Practise hacking against a fully functioning website containing real bug bounty findings recreated for you to discover. There are over 100 vulnerabilities on real working features (with more being added regularly!). Can you find them all?
Get in the hacker mindset and put your knowledge & skills to the test.
zseano's methodology included!
"I don't do a lot of CTF etc... due to the lack of realism but on this platform, the bugs are quite varied AND in a realistic environment, that's exactly what I'm looking for. I think this site is a good sequel for those who start on PortSwigger WebSecurity and / or TryHackMe."
Dubbed "BARKER", this website functions just like a real website except it contains real findings recreated for you to discover. Real findings from real bug bounty programs. "BARKER" is designed to put your knowledge & skills to the test as you're blindly hunting for functionality and features and you are required to understand what is happening, instead of "there is XSS here, can you bypass the filter?".
These are real features that function just like a real website would, you just need to understand how things work and then use your knowledge to discover vulnerabilities, true hacker style! Your reports will be triaged by @zseano personally and help & feedback will be provided to help aid you in your hacker journey.
Learn how to identify vulnerabilities in websites at ease and understand more around application/business logic issues. Get an insight into the mistakes developers make.
Track your progress along the way and unlock perks as you level up your skill & discover more vulnerabilities. Connect your profile with your Discord and join us for our bi-weekly hacking events where all Level 2 (25 unique bugs discovered on BARKER) members get together and hack together on a chosen bug bounty program. At Level 5 , (100 unique bugs discovered), receive public endosement from @zseano and an official BARKER completion certificate to showcase your success and to show the world you really can hack.
zseano's methodology is designed to be an easy to follow flow/checklist to help with identifying security vulnerabilities in web applications. Most people when starting in bug bounties will jump from program to program looking for anything they can, however focusing on one program and learing as much as you can about their scope & features will usually result in more bugs being discovered.
The guide contains a complete run-down of how zseano approaches hacking on web applications & how he applies this on bug bounty programs, including how to choose the right programs! From the very start with what he does when choosing a program, all the way to the end of what you should be aiming to automate to aid you in your hunting.
From simply testing websites as they were intended to be used zseano has managed to find over 800 unique security vulnerabilities affecting web applications, with 500+ vulnerabilities discovered just on TripAdvisor.
zseano even received recognition in 2018 from the Amazon.com Information Security Organisation for his security research work. The team over at Amazon, dubbed 'Project KIT' (Knights in Trust) are extremely friendly to work with and we recommend checking them out over at https://www.hackerone.com/amazonvrp
zseano's methodology and BARKER go hand in hand because you can learn the flow and then begin instantly practising it on BARKER. Learn the flow, practise it, and then apply this on bug bounty programs and earn money. Take our hand and let us guide you and show it isn't as hard as it looks!
"The methodology has certainly made me think about the way I look at applications myself. It has helped me think better before starting an audit. What I still have trouble with is taking notes, I want to work on that even more. So far I am still too negligent about that. In any case, the methodology has given me an idea of how to tackle this. The way it is written is very accessible. Compared to other books on the same subject, the use of language is more in colloquialism than in technical writing. That is nice for a non-native English speaker like myself."
Lifetime access to platform & private web application BARKER
BARKER receives regular updates with new vulnerabilities introduced each time.
Practise hacking safely on a private environment
Lifetime access to zseano's methodology
What you can hope to achieve: We hope after practising hacking on BARKER and following zseano's methodology you will be able to discover web application vulnerabilities on bug bounty programs at ease and become exactly what you've been practising to be..
..a bug bounty hunter!
BARKER works just like a real website would in the sense you can register, login, post content etc, and zseano's methodology is all about testing a main web application. The two together combined should be enough to help jump start your bug bounty journey and understand the mindset behind discovering vulnerabilities.
As you progress and climb the leaderboards you will receive unique swag and perks, as well as being publicly endorsed and recommended for bug bounty programs.
