Bug Bounty / Cybersecurity Resource Management Guide

Nithin R
5 min readNov 2, 2022

--

whoami

Hello, this is Nithin here. I’m a security researcher / enthusiast and I go by the handle @thebinarybot at most of the places online.

cat whatsthisarticleabout.txt

One of the most underrated and often ignored skill in bug bounty is to manage all your resources. This includes everything from having a close eye on your target, taking notes and keeping yourself up-to date with whatever is happening in the community. In this article, I aspire to share with you the common tools and strategies I use to manage my resources when it comes to bug bounties.

1. Community

Twitter is a gamechanger and TweetDeck is Twitter on steroids.

Back when I started in bug bounties I didn’t know and understand the importance of community. I never used to ask for help. Maybe one of the reasons for that was because I was shy of what others would think of me. But since joining Twitter, my idea on how it all works has changed. I received input from strangers, exchanged ideas and also found new friends.

If not for these, Twitter is also the best place to keep an eye on the target you’re testing. Given that almost every organization has a Twitter account and tweet their updates and newly released features, you should consider following your target organization and lookout for freshly populated areas to attack.

Coming to TweetDeck, I wasn’t lying when I said TweetDeck is Twitter on steroids. It quite feels that way because TweetDeck lets you monitor multiple tags, users, organizations etc. in one single page.

I personally like to keep an eye on my target, newly released cves and a couple of popular bug bounty tags such as #bugbounty & #bugbountytips all in one page using TweetDeck.

I would also strongly suggest you to use Discord and be a part of major discord servers such as NahamSec’s server, HackerOne, BugCrowd, TryHackMe and HackTheBox. Be a part of whatever interests you.

2. Note Taking

I have stressed the importance of note taking a lot of times and I do so once again here.

Note taking is painful but extremely important. I’ve always found it hard to start but once I start everything just falls along. So the obvious question is what note taking application do I use?

To me, it’s a mixture of tools for different purposes once again. I do not have one all purpose tool and don’t think I ever will. So, here’s a list of tools I use and how I use them.

  • Notion: I primarily use Notion as my knowledge bank. Any time I learn something new, I like to take notes and keep it updated in Notion. This includes conference notes, deep dive vulnerability analysis and much more. It is also super helpful to me as a creator as sometimes I would feel like giving out some of my notes and templates to the community.
  • One Note: If you think One Note is dead, I feel for you. One Note has been my light weight go-to application to just randomly jot down everything I am testing and I have to test after choosing a target. I have a notebook named BugBountyTargets and every section in this notebook belongs to a target I am testing. I segregate a section into different pages such as recon intel, interesting endpoints and much more.
  • XMind: XMind is another brilliant tool that has worked magic. All of my extensive notes go on One Note and all of my lightweight testing strategies fall into X Mind. I create mind maps to have a large scale picture of my target and the items I would like to test.

3. RSS Feeds

Keeping updated with the things that’s happening is crucial if you’ve chosen Cybersecurity. You always have to keep yourself updated and one way to do that effectively is by reading blogs and writeups. You can take the pain and check each popular blog one by one or you can be smart by pulling all the RSS feeds of your favourite blogs and read them all at one place. That one place for me is an app called “Inoreader”. I chose this app as it works the best for me but you can do a quick google and play around different RSS Feed Apps before settling into one.

I recently wrote a thread on my favourite blogs to keep oneself updated. You can find it here.

4. Books

Books have helped me widen my knowledge and shape my perspectives. I read a wide variety of books such as fiction, travelogues, self-help, technical etc. And obviously once again, the challenge is to keep them all in one place and also make sure that it is possible to quickly retrieve any information that I need. I recently started using Apple Books to tackle this issue as it helps me easily annotate and lookup and information I need. But it is understandable if you don’t know Apple. Prior to Apple Books, I was using this app called SumatraPDF in windows. This app is super lightweight and helps you to annotate and organize easily. Would highly recommend you to use this.

If you are looking for books to read in context to bug bounty, find my thread on the same here.

5. Newsletters

In addition to blogposts, I also subscribe to quite a bunch of newsletters to keep myself updated. Sometimes all you need is a weekly overview of everything that’s happened in the bug bounty / infosec space and newsletters are the best for this purpose.

Wondering what newsletters to subscribe? Checkout this thread on my most favourite newsletters here.

Bonus

If you are a fan of watching video content, YouTube and Twitch is your place to go. Here’s a list of 50 YouTube channels you can follow to upskill in Cybersecurity / Bug Bounty.

Ideally, I would create a Notion database to keep track of all the videos I watch as well and take notes simultaneously.

Support

I have been creating content related to Cybersecurity / Bug Bounty Hunting for a while now. Although not necessary, it would mean the world to me if you decide to support me by buying me a book here.

This would not just help me but also the community as I will be able to create more quality content the more I read.

Cheers ;”)

--

--

Nithin R
Nithin R

Written by Nithin R

Hacking machines and life simultaneously

Responses (1)