A blog about how I found my first blog and Some learning about bug bounty, which is very important for every bug bounty hunter.

Introduction —

My name is Surendra Pander. A Security Researcher, ethical Hacker, Bug bounty hunter & Online cybersecurity educator From India. If you want personal training from me, you can message me on Instagram or Twitter; Links are given below.

Starting —

My bug bounty journey started in November 2021; I started because many people asked me on my YouTube channel about bug bounty. So, I think first let's experience it, then advise others.

In November and December, I learned about recon, bug bounty tools, report writing, and many more essential things to enter bug bounty. My college also started in September 2021, so I don't give too much to bug bounty, but I try to give time as much as possible.

In January 2022, I started a bug on McDonald's and found a successful bug on 14 January, "Sensitive data leak." And on 1 March McDonald's gives a reward. The reward is not big, but the first bounty is like dreams come true.

What is bug {Technical details}-

When I am doing recon on target, I find some js files containing some URLs that are taking my attention. I open all URLs one by one. Some of them are working, and some are not working. I find 2 URLs very interesting and do Fuzzing on them and do GitHub, crt.sh recon on these URLs or domains. Which leads to internal data leaks such as employ IDs, internal directories, and many other sensitive data.

I don't expose URL and internal data due to privacy policy, but I think it's sufficient to understand bugs.

Mainly Tool I use for Bug bounty —

1. Burp Suite
2. waybackurls (https://github.com/tomnomnom/waybackurls)
3. https://dorks.faisalahmed.me/ (For google Dorking)
4. https://obheda12.medium.com/gitdorker-a-new-tool-for-manual-github-dorking-and-easy-bug-bounty-wins-92a0a0a6b8d5 (Gitdorker for GitHub recon)
5. FFuF
6. Nmap
7. httprobe
8. Sublist3r
9. Many more………..

Challenge -

I faced many challenges before getting my first bounty. I tell you about that because it's important to know that no one comes here without struggle.

Issues I face -

1. Time management Between, {College + Content Creation + Bug bounty + Learn something new in cybersecurity}
2. I was jumping from one bug bounty program to another, wasting a lot of my time.

Advice — Take time to select a target but don't jump from one to another. It wastes your time.

3. patience — I do not think I get a lot of money the first time, but when I don't find a bug after spending a lot of time, I think it's a waste of time, and I can learn something new in this time. But I was wrong, and every failure taught me so much!

Last word -

A bug bounty is not easy money, you need to try, and I promise your step will provide you with a higher return.

For business query — [email protected]

If you want to support my effort, you can buy a coffee for me -

https://www.buymeacoffee.com/surendrapander

You can subscribe to my YouTube channel for future hacking-related videos and updates !!
Channel link — https://www.youtube.com/c/TechnicalSurendrachannel

Thanks for reading this blog, If you find it valuable, then give an applaud 👏👏,
Follow me & share this blog with your friends and other community. I will see you in the next blog. Till then, keep learning, keep exploring!

Peace ✌!

My social medial accounts -
Tweeter — https://twitter.com/technicalSure
YouTube — https://www.youtube.com/channel/UCZq87M0I0-zEfLuyyfEeE6Q
Instagram — https://www.instagram.com/surendra_choudhary1241/
Linkedin — https://www.linkedin.com/in/surendra-pander-4066761b7/