Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
METHODOLOGIES AND APPROACH TO START BUG BOUNTY ...
Search
Tushar Verma
July 25, 2021
Technology
0
580
METHODOLOGIES AND APPROACH TO START BUG BOUNTY HUNTING
Tushar Verma
July 25, 2021
Tweet
Share
More Decks by Tushar Verma
See All by Tushar Verma
The Power of Recon_ Leveraging Recon for Easy $$$$
e11i0t_4lders0n
0
180
AWS Cloud Forensics & Incident Response
e11i0t_4lders0n
1
680
Hacking OAuth Applications
e11i0t_4lders0n
1
2k
Exploiting SSRF like a Boss
e11i0t_4lders0n
2
1.1k
How to Fail at Bug Bounty Hunting
e11i0t_4lders0n
1
1.7k
The Bug Hunter’s Recon Methodology
e11i0t_4lders0n
2
770
Bypassing 2FA Misconfiguration
e11i0t_4lders0n
1
2.3k
How to get started in bug bounty
e11i0t_4lders0n
1
490
Other Decks in Technology
See All in Technology
生成AI利用プログラミング:誰でもプログラムが書けると 世の中どうなる?/opencampus202508
okana2ki
0
180
Preferred Networks (PFN) とLLM Post-Training チームの紹介 / 第4回 関東Kaggler会 スポンサーセッション
pfn
PRO
1
130
Amazon Inspector コードセキュリティで手軽に実現するシフトレフト
maimyyym
0
160
AIは変更差分からユニットテスト_結合テスト_システムテストでテストすべきことが出せるのか?
mineo_matsuya
5
3.1k
リモートワークで心掛けていること 〜AI活用編〜
naoki85
0
200
LLMエージェント時代に適応した開発フロー
hiragram
1
330
広島発!スタートアップ開発の裏側
tsankyo
0
170
メルカリIBIS:AIが拓く次世代インシデント対応
0gm
2
500
OCI Bastionサービス
oracle4engineer
PRO
1
100
kintone開発チームの紹介
cybozuinsideout
PRO
0
73k
プロジェクトマネジメントは不確実性との対話だ
hisashiwatanabe
0
190
datadog-distribution-of-opentelemetry-collector-intro
tetsuya28
0
220
Featured
See All Featured
Done Done
chrislema
185
16k
The Cult of Friendly URLs
andyhume
79
6.5k
Designing for humans not robots
tammielis
253
25k
For a Future-Friendly Web
brad_frost
179
9.9k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
110
20k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
283
13k
GitHub's CSS Performance
jonrohan
1031
460k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
33
2.4k
Put a Button on it: Removing Barriers to Going Fast.
kastner
60
4k
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
50
5.5k
Producing Creativity
orderedlist
PRO
347
40k
Build your cross-platform service in a week with App Engine
jlugia
231
18k
Transcript
METHODOLOGIES AND APPROACH TO START BUG BOUNTY HUNTING By: Tushar
Verma
WHOAMI Application Security Engineer Synack Red Team Member Bug Bounty
Hunter
AGENDA What is Bug Bounty Hunting Bug Bounty Platform Scope
Review and Target Selection Recon Methodologies Manual Testing Approach
WHAT IS BUG BOUNTY HUNTING
Bug Bounty Platform Bugcrowd Hackerone Intigriti YesWeHack HackenProof Cesspa Synack
Private Programs
Scope Review and Target Selection Check the Description and Focus
Area Check the In-Scope and Out-scope of the target Check the average response time Check the pay-out and How many vulnerabilities reported
Recon Methodologies Small Scope Recon – Specific sets of single
URLs Medium Scope Recon - Specific set of “*.target.com” Large Scope Recon – Everything in Scope
Automating Recon Project Bheem ReconFTW Osmedeus
MANUAL TESTING APPROACH
GET IN TOUCH AT ◦ Twitter: @e11i0t_4lders0n ◦ LinkedIn: /in/tushars25
◦ Instagram: @e11i0t_4lders0n__ ◦ Email:
[email protected]