skip to Main Content
This website use cookies which are necessary to its functioning and required to achieve the purposes illustrated in the privacy policy. To learn more or withdraw consent please click on Learn More. By continued use of this website you are consenting to our use of cookies.

ZwinK’s Tips and Tricks to Crush Bug Bounty #9 & #10

ZwinK’s Tips And Tricks To Crush Bug Bounty #9 & #10

Greetings fellow bounty hunters! If you are looking for tips, tricks, insights, or otherwise helpful information related to the wonderful world of bounty-hunting with Bugcrowd, I am almost, nearly practically certain that you have come to the right place!

My name is “ZwinK”, and I started bounty hunting 6 months ago with Bugcrowd. Hacking only part-time, I’ve made over $100,000 since January, and so can you! Here are my final tips, numbers 9 and 10, to help you, fellow hacker, get an idea of how I found success doing this hacking thing.

Tip #9:  Toss a Coin to Your Witcher

Remember that the aliases on the other end of the pipe are people too. You work with people from other companies and with the Bugcrowd staff on the regular. Be courteous, polite, understanding, and helpful whenever you can and it will come back your way. We are all humans and we all make mistakes, so harness your inner-most nice person and put that person to work. Your reputation appears to circulate through programs and inside Bugcrowd, so you want that to be a positive reputation! The staff is not made up of 1000 different people, so if you act poorly people will know.

Tip #10:  Know when to Quit

I don’t mean to quit permanently of course, but know when to quit a specific program. When you have exhausted just about every attack vector and idea you can think of, and you aren’t finding anything new for several sessions, it may be time to move on. But let’s talk at a little higher level…

For most of us, this is a part-time game. We have to set goals for ourselves, and then decide what to do if those goals are, or are not, met. I started with a $100/mo goal, then a $500/mo goal, then a $1000/mo goal. Now, I’m at a $10,000/mo goal – which I exceeded on day one of April. But did I raise the goal? No. Why? Because having an achievable, realistic, and noteworthy goal that can be achieved keeps me relaxed and gaming. $120,000/yr hacking part-time is plenty. I can hunt some more this month, or I can take 29 days off and start again next month. In fact, I did not log a single bug the rest of April and most of May. If I were to set a $100,000/mo goal, I would be stressed out of my mind trying to reach it. This would likely result in less payout, and make this feel like work. My eyes would twitch, my hair would fall out, I wouldn’t sleep – the horror! Remember, this is playtime.

Conclusion

I firmly believe anyone who has an interest in computers, the web, and hacking can get into and be successful in this field. The internet is growing, and so is the concept of crowd-sourced security. The opportunity exists for individuals that can budget well to only work a small percentage of the year, and relax the rest of it. Bugcrowd makes this readily achievable.

If you want to get started in this bounty hunting game, get Firefox, get Burpsuite, go to the Portswigger Web Academy, and sign up on Bugcrowd to begin your adventure. See you out there!

Check out my other blogs in this series!

Tip #1: Bugcrowd as an MMORPG (Real-Life Video Game)

Tip #2: Complete the Portswigger Web Security Academy and learn the VRT

Tip #3:  Get ONE valid submission

Tip #4 & #5:  Test manually, avoid duplicateville & VPN Service

Tip #6:  Deep Dive over High Volume

Tip #7: Program selection

Tip #8: A P4 a Day… 

About the Author

I first signed into the Bugcrowd platform in late October 2020 to see what it was all about. I was a fresh, 0-points, 188,000 ranked, super-n00b with absolutely no idea what I was doing. I saw brightly colored buttons, criticality ratings, company logos, dollar signs, and leaderboards… it was a whole new world. In fact, I was pretty sure this was actually a video game disguised as work. A game where you make money hacking instead of slaying raid bosses to roll for gear drops. In some ways, I was not all that far off. I mean, it’s all a little shocking really – “What, I can just try to hack… uh… some company for money, and gain rank”? Indeed, this represents a departure from years ago when the only reward hackers may receive was a reduced prison sentence. Wow! How the world is changing!

Tags:
Topics:
Back To Top