Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
METHODOLOGIES AND APPROACH TO START BUG BOUNTY ...
Search
Tushar Verma
July 25, 2021
Technology
0
570
METHODOLOGIES AND APPROACH TO START BUG BOUNTY HUNTING
Tushar Verma
July 25, 2021
Tweet
Share
More Decks by Tushar Verma
See All by Tushar Verma
The Power of Recon_ Leveraging Recon for Easy $$$$
e11i0t_4lders0n
0
170
AWS Cloud Forensics & Incident Response
e11i0t_4lders0n
1
660
Hacking OAuth Applications
e11i0t_4lders0n
1
2k
Exploiting SSRF like a Boss
e11i0t_4lders0n
2
1.1k
How to Fail at Bug Bounty Hunting
e11i0t_4lders0n
1
1.7k
The Bug Hunter’s Recon Methodology
e11i0t_4lders0n
2
760
Bypassing 2FA Misconfiguration
e11i0t_4lders0n
1
2.3k
How to get started in bug bounty
e11i0t_4lders0n
1
480
Other Decks in Technology
See All in Technology
PostgreSQL Log File Mastery: Optimizing Database Performance Through Advanced Log Analysis
shiviyer007
PRO
1
140
Linuxのパッケージ管理とアップデート基礎知識
go_nishimoto
0
690
AIとSREで「今」できること
honmarkhunt
3
630
SnowflakeとDatabricks両方でRAGを構築してみた
kameitomohiro
1
530
CodePipelineのアクション統合から学ぶAWS CDKの抽象化技術 / codepipeline-actions-cdk-abstraction
gotok365
5
330
Compose におけるパスワード自動入力とパスワード保存
tonionagauzzi
0
160
Aspire をカスタマイズしよう & Aspire 9.2
nenonaninu
0
330
Databricksで完全履修!オールインワンレイクハウスは実在した!
akuwano
0
130
MySQL Indexes and Histograms – How they really speed up your queries
lefred
0
130
OpsJAWS34_CloudTrailLake_for_Organizations
hiashisan
0
220
エンジニアリングで組織のアウトカムを最速で最大化する!
ham0215
1
260
Web Intelligence and Visual Media Analytics
weblyzard
PRO
1
5.9k
Featured
See All Featured
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
136
33k
Rails Girls Zürich Keynote
gr2m
94
13k
Imperfection Machines: The Place of Print at Facebook
scottboms
267
13k
The Myth of the Modular Monolith - Day 2 Keynote - Rails World 2024
eileencodes
23
2.7k
jQuery: Nuts, Bolts and Bling
dougneiner
63
7.7k
Put a Button on it: Removing Barriers to Going Fast.
kastner
60
3.8k
GraphQLとの向き合い方2022年版
quramy
46
14k
Building a Scalable Design System with Sketch
lauravandoore
462
33k
Optimising Largest Contentful Paint
csswizardry
37
3.2k
Making the Leap to Tech Lead
cromwellryan
133
9.2k
GraphQLの誤解/rethinking-graphql
sonatard
71
10k
Scaling GitHub
holman
459
140k
Transcript
METHODOLOGIES AND APPROACH TO START BUG BOUNTY HUNTING By: Tushar
Verma
WHOAMI Application Security Engineer Synack Red Team Member Bug Bounty
Hunter
AGENDA What is Bug Bounty Hunting Bug Bounty Platform Scope
Review and Target Selection Recon Methodologies Manual Testing Approach
WHAT IS BUG BOUNTY HUNTING
Bug Bounty Platform Bugcrowd Hackerone Intigriti YesWeHack HackenProof Cesspa Synack
Private Programs
Scope Review and Target Selection Check the Description and Focus
Area Check the In-Scope and Out-scope of the target Check the average response time Check the pay-out and How many vulnerabilities reported
Recon Methodologies Small Scope Recon – Specific sets of single
URLs Medium Scope Recon - Specific set of “*.target.com” Large Scope Recon – Everything in Scope
Automating Recon Project Bheem ReconFTW Osmedeus
MANUAL TESTING APPROACH
GET IN TOUCH AT ◦ Twitter: @e11i0t_4lders0n ◦ LinkedIn: /in/tushars25
◦ Instagram: @e11i0t_4lders0n__ ◦ Email:
[email protected]
e11i0t_4lders0n
shiviyer007
go_nishimoto
.png){kind=avatar}
honmarkhunt
kameitomohiro
gotok365
tonionagauzzi
nenonaninu
akuwano
lefred
hiashisan
ham0215
weblyzard
eileencodes
gr2m
scottboms
dougneiner
kastner
quramy
lauravandoore
csswizardry
cromwellryan
sonatard
holman
