Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
METHODOLOGIES AND APPROACH TO START BUG BOUNTY ...
Search
Tushar Verma
July 25, 2021
Technology
620
0
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
METHODOLOGIES AND APPROACH TO START BUG BOUNTY HUNTING
Tushar Verma
July 25, 2021
More Decks by Tushar Verma
See All by Tushar Verma
The Power of Recon_ Leveraging Recon for Easy $$$$
e11i0t_4lders0n
0
230
AWS Cloud Forensics & Incident Response
e11i0t_4lders0n
1
730
Hacking OAuth Applications
e11i0t_4lders0n
1
2.1k
Exploiting SSRF like a Boss
e11i0t_4lders0n
2
1.1k
How to Fail at Bug Bounty Hunting
e11i0t_4lders0n
1
1.7k
The Bug Hunter’s Recon Methodology
e11i0t_4lders0n
2
800
Bypassing 2FA Misconfiguration
e11i0t_4lders0n
1
2.4k
How to get started in bug bounty
e11i0t_4lders0n
1
510
Other Decks in Technology
See All in Technology
Agent Skills設計で柔軟性と硬さのバランスが難しい話
nassy20
0
140
AIAU_UMEMOGU_ninomiya_slide
ninomiya_ii
0
240
iAEONの段階的リアーキテクト戦略 / iAEON's_Gradual_Re-architecture_Strategy
aeonpeople
0
230
GitHub Copilot 最新アップデート – 「一歩先」の実践活用術
moulongzhang
5
1.5k
失敗を資産に変えるClaude Code
shinyasaita
0
720
SONiCの統計情報を取得したい
sonic
0
230
【2026年版】 ベクトル検索とEmbedding最前線
mocobeta
16
4.4k
脱SaaS!FDEを支えるプロビジョニングと分離設計
knih
0
240
データサイエンスを価値につなげるプロジェクト設計 〜 DS一年目が現場で得た気づき 〜
ysd113
1
280
徹底討論!ECS vs EKS!
daitak
0
230
AI-DLCを “そのまま導入しなかった”話 ~組織に合わせてアジャストした 私たちの実践共有~
hiroramos4
PRO
0
210
気軽に使える"情報のハブ"としてのNotion活用 〜フロー情報の集積点 と、 Claude Code × Notion AI〜
syucream
1
150
Featured
See All Featured
The untapped power of vector embeddings
frankvandijk
2
1.8k
コードの90%をAIが書く世界で何が待っているのか / What awaits us in a world where 90% of the code is written by AI
rkaga
62
44k
Getting science done with accelerated Python computing platforms
jacobtomlinson
2
230
Agile that works and the tools we love
rasmusluckow
331
21k
jQuery: Nuts, Bolts and Bling
dougneiner
66
8.5k
Build your cross-platform service in a week with App Engine
jlugia
234
18k
RailsConf 2023
tenderlove
30
1.5k
YesSQL, Process and Tooling at Scale
rocio
174
15k
Lightning Talk: Beautiful Slides for Beginners
inesmontani
PRO
2
580
Paper Plane (Part 1)
katiecoart
PRO
0
9.1k
How to Build an AI Search Optimization Roadmap - Criteria and Steps to Take #SEOIRL
aleyda
1
2.1k
Stop Working from a Prison Cell
hatefulcrawdad
274
21k
Transcript
METHODOLOGIES AND APPROACH TO START BUG BOUNTY HUNTING By: Tushar
Verma
WHOAMI Application Security Engineer Synack Red Team Member Bug Bounty
Hunter
AGENDA What is Bug Bounty Hunting Bug Bounty Platform Scope
Review and Target Selection Recon Methodologies Manual Testing Approach
WHAT IS BUG BOUNTY HUNTING
Bug Bounty Platform Bugcrowd Hackerone Intigriti YesWeHack HackenProof Cesspa Synack
Private Programs
Scope Review and Target Selection Check the Description and Focus
Area Check the In-Scope and Out-scope of the target Check the average response time Check the pay-out and How many vulnerabilities reported
Recon Methodologies Small Scope Recon – Specific sets of single
URLs Medium Scope Recon - Specific set of “*.target.com” Large Scope Recon – Everything in Scope
Automating Recon Project Bheem ReconFTW Osmedeus
MANUAL TESTING APPROACH
GET IN TOUCH AT ◦ Twitter: @e11i0t_4lders0n ◦ LinkedIn: /in/tushars25
◦ Instagram: @e11i0t_4lders0n__ ◦ Email:
[email protected]
e11i0t_4lders0n
nassy20
ninomiya_ii
aeonpeople
moulongzhang
shinyasaita
sonic
mocobeta
knih
ysd113
daitak
hiroramos4
syucream
frankvandijk
rkaga
jacobtomlinson
rasmusluckow
dougneiner
jlugia
tenderlove
rocio
inesmontani
katiecoart
aleyda
hatefulcrawdad
