New Video from @NahamSec: Tips for Aspiring Bug Bounty Hunters
This content is an AI-generated summary. If you encounter any misinformation or problematic content, please report it to cyb.hub@proton.me.
In this video, NahamSec, a cybersecurity expert, shares valuable advice for those who want to start bug hunting without necessarily having certifications. He emphasizes that practical skills and experience are far more important than formal certifications. NahamSec himself has discovered vulnerabilities in major companies like Facebook, Amazon, Apple, and TikTok without any certification, proving that curiosity, determination, and constant practice are essential. NahamSec explains that bug hunting, or bug bounty hunting, involves finding security flaws in companies' systems in exchange for financial rewards.
This field is not just about making money; it also allows for the development of practical skills highly sought after by employers. He highlights that experience in bug bounty can make a difference when looking for a job, as it demonstrates the ability to test and succeed on real systems. To get started, NahamSec recommends mastering three essential areas: the basics of Linux, networking fundamentals, and web concepts. For Linux, he advises using Ubuntu and resources like Linuxjourney.com, Bandit from OverTheWire, and the "Linux for Hackers" course by John Hammond.
For networking fundamentals, he suggests understanding IP addresses, DNS, and communication protocols through resources like Practical Networking and Network Chuck on YouTube. Finally, for web concepts, he recommends the FreeCodeCamp course to learn HTML, JavaScript, and how browsers communicate with servers. NahamSec also proposes essential tools for bug hunters, such as proxy tools like Burp Suite and Kaido, browser development tools like Chrome DevTools, and reconnaissance tools like Subfinder and HTTPX.
He emphasizes that it is skills and knowledge that make the hacker, not the tools. For practice, NahamSec recommends platforms like PortSwigger Web Security Academy, Hacking Hub, and Hack The Box. He also encourages reading vulnerability reports on HackerOne and following blogs and YouTube channels of active researchers. He highlights the importance of joining communities, especially via Discord, to exchange and collaborate with other bug hunters. NahamSec advises starting with Vulnerability Disclosure Programs (VDPs) to practice without the competitive pressure of bug bounties.
Once confident, he suggests moving on to bug bounty programs to start earning money. He stresses the importance of continuous practice and deep mastery of one type of vulnerability at a time. In conclusion, NahamSec offers a comprehensive guide to becoming a bug hunter, emphasizing practice, curiosity, and determination. He encourages beginners to start today and share their progress in the comments to get advice and support.