and follow the steps. I want to see things not beat my head against the wall. If you arent a student find a relative or friend with a student id who will sign up on some of the paid educational sites for you…You can get on good ones for about eight dollars a month with a student discount.

For tools i have learned to use burp suite, metasploit, subbrute, a couple of vulnerability scanners, sqlmap and most important google dorks. The search engines will block you but if you try longer time delays and different ips you can usually get through their checks.

I try to stay hidden. I use nordvpn simply because a vpn hides everything i do from my isp and nord has some interesting tools which i found useful for bypassing the search engine checks and other neat things like coupling to the tor infrastructure.

I spend very little on computer power. Old hp elite 8300’s in the small or ultra small form factor can be purchased for less than a hundred dollars. Bring them up to 16 gb of ram for about thirty dollars, add a 500 gb sdd for another thirty, 10 for a bluethooth and wireless usb and a wireless keyboard and mouse and for less than 200 you have a 3 gig+ quad core machine that will easily handle virtual box with kali and windows capability. This adds another level of hiding cause it gives you a fresh browser. A cheap 1900 x 1024 monitor is another hundred if you dont have one laying around. For the price these are screaming machines. And the ultrasmall form factor is about 11 inches square and about three inches deep so it doesnt take up a lotta space. They come with about 10 usb ports. Learning to modify one is a great education in itself.

Dont be in a rush. I am seventy two and am in no hurry. There are so many unfound bugs out there. Be patient and get paid for your results. If you dont, like they say, vote with your feet and find another program.

And lastly follow your instincts…if something feels wrong when doing recon, something probably is wrong and a good place to start hunting…and learning.
hope this helps sombody,


Thank you very much for this. I have just started learning too and I’m in my twenties. Your advice and attitude is so encouraging, and it made me want to keep on practicing.

I read your post, and like the first commenter, I too am in my twenties. I struggle a lot whenever I am learning something new. But your post definitely helped dissolve the butterflies that were in my stomach. I have given up on bug bounties in the past, but now that I am older I am taking things more seriously. I am reading a couple of books published by No Starch Press that are about bug bounty hunting and they help too. Thanks for the post.

Thank you for sharing your valuable insights and advice, George! It’s great to see someone who has retired and still has the drive to learn and explore new things. Your tips on searching for bug bounty programs with bounties, using search engines effectively, being patient, using appropriate tools like VPNs, and building a cost-effective hacking machine are very helpful for beginners.

We are in the same boat. I was and Ele. engineer for 50 years. I received my
EE in 1968. I minor in computer science, when the computer I used (IBM 1640) took up the basement of the science and technology building. here I am at 80 learning a new stuff. I use a stick with kali on it, that way i can go from laptop to desktop. I find it works good. if you want to work together on some projects I would be happy too. Enjoy yourself I am.