So I’m learning a lot in regards to this new found interest! Firstly, I’ve been watching a lot of youtube tutorials on how to get started. Mainly on other Bug Bounty Hunters setup. There are a couple of options and avenues one could take in regards to setup.
- Virtual Machine - Host Kali or something else on a Virtual machine.
- Docker container - Spin up a container with kali/linux and start hacking.
- VPS/VPC - Host a “Virtual machine” on the cloud and hack from there.
I didn’t know why people would pay a VPC/VPS service on the cloud when they could hack on their host operating system. I’ve been doing hackthebox from my ubutu machine for years now, I just connect to the VPN and hack away. I don’t use a Virtual Machine anymore because it just takes up too much process and resources. With Docker containers, in reality, I would need to learn how to set this up; something on the cards as well as I can see a lot of automation that comes from this.
Been reading up and doing my research on some VPC providors and came across Digital Ocean ($5 a month) and other services as well. I also bumped into Google Cloud which has a free $300 Credit for a year, so I gave this a go. The benefits of going VPC is that its not running on your network. Unlike a VM in virtualbox on a local machine, though, a VPC is internet facing so you can host resources there and connect back to it. VPCs are also based on / deployed from a snapshot, so you don’t need to go through the actual install (spin it up faster). Possibly most important, you can easily change the IP or make a new droplet when your IP gets banned; it happens, and if a big CDN blocks you, you can lose access to a bunch of sites.
- static ip, easily changed
- separate resources - cpu, memory
- gig+ internet speeds
I managed to create my automation ubutu machine on google cloud. Git clone some bug bounty tools online and started doing my Recon on a Program that I was testing. Interestingly enough, it works pretty good! There are a lot of hackers out there that are big on automating tasks, this is all new to me too so I’m going to invest my time in learning bash. I’ve finished the Linux Command Line handbook already and getting really creative using a lot of
for i in $() loops during my recon phase which im really happy about.