Currently one of the best* sources of Bug Bounty resources is Twitter. That’s why we’ve started tweeting more tips and techniques to educate our researchers. The thing is, Twitter is 10% laughs, 10% education and 80% cat memez. It’s an incredible social-media platform, easily my favourite, but if you’re there for high quality bug bounty education it requires… resilience. It’s like finding a needle in a haystack, except the haystack is a 10 acre marshland filled with piranhas and you’re blindfolded. And it’s raining.
If you’re not convinced yet, allow me to impress you with a brightly coloured pie graph:
Figure 1a: Yes, that is comic sans.
Another problem with using Twitter as an educational platform is that it is ephemeral by nature. b1g_bra1n_l33t_h4x0r might drop a life-changing bug bounty tip that will buy your next home but if you didn’t log into Twitter that day, you probably won’t ever see it.
Enter Bugcrowd Tip Jar
For this reason we’ve decided to start Bugcrowd Tip jar which is a community-driven, categorized and curated collection of the finest tips, tools and resources for bug bounty hunting and hacking in general. We are hosting it as a Github repository to encourage community contributions.
I’ve started it off by adding some information already, but I really want this to be more of a community thing. If you can think of any truly helpful tips, resources, tools, or anything that has been valuable to you, I’d love to see you post it on socials with the hashtag #bugcrowdtipjar. I’ll monitor the hashtag and add anything that I think is awesome. Alternatively, you can submit a pull request directly to the repo. If you don’t know how to submit a pull request, this is the perfect time to learn! Checkout Codingo’s video about git; specifically the sections about creating a new branch and adding pull requests. We’ll pick some of our favourite contributions and send some of that sweet, sweet Bugcrowd swag.
Here’s what the front page looks like so far:
There’s a heavily curated tools list:
And here’s an example of some of the tips that are currently there:
Head on over to https://github.com/bugcrowd/tipjar to see the rest!