You need to hear this if you are new/want to start bug hunting

  1. They think bug hunting is easy money
  2. They think Experience / Pro bug hunters have secret methodology
  3. They think completing one paid bug hunting course will make them better hacker
  4. They think one day someone will DM them about their best bug hunting approach and just by learning this they will make money.
  5. They think one day they will become million-dollar hackers without grinding
  1. Bug hunting is not easy money. Programs don’t care how many hours you work until you find the valid bug.
  2. Secret methodology: Don’t ask anyone in the DM/comment box about secret methodology. There is no secret or if there is anything, No one will share with you. Even if someone tells you how they find XYZ bug, You will not be going to find it. Because you don’t have years of experience. Accept it.
  3. First of all, if you pay for bug hunting courses, You will never be going to be a great hacker. I have 100s of examples who pay for courses and still don’t know shit. If you don’t know how to use google you will never be going to be a great hacker. Means never. Everything is free. If you want to pay for the course? Buy Agarri_FR “Burp suite mastery course”. It’s worth it. Most bug hunters <100 Rank on bugcrowd / hackerone completed Agarri_FR course. Pay for pentesterlab Pro. Nothing else. Everything is free.
  4. No one will share anything. Accept it. As soon as possible.
  1. Let's say you want to talk to naffy? (Naffy I am sorry brother). He will not be going to reply to your secret methodology dm right? Pick few programs where he hacks yahoo, PayPal, Google, apple maybe. Try to find Open redirection and DM him.
I saw one of your tweet. You said you need Open redirection on XYZ programs to exploit SSRF. I have one. Would you like to collab?
  1. You will love/hate to do it.
  2. No interaction with humans lol. It's true sometimes you spend days/week exploiting something and at that moment you don’t want anything else.
  3. Frustration, Health issues (If you are not taking care of that), burnout, Procrastination.
  4. No one care how much time you spend until you find the valid bug. Let's say you spend 1 month 10hr/day and you only find 1 P4. They will pay $50–200. They don’t care about your 300 hours of hunting.
  5. Sometimes programs don’t pay for months. Not responsive. I have more than 10 triaged for months no reply yet.
  6. You find it critical and they close their program. Or they pay $250 for P1 because they are out of money. Yes, it happen multiple times.
  7. Don’t do it full time if you don’t have 1–2yrs of money for living.
  1. Health is wealth. Focus on your health first. You can follow Pomodoro technique. 45-minute work 25-minute break (walk). Exercise daily.
  2. Don’t think much about bounty. Think about the process. If you don’t enjoy the process, You will never satisfied with the result (bounty).
  3. If you are new focus more on learning, Making friends.
  4. Don’t think about how much xzy is making. he is making $10k because he needs 10k maybe you only need $500. So don’t think much about it.
  5. Don’t compare yourself with anyone. You are one in 400 trillion.
  6. Reward yourself every day. Set 3 tasks for the day and when you complete them reward yourself with something. Some like to watch a movie, some love to play games, and Do what every you want.




Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

From Dashboard to HUD: How JASK reimagined the security analyst user experience

{UPDATE} Hotlap Heroes Hack Free Resources Generator

ASI Finance AMA Recap Crypto Revolution Telegram group

Why Do I Need AD?


How To Create Account Using Phone Number, Register Phone Number & Request A New Password On…

The Best and Most Admired Crypto Telegram Groups

Augmented Finance Airdrop on Avalanche Has Finished

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Mohsin khan

Mohsin khan

More from Medium

Beginner’s Guide of Bug Bounty By Arth Bajpai

United Nations bug bounty[writeup]

Account Takeover [Using Forgot Password Functionality]

How I got Apple Hall Of Fame !