Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
METHODOLOGIES AND APPROACH TO START BUG BOUNTY ...
Search
Tushar Verma
July 25, 2021
Technology
0
580
METHODOLOGIES AND APPROACH TO START BUG BOUNTY HUNTING
Tushar Verma
July 25, 2021
Tweet
Share
More Decks by Tushar Verma
See All by Tushar Verma
The Power of Recon_ Leveraging Recon for Easy $$$$
e11i0t_4lders0n
0
190
AWS Cloud Forensics & Incident Response
e11i0t_4lders0n
1
690
Hacking OAuth Applications
e11i0t_4lders0n
1
2k
Exploiting SSRF like a Boss
e11i0t_4lders0n
2
1.1k
How to Fail at Bug Bounty Hunting
e11i0t_4lders0n
1
1.7k
The Bug Hunter’s Recon Methodology
e11i0t_4lders0n
2
780
Bypassing 2FA Misconfiguration
e11i0t_4lders0n
1
2.3k
How to get started in bug bounty
e11i0t_4lders0n
1
490
Other Decks in Technology
See All in Technology
Introducing RFC9111 / YAPC::Fukuoka 2025
k1low
1
220
バグと向き合い、仕組みで防ぐ
____rina____
0
250
"おまじない"はもう卒業! デバッガで探るSpring Bootの裏側と「学び方」の学び方
takeuchi_132917
0
110
AI時代におけるドメイン駆動設計 入門 / Introduction to Domain-Driven Design in the AI Era
fendo181
0
670
旧から新へ: 大規模ウェブクローラの Perl から Go への移行 / YAPC::Fukuoka 2025
motemen
1
740
マイクロリブート ~ACEマインドセットで実現するアジャイル~
sony
0
260
マーケットプレイス版Oracle WebCenter Content For OCI
oracle4engineer
PRO
3
1.3k
どうなる Remix 3
tanakahisateru
2
350
レビュー負債を解消する ― CodeRabbitが支えるAI駆動開発
moongift
PRO
0
140
Flutterで実装する実践的な攻撃対策とセキュリティ向上
fujikinaga
1
340
Copilotの精度を上げる!カスタムプロンプト入門.pdf
ismk
10
3.4k
Proxmox × HCP Terraformで始めるお家プライベートクラウド
lamaglama39
1
190
Featured
See All Featured
Faster Mobile Websites
deanohume
310
31k
The Straight Up "How To Draw Better" Workshop
denniskardys
239
140k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
140
34k
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
31
9.7k
Documentation Writing (for coders)
carmenintech
76
5.1k
Building a Modern Day E-commerce SEO Strategy
aleyda
45
8k
GraphQLの誤解/rethinking-graphql
sonatard
73
11k
Git: the NoSQL Database
bkeepers
PRO
432
66k
Connecting the Dots Between Site Speed, User Experience & Your Business [WebExpo 2025]
tammyeverts
10
660
GraphQLとの向き合い方2022年版
quramy
49
14k
The Myth of the Modular Monolith - Day 2 Keynote - Rails World 2024
eileencodes
26
3.2k
VelocityConf: Rendering Performance Case Studies
addyosmani
333
24k
Transcript
METHODOLOGIES AND APPROACH TO START BUG BOUNTY HUNTING By: Tushar
Verma
WHOAMI Application Security Engineer Synack Red Team Member Bug Bounty
Hunter
AGENDA What is Bug Bounty Hunting Bug Bounty Platform Scope
Review and Target Selection Recon Methodologies Manual Testing Approach
WHAT IS BUG BOUNTY HUNTING
Bug Bounty Platform Bugcrowd Hackerone Intigriti YesWeHack HackenProof Cesspa Synack
Private Programs
Scope Review and Target Selection Check the Description and Focus
Area Check the In-Scope and Out-scope of the target Check the average response time Check the pay-out and How many vulnerabilities reported
Recon Methodologies Small Scope Recon – Specific sets of single
URLs Medium Scope Recon - Specific set of “*.target.com” Large Scope Recon – Everything in Scope
Automating Recon Project Bheem ReconFTW Osmedeus
MANUAL TESTING APPROACH
GET IN TOUCH AT ◦ Twitter: @e11i0t_4lders0n ◦ LinkedIn: /in/tushars25
◦ Instagram: @e11i0t_4lders0n__ ◦ Email:
[email protected]
e11i0t_4lders0n
k1low
____rina____
takeuchi_132917
fendo181
motemen
sony
oracle4engineer
tanakahisateru
moongift
fujikinaga
ismk
.jpg){kind=avatar}
lamaglama39
deanohume
denniskardys
eileencodes
carmenintech
aleyda
sonatard
bkeepers
tammyeverts
quramy
addyosmani
