Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
METHODOLOGIES AND APPROACH TO START BUG BOUNTY ...
Search
Tushar Verma
July 25, 2021
Technology
620
0
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
METHODOLOGIES AND APPROACH TO START BUG BOUNTY HUNTING
Tushar Verma
July 25, 2021
More Decks by Tushar Verma
See All by Tushar Verma
The Power of Recon_ Leveraging Recon for Easy $$$$
e11i0t_4lders0n
0
230
AWS Cloud Forensics & Incident Response
e11i0t_4lders0n
1
730
Hacking OAuth Applications
e11i0t_4lders0n
1
2.1k
Exploiting SSRF like a Boss
e11i0t_4lders0n
2
1.1k
How to Fail at Bug Bounty Hunting
e11i0t_4lders0n
1
1.7k
The Bug Hunter’s Recon Methodology
e11i0t_4lders0n
2
800
Bypassing 2FA Misconfiguration
e11i0t_4lders0n
1
2.4k
How to get started in bug bounty
e11i0t_4lders0n
1
510
Other Decks in Technology
See All in Technology
完全自律ロボットを作りたくて、先に開発を自律させた話(ROS Japan UG #63 LT)
rryz09
0
500
10年目を迎えた「ABEMA」がどのように AI 活用を推進して、AI 駆動開発にシフトしているのか / How ABEMA, entering its 10th year, is promoting the use of AI and shifting toward AI-driven development
miyukki
0
130
型は壁、Rustでもバグを直すな、表現できなくせよ
nwiizo
13
2k
貴方はどのエンジニアリングを磨くのか
hatyibei
0
130
SRE Lounge Hiroshimaへの招待
grimoh
0
640
証券システムを10年Scalaで作り続けるということ - 関数型まつり2026
krrrr38
3
840
ソニー銀行におけるビジネスアジリティ向上のためのクラウドシフト戦略
srenext
0
160
End-to-Endで考える信頼性 —LINEアプリにおけるクライアント開発×SRE連携の実践
maruloop
4
4.1k
SRE本の知られざる名シーン / The Hidden Gems of Google SRE Book
nari_ex
1
370
「ちゃんとやっている」は独りよがりだった ― 不安に寄り添うインシデント対応へ / Towards incident response that addresses anxieties
chmikata
1
5k
凡エンジニアがこの先生きのこるためには。〜TypeScript完全に理解したい〜
alchemy1115
2
170
Devsumi 2026 Summer 人もAIも使える共通基盤を事業の加速装置にする~デザインシステム運用に学ぶ組織レバレッジ~ 渡辺 凌央
legalontechnologies
PRO
0
100
Featured
See All Featured
Unlocking the hidden potential of vector embeddings in international SEO
frankvandijk
0
870
AI Search: Where Are We & What Can We Do About It?
aleyda
0
7.7k
Product Roadmaps are Hard
iamctodd
55
12k
Hiding What from Whom? A Critical Review of the History of Programming languages for Music
tomoyanonymous
3
920
A brief & incomplete history of UX Design for the World Wide Web: 1989–2019
jct
2
420
Ruling the World: When Life Gets Gamed
codingconduct
0
280
VelocityConf: Rendering Performance Case Studies
addyosmani
333
25k
We Have a Design System, Now What?
morganepeng
55
8.2k
Leo the Paperboy
mayatellez
8
1.9k
Context Engineering - Making Every Token Count
addyosmani
9
1k
Tell your own story through comics
letsgokoyo
1
990
Getting science done with accelerated Python computing platforms
jacobtomlinson
2
260
Transcript
METHODOLOGIES AND APPROACH TO START BUG BOUNTY HUNTING By: Tushar
Verma
WHOAMI Application Security Engineer Synack Red Team Member Bug Bounty
Hunter
AGENDA What is Bug Bounty Hunting Bug Bounty Platform Scope
Review and Target Selection Recon Methodologies Manual Testing Approach
WHAT IS BUG BOUNTY HUNTING
Bug Bounty Platform Bugcrowd Hackerone Intigriti YesWeHack HackenProof Cesspa Synack
Private Programs
Scope Review and Target Selection Check the Description and Focus
Area Check the In-Scope and Out-scope of the target Check the average response time Check the pay-out and How many vulnerabilities reported
Recon Methodologies Small Scope Recon – Specific sets of single
URLs Medium Scope Recon - Specific set of “*.target.com” Large Scope Recon – Everything in Scope
Automating Recon Project Bheem ReconFTW Osmedeus
MANUAL TESTING APPROACH
GET IN TOUCH AT ◦ Twitter: @e11i0t_4lders0n ◦ LinkedIn: /in/tushars25
◦ Instagram: @e11i0t_4lders0n__ ◦ Email:
[email protected]