Bug hunting is a neat skill to develop as an ethical hacker and a cybersecurity professional. In this lesson, you will learn and practice the process of hacking and bug hunting.

Intro To Bug Hunting

Have you ever thought about a career in bug hunting? 

Not hunting for little critters that roam outside your home or inside but hunting for software bugs, errors in the code, found in an application or service. Hackers that search, find, and report or eliminate bugs within an application or service are called bug hunters. The process of searching, identifying, and eliminating bugs in a system is bug hunting. 

As an ethical hacker, one of your tasks is to search for and eliminate bugs in a system. Applications or services that have bugs are prone to vulnerabilities and since malicious actors can use vulnerabilities to gain access to a system, ethical hackers must act quickly to remove the bugs once identified.   

In this lesson, you will learn and practice bug hunting. You will learn about the hacking process, ethical hacking tactics, and, lastly, how to be an effective bug hunter and ethical hacker. That said, let's begin!



White Hat Hacker doing bug hunting on multiple devices

Introduction

Throughout this lesson, you've learned about ethical hacking and bug hunting, the hacking process, and practiced searching, identifying, and eliminating bugs and vulnerabilities within an application.

As mentioned earlier, as an ethical hacker, one of your tasks is to search for, and possibly eliminate, any vulnerabilities in a system. Applications or services that have bugs or vulnerabilities will give access to malicious actors to do some serious damage to the system. That said, ethical hackers must act quickly and adapt. 

An ethical hacker trying to locate bugs within a server. 



Conclusion

Here's a challenge! You're free to skip this exercise if you choose. To skip, just select <kbd>Next</kbd> to continue.

However, if you choose to accept this challenge, your task is to identify and note as many vulnerabilities as you can find within the website. Once you identify and note all the vulnerabilities on the site, compare what you've noted with the `site_vulnerabilities.txt` file.


_Hint: Try `jake@newcomsolutions.com`_


Challenge: Hunting for Web Vulnerability 

In this exercise, you will search for bugs and vulnerabilities in a newly created bank application. The bank application is called _FakeBank Financial_. They recently hired an engineering team to create an application that will make banking much easier.  

To ensure that the application is safe and secure, they reached out to you to perform an analysis of the application. In other words, they permitted you to **hack** the site to identify any bugs and vulnerabilities. 

_In this task, we will focus on identifying any bugs and vulnerabilities on the login page of FakeBank Financial_.

Hunting for Sensitive Data Exposure 

Before we go hunting, let's learn about the hacking process. The hacking process is a combination of ethical hacking tactics for organizational defense. Having a list of tactics to ensure organizational defenses is a helpful resource for ethical hackers and bug hunters. Ethical hackers can use these tactics to ensure the security of a system and identify potential areas of vulnerabilities and software bugs.

The hacking process consists of the following:

- Footprinting
- Scanning
- Enumeration
- System Hacking
- Escalation of Privilege
- Planting Backdoors
- Covering Tracks

-----

1. _Footprinting_, also known as the “Reconnaissance” phase, is passive information gathering of targets before active attack activities.
2. _Scanning_ is an initial active/passive inspecting technique to gather technical information on target systems.
3. _Enumeration_ is the consolidation and gathering of more detailed information on target systems and networks.
4. _System Hacking_ is the planning and execution of attacks conducted based on the information gathered in Footprinting, Scanning, and Enumeration. 
5. _Escalation of Privilege_ is when an attacker is successful and can gain access to the systems/networks of the organization.
6. _Planting Backdoors_ is leaving an entry point to a compromised system for easy access to further attack activities.
7. _Covering Tracks_ is the act of removing or destroying signs of intrusion and activities performed on a system.

Now that we've learned about the hacking process, let's get to hunting!