Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
METHODOLOGIES AND APPROACH TO START BUG BOUNTY ...
Search
Tushar Verma
July 25, 2021
Technology
0
580
METHODOLOGIES AND APPROACH TO START BUG BOUNTY HUNTING
Tushar Verma
July 25, 2021
Tweet
Share
More Decks by Tushar Verma
See All by Tushar Verma
The Power of Recon_ Leveraging Recon for Easy $$$$
e11i0t_4lders0n
0
180
AWS Cloud Forensics & Incident Response
e11i0t_4lders0n
1
680
Hacking OAuth Applications
e11i0t_4lders0n
1
2k
Exploiting SSRF like a Boss
e11i0t_4lders0n
2
1.1k
How to Fail at Bug Bounty Hunting
e11i0t_4lders0n
1
1.7k
The Bug Hunter’s Recon Methodology
e11i0t_4lders0n
2
770
Bypassing 2FA Misconfiguration
e11i0t_4lders0n
1
2.3k
How to get started in bug bounty
e11i0t_4lders0n
1
490
Other Decks in Technology
See All in Technology
2025年夏 コーディングエージェントを統べる者
nwiizo
0
170
Firestore → Spanner 移行 を成功させた段階的移行プロセス
athug
1
480
複数サービスを支える マルチテナント型 Batch MLプラットフォーム
lycorptech_jp
PRO
0
360
現場で効くClaude Code ─ 最新動向と企業導入
takaakikakei
1
240
Function Body Macros で、SwiftUI の View に Accessibility Identifier を自動付与する/Function Body Macros: Autogenerate accessibility identifiers for SwiftUI Views
miichan
2
180
La gouvernance territoriale des données grâce à la plateforme Terreze
bluehats
0
170
【実演版】カンファレンス登壇者・スタッフにこそ知ってほしいマイクの使い方 / 大吉祥寺.pm 2025
arthur1
1
840
Language Update: Java
skrb
2
300
共有と分離 - Compose Multiplatform "本番導入" の設計指針
error96num
2
490
「何となくテストする」を卒業するためにプロダクトが動く仕組みを理解しよう
kawabeaver
0
410
5分でカオスエンジニアリングを分かった気になろう
pandayumi
0
240
要件定義・デザインフェーズでもAIを活用して、コミュニケーションの密度を高める
kazukihayase
0
110
Featured
See All Featured
GraphQLの誤解/rethinking-graphql
sonatard
72
11k
Making Projects Easy
brettharned
117
6.4k
No one is an island. Learnings from fostering a developers community.
thoeni
21
3.4k
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
marcduiker
31
2.2k
Fantastic passwords and where to find them - at NoRuKo
philnash
52
3.4k
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
eileencodes
36
2.5k
Navigating Team Friction
lara
189
15k
Fireside Chat
paigeccino
39
3.6k
Imperfection Machines: The Place of Print at Facebook
scottboms
268
13k
Optimizing for Happiness
mojombo
379
70k
Six Lessons from altMBA
skipperchong
28
4k
[RailsConf 2023] Rails as a piece of cake
palkan
57
5.8k
Transcript
METHODOLOGIES AND APPROACH TO START BUG BOUNTY HUNTING By: Tushar
Verma
WHOAMI Application Security Engineer Synack Red Team Member Bug Bounty
Hunter
AGENDA What is Bug Bounty Hunting Bug Bounty Platform Scope
Review and Target Selection Recon Methodologies Manual Testing Approach
WHAT IS BUG BOUNTY HUNTING
Bug Bounty Platform Bugcrowd Hackerone Intigriti YesWeHack HackenProof Cesspa Synack
Private Programs
Scope Review and Target Selection Check the Description and Focus
Area Check the In-Scope and Out-scope of the target Check the average response time Check the pay-out and How many vulnerabilities reported
Recon Methodologies Small Scope Recon – Specific sets of single
URLs Medium Scope Recon - Specific set of “*.target.com” Large Scope Recon – Everything in Scope
Automating Recon Project Bheem ReconFTW Osmedeus
MANUAL TESTING APPROACH
GET IN TOUCH AT ◦ Twitter: @e11i0t_4lders0n ◦ LinkedIn: /in/tushars25
◦ Instagram: @e11i0t_4lders0n__ ◦ Email:
[email protected]
e11i0t_4lders0n
nwiizo
athug
lycorptech_jp
takaakikakei
miichan
bluehats
.jpeg){kind=avatar}
arthur1
skrb
error96num
kawabeaver
pandayumi
kazukihayase
sonatard
brettharned
thoeni
marcduiker
philnash
eileencodes
lara
paigeccino
scottboms
mojombo
skipperchong
palkan
