Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
METHODOLOGIES AND APPROACH TO START BUG BOUNTY ...
Search
Tushar Verma
July 25, 2021
Technology
0
600
METHODOLOGIES AND APPROACH TO START BUG BOUNTY HUNTING
Tushar Verma
July 25, 2021
Tweet
Share
More Decks by Tushar Verma
See All by Tushar Verma
The Power of Recon_ Leveraging Recon for Easy $$$$
e11i0t_4lders0n
0
200
AWS Cloud Forensics & Incident Response
e11i0t_4lders0n
1
700
Hacking OAuth Applications
e11i0t_4lders0n
1
2.1k
Exploiting SSRF like a Boss
e11i0t_4lders0n
2
1.1k
How to Fail at Bug Bounty Hunting
e11i0t_4lders0n
1
1.7k
The Bug Hunter’s Recon Methodology
e11i0t_4lders0n
2
790
Bypassing 2FA Misconfiguration
e11i0t_4lders0n
1
2.3k
How to get started in bug bounty
e11i0t_4lders0n
1
500
Other Decks in Technology
See All in Technology
AIと融ける人間の冒険
pujisi
0
120
困ったCSVファイルの話
mottyzzz
0
190
AWSと生成AIで学ぶ!実行計画の読み解き方とSQLチューニングの実践
yakumo
2
450
AI駆動開発ライフサイクル(AI-DLC)の始め方
ryansbcho79
0
330
Eight Engineering Unit 紹介資料
sansan33
PRO
0
6.2k
コールドスタンバイ構成でCDは可能か
hiramax
0
130
AI との良い付き合い方を僕らは誰も知らない (WSS 2026 静岡版)
asei
1
300
Qiita Bash アドカレ LT #1
okaru
0
190
旬のブリと旬の技術で楽しむ AI エージェント設計開発レシピ
chack411
1
240
純粋なイミュータブルモデルを設計してからイベントソーシングと組み合わせるDeciderの実践方法の紹介 /Introducing Decider Pattern with Event Sourcing
tomohisa
1
980
次世代AIコーディング:OpenAI Codex の最新動向 進行スライド/nikkei-tech-talk-40
nikkei_engineer_recruiting
0
140
Oracle Database@AWS:サービス概要のご紹介
oracle4engineer
PRO
2
870
Featured
See All Featured
Paper Plane (Part 1)
katiecoart
PRO
0
3k
Put a Button on it: Removing Barriers to Going Fast.
kastner
60
4.1k
Save Time (by Creating Custom Rails Generators)
garrettdimon
PRO
32
1.9k
Leo the Paperboy
mayatellez
3
1.3k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
37
6.2k
Done Done
chrislema
186
16k
Build The Right Thing And Hit Your Dates
maggiecrowley
38
3k
Building Applications with DynamoDB
mza
96
6.9k
Paper Plane
katiecoart
PRO
0
45k
Measuring & Analyzing Core Web Vitals
bluesmoon
9
730
Abbi's Birthday
coloredviolet
0
4.3k
Dominate Local Search Results - an insider guide to GBP, reviews, and Local SEO
greggifford
PRO
0
32
Transcript
METHODOLOGIES AND APPROACH TO START BUG BOUNTY HUNTING By: Tushar
Verma
WHOAMI Application Security Engineer Synack Red Team Member Bug Bounty
Hunter
AGENDA What is Bug Bounty Hunting Bug Bounty Platform Scope
Review and Target Selection Recon Methodologies Manual Testing Approach
WHAT IS BUG BOUNTY HUNTING
Bug Bounty Platform Bugcrowd Hackerone Intigriti YesWeHack HackenProof Cesspa Synack
Private Programs
Scope Review and Target Selection Check the Description and Focus
Area Check the In-Scope and Out-scope of the target Check the average response time Check the pay-out and How many vulnerabilities reported
Recon Methodologies Small Scope Recon – Specific sets of single
URLs Medium Scope Recon - Specific set of “*.target.com” Large Scope Recon – Everything in Scope
Automating Recon Project Bheem ReconFTW Osmedeus
MANUAL TESTING APPROACH
GET IN TOUCH AT ◦ Twitter: @e11i0t_4lders0n ◦ LinkedIn: /in/tushars25
◦ Instagram: @e11i0t_4lders0n__ ◦ Email:
[email protected]
e11i0t_4lders0n
pujisi
mottyzzz
yakumo
ryansbcho79
sansan33
hiramax
asei
okaru
chack411
tomohisa
nikkei_engineer_recruiting
oracle4engineer
katiecoart
kastner
garrettdimon
mayatellez
kevinliebholz
chrislema
maggiecrowley
mza
bluesmoon
coloredviolet
greggifford
