Table of contents
Turned the bullet points into an actual article on 01/04/2021
33 years old Masonhck357 has only been hacking for 1 year, but has made great strides. At the 6 month mark he decided to go full-time.
He hit rock bottom when his job was made redundant. This turned out to be a blessing in disguise. He began his IT journey, which started in the helpdesk.
During that time he got his comptia and network+ certs. This is when he saw STOK’s video, which immediately got him interested in bug bounty. He went to DEFCON.
His favorite hobby is going to the beach.
He hasn’t collaborated a lot, but is open to it. He would collaborate with anyone, but looks forward to doing so with Nahamsec and Specters.
When he started his bug bounty journey he didn’t know anything. He had no idea what the difference between a GET and a POST request was. Or how IPv4 or IPv6 work.
He started off on the wrong foot. He jumped into using tools without a solid foundation.
Realizing his mistakes he quickly recovered. He went deep. He started reading the RFC to get a solid foundation of HTTP works. He began asking the right questions. How do headers work? What do these cookies mean? And he turned to Google for the answers.
He picked up Bash, which allowed him to build one-liners for himself. Become familiar with the CLI. Watch others, and copy what they do, and then make it your own. Get familiar with the OWASP top 10 and focus on web security training.
- As a beginner, pick one vulnerability type. Then pull up every single resource that you can find and go through them. While you’re doing this ask yourself questions. What was the authors mindset? What was their approach? Once you become familiar with said vulnerability, start looking at the DoD program, and grind for 8-9 hours.
- When picking a program look at the bounty tables. They have to be financially positives. After that he looks at the scope and the amount of features the app has.
- When feeling burned out he goes into learning mode. He also tries to understand why it’s happening. Always make sure to take long breaks. It’s good to push yourself but don’t overdo it.
- Everyone deals with impostor syndrome. It’s okay to acknowledge that he’s a beginner.
- Certifications aren’t a requirements for bug bounty. That being said the OSCP can be valuable when you’re searching for a job, as it can get you past HR.
Recon means to gather intelligence, it’s helpful when chaining vulnerabilities.
When approaching a single web app he performs the following steps:
- Use it as a user
- Go through sign up process and analyze requests
- Take notes of interesting behavior/findings while analyzing (turns into checklist)
- Go through same process the next day while leveraging known data
- Burp Pro
- Replacing auth tokens
- Changing GET to POST
- Change content type to XML
- Look for error
- Upload scanner
- Burp history
- Compare sessions
He hacks for 8-12 hours a day. His routine consists of:
- Get up 5:00-5:30AM
- cognitive benefits
- Listen to hacking related stuff
- Green juice
- Start hacking
- Game / relax
- Hack some more (4 hours)
- While in game queue go through Burp requests
- Read write-ups
- Perform light fuzzing
- Go to bed at 10:00PM
Feel free to share this post with your friends if it was helpful to you. Thank you for stopping by, I appreciate you.
A weekly newsletter where I share my 5 most interesting findings.
Subscribers receive 78 information security news resources in a helpful OPML file, ready for import.
No spam. Just pure, 100% raw, unfiltered honey.