‘Adapt payloads to your targets’: Brumens’ Bug Bounty tips for newbies

March 7, 2024

Customisation is key when it comes to unearthing code vulnerabilities, according to Bug Bounty hunter ‘Brumens’.

In this Q&A and video, Alex Brumen, who is also researcher enablement analyst for YesWeHack, shares his Bug Bounty tips and tricks for beginners, and reflects on his own experiences as a successful ethical hacker.

Among other things, we asked the 23-year-old (22 when the interview took place) to reflect on his defining qualities as a bug hunter, about how he chooses his hunting targets and for his preferred hacking tools.

BRUMENS ON BECOMING AN ETHICAL HACKER…

When I was young, I always mixed with a lot of computers. I did a lot of networking, learning, and when I grew up I liked coding, so I started to build some code. And then I also started to learn how different things worked and I think that’s how I got into hacking.

I started Bug Bounty on YesWeHack with a little bit of background about programming and IT security. I started hunting on a public program called Dailymotion, and I managed to find my first vulnerability there. From that point, I got some private invites and started my journey on YesWeHack and continued to do hunting.

ON WHAT HE LIKES MOST ABOUT YESWEHACK…

The triage is amazing. When you report something, the triage is done in a really short amount of time, so that’s a huge benefit about the platform.

And also, the way that you’re able to structure your report and communicate with the company, it’s amazing.

ON CHOOSING HIS HACKING TARGETS…

I always go for the functional ones that have a lot of functions, and from there I just like to discover and use the website or the programs as a regular user. And from there, I take the interesting points or interesting functions and go deeper and try to hack them.

ON THE MOST CRITICAL VULNERABILITY HE HAS DISCOVERED SO FAR…

The most critical vulnerability that I discovered myself was an unauthorised SSRF, also known as Server-Side Request Forgery, that led to a remote code execution on an administration panel in the backend.

ON THE THREE WORDS THAT BEST DESCRIBE HIM AS A HACKER…

I would say creative, persistent and very much patient.

ON HIS FAVOURITE BUG-HUNTING TOOLS…

My top three hacking tools that I always use are Burp Suite – obviously – sqlmap and also Nmap.

ON THE MOST COMMON MISTAKE MADE BY INEXPERIENCED HUNTERS…

In my opinion, the thing that is very common to new hackers is that they take a lot of tools and they spray them on the target with a default configuration, without any customisation.

I would recommend to new hunters: make your own wordlist, make your own payloads, and understand the technology and adapt it to your target. Not spray and use the same methodology for all your programs, but adapt them to the specific one you are hacking.

MORE ADVICE FOR ANYONE STARTING OUT AS A BUG HUNTER…

Pick a target that you’re comfortable with, that you feel motivated to hunt on – not just a target that everyone is hacking on, but a program that you feel would be fun.

When you have that target, then just discover a function, and do research about how that function works. When you’ve got that information and find a behaviour, just keep digging and, eventually, you’ll probably find a vulnerability.

Interested in emulating Brumens? Learn more about hunting through YesWeHack, sharpen your hacking skills on Dojo, or learn about the latest hacking tools and techniques on our blog.