Bug Hunting Journey - Day 2

Today I just make an account for find a bug bountry program. I pick one random and testing but I first try I Get IP block from Cloudflare Errors 1006. To Bypass Cloudflare I need to try some method and this artikel help me to look up the map for Bypass Cloudflare.

I have testing 2 program just flasing, using tools and mapping the flow.

When try to install MagicRecon have some problem and it’s will repair soon (first thing to solve). I try using Caido but I dont get that feel. For some instructional I’m taking notes with obsidian and daily to-do move to Cherry.

Today I Learn (TIL) some basic in recon using Dirsearch, MagicRecon, Pagodo, Spiderfoot and try to make my own cheatsheet.

---

✅ TODO List

DONE:

• create account bugcrowd
• choose random program
• install obsidian
• create a diary of problem solving
• move from mousepad to cherry easy to see node
• create Install MagicRecon to one folder Yummy (All Tools)

IN PROGRESS:

FAILED:

• Boookmarking - Register Monzila Pocket but close App

NEXT:

---

🗒️ NOTES :

• Bug Bounty Program List (https://docs.google.com/spreadsheets/d/1_0Zk1wDlOwPx6x2WPGJ6AIfv-7j5GJj0DpHw9OJTXKQ/edit?pli=1&gid=1897879029#gid=1897879029)

READING & WATCHING :

• Becoming a Researcher (https://docs.bugcrowd.com/researchers/onboarding/becoming-a-researcher/)

• HaxShadow > 2 Critical Bugs Found!

  Live Bug Bounty Hunting on Bugcrowd

  Live Recon (https://www.youtube.com/watch?v=qR0ez9xZr_8) > Analyst what tools he use and how the flow

QUESTIONING :

• What is valid vulnerability? P1-P5? which focus for new -> Think about Money, Time & Effort to that. You can spant 1 year but just get $100 it’s so sick.
• How to convert program to hunting document automation?
• What is best practice to select program bug bounty? -> https://www.youtube.com/watch?v=vbXpRHcKIr0
• Which good platform? for me? bugcrowd or hackerone? or other? -> i’m trigger by someone success get $3000 in bugcrowd just 4 hours, I’m the next one? how?.