SO.YOU WANT TO GET STARTED WITH BUG BOUNTY?
Want to learn Ethical hacking? And get a possibility to earn some extra cash while keeping the internet safe?
Well here are 5 free trainings to get you from zero to hero in no time!
When I first got into bounties, all I did was to listen to the videos over at hacker101.com. I figured that if someone would know what would be required for me to become a bug hunter it would be a bug bounty platform.
And now they even got the ctf.hacker101.com training, where you can "hunt" on vulnerable real-world scenarios then, find flags and earn private invites to private programs along the way! And as a collaborative extra bonus, you can create a group and hack along with friends!
With over 380 free labs for you to practice on. Portswiggers web security academy is no joke. You will learn everything from SQL injections, XSS, XXE's, to information disclosure and business logic bugs. It's absolutely one of the most complete and free training out there. I bet, if you complete all the labs without using any of the hints, there is no chance you won't find any bugs on real targets.
The goal of try hack me's web fundamentals training, is simply to teach you how to attack web applications. Since you kinda need to understand how web applications work before you can go deep, and find those really nice creative bugs.
To get the most value out of try hack me I personally would recommend you to get a subscription, its definitely affordable at $10 a month. But there are still loads of things to learn for free. So when you're done with the fundamentals. Move on to some recon, portscanning, and content discovery training. Then top things off with their OWASP TOP 10 room for a full walkthrough of the top 10 most common vulnerabilities that out there today.
Pentesterlab is actually a paid service if you want the complete training package with real-world scenarios, and at $19.99 / month it's well worth the money. To help you decide if it's something for you I have created a video on WHY you should get yourself a pro subscription (you can check that one out below.) But if you are on a budget they do have over 20 free labs and courses for you to play around with. A good starting point would be their Web for pentester I and II course.
With over 35 free, storyline driven and easy-to-follow along, step-by-step trainings. Kontra's really adding some fresh fun into the learning space. With their graphics and intuitive training. You won't need anything more than a browser and you can easily just go through the training in your own pace in a next/next kinda scenario, learning as you go. They currently offer both OWASP TOP 10 and OWASP TOP 10 API courses. Nice!
ok, So you now completed over 500 LABS of free training. But still don't feel fully confident enough to take on real live hardened targets. Well, the gang over at CTF Challange has got you covered. With a collection of 12 vulnerable web applications., each with its own realistic infrastructure and multiple subdomains and with almost 80 flags to collect. This website will absolutely put your skills to the test.
If you have complete all those labs without any problems, You are definitely more than ready to get out there and find some world real bugs. To be honest, you should probably get started now, even before you have completed your training, and hunt along as you learn. One bug class at a time!
So what are you waiting for! head over to go.intigriti.com/stok and sign up to become a member of Europes biggest community of security researchers. And guess what, if you find bugs you will get paid in euros! So get starting hacking on high-paying programs like Delen private bank, Showpad, Brussel airline bookings, visma, and many many more! Today!
But do remember. Stay inside the scope, check the rules of engagement, and always, and i mean always.. go for impact!
Util next time..
Oh, and i did record a video of this blogpost! Do check that out!