Greetings fellow bounty hunters! If you are looking for tips, tricks, insights, or otherwise helpful information related to the wonderful world of bounty-hunting with Bugcrowd, I am almost, nearly practically certain that you have come to the right place!

My name is “ZwinK”, and I started bounty hunting 6 months ago with Bugcrowd. Hacking only part-time, I’ve made over $100,000 since January, and so can you! Here’s my second tip to help you, fellow hacker, get an idea of how I found success doing this hacking thing.

Tip #2: Complete the Portswigger Web Security Academy and learn the VRT

I know that learning things is hard, but listen, the Portswigger Web Security Academy is the most relevant training I have ever found, seen, audited, or experienced. It’s free and contains interactive labs (which if you can complete the labs without cheating, you will be able to make a fortune bug hunting). You do not need ANY cybersecurity certifications to make money in this field. Understanding attack vectors, root causes for susceptibility, and how to exploit them are what will help you find success. I know too many people with certifications that couldn’t hack into the broad side of a barn – save your money!

It’s also helpful to know what you can get paid for. Read, study, memorize, and gently caress the Bugcrowd VRT (Vulnerability Rating Taxonomy) so you know what you can report and get paid for. If you don’t understand something in this list, refer back to the Portswigger Web Academy training, or, there is always “the Google”.

Do not do what I did and complete only 1/3 of this training before unleashing yourself into the wild. I would have found so many more things if I had completed the entire training initially. Each of these issues pays something via the Bugcrowd VRT, and you need to know how to perform the attacks. The web academy teaches you to think like a hacker, and if you skip sections of it, you are skipping over payouts down the road. Don’t say I didn’t warn you!

Check out my previous blog in this series!


About the Author

I first signed into the Bugcrowd platform in late October 2020 to see what it was all about, and I was pretty sure this was a video game disguised as work. In some ways, I was not all that far off. It’s all a little shocking, really – “What, I can just try to hack… uh… some company for money, and gain rank”? Indeed, this represents a departure from years ago when the only reward hackers may receive was a reduced prison sentence. Wow! How the world is changing!