️My Top 7 Mistakes as a New Bug Hunter (And How to Avoid Them)

This exclusive article for SOC members by Abhijeet Kumawat outlines the 7 most common mistakes made by new bug hunters, and provides valuable tips on how to avoid them.
The author reflects on his own early experiences in the bug bounty field and the wish that he had known then what he knows now.
One of the biggest mistakes is chasing critical vulnerabilities, such as RCEs (Remote Code Execution) and ATOs (Account Take Overs), without having a strong foundation in the basic skills required for successful bug hunting.
The article emphasizes the importance of mastering foundational skills, such as recon, HTML parsing, and a thorough understanding of the target login flow, before attempting to replicate sophisticated bugs.
Avoid copying and pasting payloads from public reports without understanding their underlying logic, the author advises, emphasizing that this can lead to innocent misconduct and wasted time.
The article provides a concise overview of the other six mistakes, urging new bug hunters to avoid bypassing low bugs, neglecting efficient reporting, overshooting targets, sticking to a single type of bug, avoiding recon, and failing to realize the limits of tools and shortcuts.

Fast Feed