Bounty101

What is Bug Bounty Hunting?

Lately Bug Bounty Hunting has become quite a buzzword. But what exactly is it and how can somebody start?

Bug bounty hunting 101

While bug bounty hunting can be proven highly lucrative, and it certainly has been for some people, there are also different reasons that people choose this professional path. First of all, being the boss of your own self gives you a lot of freedom. You do not have to be hired and your skills are the only thing that matters,so nobody is going to judge you based on your looks, personality etc. There are people that started their cybersecurity journey late and do not have a computer science degree. Working as a freelance bounty hunter allows a massive amount of flexibility for people that can not work on a 9-5. Also, these platforms allow people from less wealthy countries to have much higher earnings in comparison to having a regular job.

Just reading through these bug reports can be a fun learning experience for most hacking enthusiasts. Some of them are really complex and can give you a headache just by reading them but not all of them. In 2016 a researcher disclosed a bug to facebook that could allow him to reset the password and take control of any account. When you would request to change your password, Facebook would send a 6-digit PIN in either your phone or mail that you had to submit. You had a limited number of tries to get this password right before you get locked out. What the researcher found out, was that the lockout mechanism was not implemented on beta.facebook.com and mbasic.beta.facebook.com. This is a very clever hack but it does not sound that complicated, probably a lot of readers could replicate this if this was still applicable. So next time somebody asks you “Can you hack a Facebook account for me?” after learning that you are a hacker, you can reply “If I ever find a way I will probably report it for thousands of dollars, sorry”.

The Bug Hunter’s Methodology (TBHM) on GitHub

You too can become a bug bounty hunter!