Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
METHODOLOGIES AND APPROACH TO START BUG BOUNTY ...
Search
Sponsored
·
SiteGround - Reliable hosting with speed, security, and support you can count on.
→
Tushar Verma
July 25, 2021
Technology
610
0
Share
METHODOLOGIES AND APPROACH TO START BUG BOUNTY HUNTING
Tushar Verma
July 25, 2021
More Decks by Tushar Verma
See All by Tushar Verma
The Power of Recon_ Leveraging Recon for Easy $$$$
e11i0t_4lders0n
0
220
AWS Cloud Forensics & Incident Response
e11i0t_4lders0n
1
720
Hacking OAuth Applications
e11i0t_4lders0n
1
2.1k
Exploiting SSRF like a Boss
e11i0t_4lders0n
2
1.1k
How to Fail at Bug Bounty Hunting
e11i0t_4lders0n
1
1.7k
The Bug Hunter’s Recon Methodology
e11i0t_4lders0n
2
800
Bypassing 2FA Misconfiguration
e11i0t_4lders0n
1
2.4k
How to get started in bug bounty
e11i0t_4lders0n
1
500
Other Decks in Technology
See All in Technology
自分のハンドルは自分で握れ! ― 自分のケイパビリティを増やし、メンバーのケイパビリティ獲得を支援する ― / Take the wheel yourself
takaking22
1
900
基盤を育てる 外部SaaS連携の運用
gamonges_dresscode
1
120
Sansan Engineering Unit 紹介資料
sansan33
PRO
1
4.3k
「責任あるAIエージェント」こそ自社で開発しよう!
minorun365
9
2k
Shipping AI Agents — Lessons from Production
vvatanabe
0
220
20260423_執筆の工夫と裏側 技術書の企画から刊行まで / From the planning to the publication of technical book
nash_efp
3
390
Standards et agents IA : un tour d’horizon de MCP, A2A, ADK et plus encore
glaforge
0
160
AI バイブコーティングでキーボード不要?!
samakada
0
560
Introduction to Sansan, inc / Sansan Global Development Center, Inc.
sansan33
PRO
0
3k
クラウドネイティブな開発 ~ 認知負荷に立ち向かうためのコンテナ活用
literalice
0
120
サイボウズ 開発本部採用ピッチ / Cybozu Engineer Recruit
cybozuinsideout
PRO
10
78k
AI와 협업하는 조직으로의 여정
arawn
0
360
Featured
See All Featured
Writing Fast Ruby
sferik
630
63k
Are puppies a ranking factor?
jonoalderson
1
3.3k
How to Think Like a Performance Engineer
csswizardry
28
2.5k
Self-Hosted WebAssembly Runtime for Runtime-Neutral Checkpoint/Restore in Edge–Cloud Continuum
chikuwait
0
490
Lessons Learnt from Crawling 1000+ Websites
charlesmeaden
PRO
1
1.2k
Marketing to machines
jonoalderson
1
5.2k
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
31
3.2k
Color Theory Basics | Prateek | Gurzu
gurzu
0
290
Conquering PDFs: document understanding beyond plain text
inesmontani
PRO
4
2.6k
Avoiding the “Bad Training, Faster” Trap in the Age of AI
tmiket
0
130
KATA
mclloyd
PRO
35
15k
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
508
140k
Transcript
METHODOLOGIES AND APPROACH TO START BUG BOUNTY HUNTING By: Tushar
Verma
WHOAMI Application Security Engineer Synack Red Team Member Bug Bounty
Hunter
AGENDA What is Bug Bounty Hunting Bug Bounty Platform Scope
Review and Target Selection Recon Methodologies Manual Testing Approach
WHAT IS BUG BOUNTY HUNTING
Bug Bounty Platform Bugcrowd Hackerone Intigriti YesWeHack HackenProof Cesspa Synack
Private Programs
Scope Review and Target Selection Check the Description and Focus
Area Check the In-Scope and Out-scope of the target Check the average response time Check the pay-out and How many vulnerabilities reported
Recon Methodologies Small Scope Recon – Specific sets of single
URLs Medium Scope Recon - Specific set of “*.target.com” Large Scope Recon – Everything in Scope
Automating Recon Project Bheem ReconFTW Osmedeus
MANUAL TESTING APPROACH
GET IN TOUCH AT ◦ Twitter: @e11i0t_4lders0n ◦ LinkedIn: /in/tushars25
◦ Instagram: @e11i0t_4lders0n__ ◦ Email:
[email protected]
SiteGround - Reliable hosting with speed, security, and support you can count on.
e11i0t_4lders0n
takaking22
gamonges_dresscode
sansan33
minorun365
vvatanabe
nash_efp
glaforge
samakada
literalice
cybozuinsideout
arawn
sferik
jonoalderson
csswizardry
chikuwait
charlesmeaden
danielanewman
gurzu
inesmontani
tmiket
mclloyd
chriscoyier
