Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
METHODOLOGIES AND APPROACH TO START BUG BOUNTY ...
Search
Tushar Verma
July 25, 2021
Technology
0
560
METHODOLOGIES AND APPROACH TO START BUG BOUNTY HUNTING
Tushar Verma
July 25, 2021
Tweet
Share
More Decks by Tushar Verma
See All by Tushar Verma
The Power of Recon_ Leveraging Recon for Easy $$$$
e11i0t_4lders0n
0
160
AWS Cloud Forensics & Incident Response
e11i0t_4lders0n
1
640
Hacking OAuth Applications
e11i0t_4lders0n
1
2k
Exploiting SSRF like a Boss
e11i0t_4lders0n
2
1.1k
How to Fail at Bug Bounty Hunting
e11i0t_4lders0n
1
1.7k
The Bug Hunter’s Recon Methodology
e11i0t_4lders0n
2
760
Bypassing 2FA Misconfiguration
e11i0t_4lders0n
1
2.3k
How to get started in bug bounty
e11i0t_4lders0n
1
470
Other Decks in Technology
See All in Technology
機械学習を「社会実装」するということ 2025年版 / Social Implementation of Machine Learning 2025 Version
moepy_stats
5
1.1k
【Oracle Cloud ウェビナー】2025年のセキュリティ脅威を読み解く:リスクに備えるためのレジリエンスとデータ保護
oracle4engineer
PRO
1
100
駆け出しリーダーとしての第一歩〜開発チームとの新しい関わり方〜 / Beginning Journey as Team Leader
kaonavi
0
120
あなたの知らないクラフトビールの世界
miura55
0
130
2024AWSで個人的にアツかったアップデート
nagisa53
1
110
Bring Your Own Container: When Containers Turn the Key to EDR Bypass/byoc-avtokyo2024
tkmru
0
860
0→1事業こそPMは営業すべし / pmconf #落選お披露目 / PM should do sales in zero to one
roki_n_
PRO
1
1.5k
AIアプリケーション開発でAzure AI Searchを使いこなすためには
isidaitc
0
110
実践! ソフトウェアエンジニアリングの価値の計測 ── Effort、Output、Outcome、Impact
nomuson
0
2.1k
AWSマルチアカウント統制環境のすゝめ / 20250115 Mitsutoshi Matsuo
shift_evolve
0
110
生成AIのビジネス活用
seosoft
0
110
Docker Desktop で Docker を始めよう
zembutsu
PRO
0
170
Featured
See All Featured
Improving Core Web Vitals using Speculation Rules API
sergeychernyshev
3
180
Navigating Team Friction
lara
183
15k
Learning to Love Humans: Emotional Interface Design
aarron
274
40k
Writing Fast Ruby
sferik
628
61k
Designing Experiences People Love
moore
139
23k
Fireside Chat
paigeccino
34
3.1k
What's in a price? How to price your products and services
michaelherold
244
12k
Making the Leap to Tech Lead
cromwellryan
133
9k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
132
33k
How To Stay Up To Date on Web Technology
chriscoyier
790
250k
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
mongodb
44
9.4k
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
330
21k
Transcript
METHODOLOGIES AND APPROACH TO START BUG BOUNTY HUNTING By: Tushar
Verma
WHOAMI Application Security Engineer Synack Red Team Member Bug Bounty
Hunter
AGENDA What is Bug Bounty Hunting Bug Bounty Platform Scope
Review and Target Selection Recon Methodologies Manual Testing Approach
WHAT IS BUG BOUNTY HUNTING
Bug Bounty Platform Bugcrowd Hackerone Intigriti YesWeHack HackenProof Cesspa Synack
Private Programs
Scope Review and Target Selection Check the Description and Focus
Area Check the In-Scope and Out-scope of the target Check the average response time Check the pay-out and How many vulnerabilities reported
Recon Methodologies Small Scope Recon – Specific sets of single
URLs Medium Scope Recon - Specific set of “*.target.com” Large Scope Recon – Everything in Scope
Automating Recon Project Bheem ReconFTW Osmedeus
MANUAL TESTING APPROACH
GET IN TOUCH AT ◦ Twitter: @e11i0t_4lders0n ◦ LinkedIn: /in/tushars25
◦ Instagram: @e11i0t_4lders0n__ ◦ Email:
[email protected]
e11i0t_4lders0n
moepy_stats
oracle4engineer
kaonavi
miura55
nagisa53
tkmru
roki_n_
isidaitc
nomuson
shift_evolve
seosoft
zembutsu
sergeychernyshev
lara
aarron
sferik
moore
paigeccino
michaelherold
cromwellryan
eileencodes
chriscoyier
mongodb
caitiem20
