2. WHO AM I
CSE STUDENT
S.K Borhanuddin Post Graduate College
BUG BOUNTY HUNTER
@remonsec
21 YEARS OLD
Dhaka, Jatrabari
MEHEDI HASAN REMON
Not Good With Computers
3. FLAGHUNT2020
CTF COMMUNITY OF BANGLADESH
WHAT IS BUG BOUNTY
Identification and reporting of bugs and
vulns in a responsible way
//1337
ALL DEPENDS ON INTEREST AND HARDWORK
NOT ON DEGREE AGE BRANCH COLLEGE
4. 1337
FLAGHUNT2020
WHAT TO STUDY
Study Smart Work Hard
1. Internet, HTTP, TCP/IP
2. Networking
3. Command line
4. Linux
5. Web Technologies
6. Atleast 1 prog language (Python/GoLang/etc..)
6. 1337
FLAGHUNT2020
RESOURCES
Dont relay on them
1. Web Hacking 101
2. Web Application Hacker Handbook 2
3. OWASP Testing Guide
4. Mobile Application Hacker Handbook
BOOKS
Use them as reference
7. 1337
FLAGHUNT2020
RESOURCES
Dont relay on them
1. STOK
2. NahamSec
3. Insider PHD
4. Hakluke
5. Codingo
6. TheHackerish
7. Bug Bounty Reports Explained
YOUTUBE CHANNELS
Dont just watch also try
8. 1337
FLAGHUNT2020
RESOURCES
Dont relay on them
1. Medium Infosec Writeups
2. HackerOne public report
3. PentesterLand
4. 0xPatrik
5. Intigriti Bug Byte
6. GitHub Bug Bounty Repo
WRITEUPS, ARTICLES, BLOGS
Turn reading into your daily habit
9. 1337
FLAGHUNT2020
RESOURCES
Dont relay on them
1. TryHackMe
2. PentesterLab
3. WebSecAcademy
PRACTICE
Just learn how it works from LAB then make hands dirty with your Target
11. 1337
FLAGHUNT2020
START!
Enough practice now shoot with real gun
1. Choose wisely (first not for bounty)
2. Select a bug for hunt
3. Deep Research
4. Not straightforward always
TIPS FOR SELECT PROGRAM
Keep on trying
13. 1337
FLAGHUNT2020
WORDS OF WISDOM
Words are more powerful then bullet
PATIENCE IS THE KEY, takes years to master, don't fall for overnight success
Do not expect someone will spoon feed you everything.
Confidence
Not always for bounty
Learn a Lot
Won't find at the beginning, don't lose hope
Stay focused
Depend on yourself
Stay updated with infosec world