Learning to hack like zseano

zseano's methodology is designed to be an easy to follow flow/checklist to help with identifying security vulnerabilities in web applications. Most people when starting in bug bounties will jump from program to program looking for anything they can, however focusing on one program and learing as much as you can about their scope & features will usually result in more bugs being discovered.

The guide contains a complete run-down of how zseano approaches hacking on web applications & how he applies this on bug bounty programs, including how to choose the right programs! From the very start with what he does when choosing a program, all the way to the end of what you should be aiming to automate to aid you in your hunting.

Recognised by Amazon Information Security Organisation

I have helped Amazon's Information Security Organisation through their vulnerability disclosure program and bug bounty program for a numerous amount of years from when they first started on Bugcrowd (they have since joined HackerOne) and received recognition from them in 2018 for my research efforts.

It was also thanks to their program that I met Jonathan Bouman and we have since collaborated together and even managed to finish top 3 at Amazons live hacking event. I'm grateful to of met such an amazing talented hacker whilst making a friend for life.

zseano's methodology is aimed at using the site as intended and over time you will be faced with a feature or certain parameter and you'll understand what it is you should be looking for in this specific area, rather than spraying payloads and hoping for the best. For example a lot of people simply register & login and begin and then begin testing, usually because they are looking for one type of vulnerability (xss), but this means they're missing out the login and register flow which may be vulnerable to something such as Oauth token leak.

Hack for features and go through the site piece by piece, understanding how it works, parameters used, features available, and as you gain experience and time passes it'll become like second nature to you. The more you stick to one program, the more you learn and soon it'll feel like you know more about a site than the developers!