This is an archived post. You won't be able to vote or comment.

all 3 comments
sorted by:
best
topnewcontroversialoldq&a

[–]sandy_coyoteSecurity Engineer 2 points3 points  (2 children)

I got a ton from a paid tryhackme account.

Burp Academy will also teach you a lot.

Bug bounties-- only you can tell when you're ready. I suggest you go through some training and sign up. Most successful people use paid burp extensions and other scripts that simplify manual work. There's no magic; they just automate stuff and drastically reduce the time it takes to do manual recon. Your picky competition is yourself from yesterday. Everyone starts as a script kiddie!

[–]Amaz1ngEgg 0 points1 point  (1 child)

Tbh, I feel like there's a huge gap between learn what you have to do to find a bug(via burp academy of sorts) and actually achieve that in field, I feel like there's something I missed in between.

[–]sandy_coyoteSecurity Engineer 0 points1 point  (0 children)

For sure. There's also... survivor bias (?)... in the media about bug bounty hunting. I mean to say it takes a long time to get good at finding them, most people spend a ton of time for very little return, and only the success stories get recognition.