Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
METHODOLOGIES AND APPROACH TO START BUG BOUNTY ...
Search
Tushar Verma
July 25, 2021
Technology
0
550
METHODOLOGIES AND APPROACH TO START BUG BOUNTY HUNTING
Tushar Verma
July 25, 2021
Tweet
Share
More Decks by Tushar Verma
See All by Tushar Verma
The Power of Recon_ Leveraging Recon for Easy $$$$
e11i0t_4lders0n
0
150
AWS Cloud Forensics & Incident Response
e11i0t_4lders0n
1
640
Hacking OAuth Applications
e11i0t_4lders0n
1
2k
Exploiting SSRF like a Boss
e11i0t_4lders0n
2
1.1k
How to Fail at Bug Bounty Hunting
e11i0t_4lders0n
1
1.7k
The Bug Hunter’s Recon Methodology
e11i0t_4lders0n
2
760
Bypassing 2FA Misconfiguration
e11i0t_4lders0n
1
2.2k
How to get started in bug bounty
e11i0t_4lders0n
1
470
Other Decks in Technology
See All in Technology
テストコード品質を高めるためにMutation Testingライブラリ・Strykerを実戦導入してみた話
ysknsid25
7
2.6k
Terraform未経験の御様に対してどの ように導⼊を進めていったか
tkikuchi
2
440
Incident Response Practices: Waroom's Features and Future Challenges
rrreeeyyy
0
160
Security-JAWS【第35回】勉強会クラウドにおけるマルウェアやコンテンツ改ざんへの対策
4su_para
0
180
インフラとバックエンドとフロントエンドをくまなく調べて遅いアプリを早くした件
tubone24
1
430
複雑なState管理からの脱却
sansantech
PRO
1
150
Exadata Database Service on Dedicated Infrastructure(ExaDB-D) UI スクリーン・キャプチャ集
oracle4engineer
PRO
2
3.2k
DynamoDB でスロットリングが発生したとき/when_throttling_occurs_in_dynamodb_short
emiki
0
230
TypeScript、上達の瞬間
sadnessojisan
46
13k
Why App Signing Matters for Your Android Apps - Android Bangkok Conference 2024
akexorcist
0
130
AWS Media Services 最新サービスアップデート 2024
eijikominami
0
200
B2B SaaSから見た最近のC#/.NETの進化
sansantech
PRO
0
850
Featured
See All Featured
A designer walks into a library…
pauljervisheath
204
24k
Writing Fast Ruby
sferik
627
61k
What's in a price? How to price your products and services
michaelherold
243
12k
Automating Front-end Workflow
addyosmani
1366
200k
Music & Morning Musume
bryan
46
6.2k
Dealing with People You Can't Stand - Big Design 2015
cassininazir
364
24k
Imperfection Machines: The Place of Print at Facebook
scottboms
265
13k
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
232
17k
jQuery: Nuts, Bolts and Bling
dougneiner
61
7.5k
GraphQLの誤解/rethinking-graphql
sonatard
67
10k
The Cost Of JavaScript in 2023
addyosmani
45
6.8k
Happy Clients
brianwarren
98
6.7k
Transcript
METHODOLOGIES AND APPROACH TO START BUG BOUNTY HUNTING By: Tushar
Verma
WHOAMI Application Security Engineer Synack Red Team Member Bug Bounty
Hunter
AGENDA What is Bug Bounty Hunting Bug Bounty Platform Scope
Review and Target Selection Recon Methodologies Manual Testing Approach
WHAT IS BUG BOUNTY HUNTING
Bug Bounty Platform Bugcrowd Hackerone Intigriti YesWeHack HackenProof Cesspa Synack
Private Programs
Scope Review and Target Selection Check the Description and Focus
Area Check the In-Scope and Out-scope of the target Check the average response time Check the pay-out and How many vulnerabilities reported
Recon Methodologies Small Scope Recon – Specific sets of single
URLs Medium Scope Recon - Specific set of “*.target.com” Large Scope Recon – Everything in Scope
Automating Recon Project Bheem ReconFTW Osmedeus
MANUAL TESTING APPROACH
GET IN TOUCH AT ◦ Twitter: @e11i0t_4lders0n ◦ LinkedIn: /in/tushars25
◦ Instagram: @e11i0t_4lders0n__ ◦ Email:
[email protected]
e11i0t_4lders0n
ysknsid25
tkikuchi
rrreeeyyy
4su_para
tubone24
sansantech
oracle4engineer
emiki
sadnessojisan
akexorcist
eijikominami
pauljervisheath
sferik
michaelherold
addyosmani
bryan
cassininazir
scottboms
marcelosomers
dougneiner
sonatard
brianwarren
