METHODOLOGIES AND APPROACH TO START BUG BOUNTY HUNTING

Tushar Verma

July 25, 2021

Tweet

More Decks by Tushar Verma

See All by Tushar Verma

The Power of Recon_ Leveraging Recon for Easy $$$$

e11i0t_4lders0n

0

210

AWS Cloud Forensics & Incident Response

e11i0t_4lders0n

1

710

Hacking OAuth Applications

e11i0t_4lders0n

1

2.1k

Exploiting SSRF like a Boss

e11i0t_4lders0n

2

1.1k

How to Fail at Bug Bounty Hunting

e11i0t_4lders0n

1

1.7k

The Bug Hunter’s Recon Methodology

e11i0t_4lders0n

2

790

Bypassing 2FA Misconfiguration

e11i0t_4lders0n

1

2.4k

How to get started in bug bounty

e11i0t_4lders0n

1

500

Other Decks in Technology

See All in Technology

Abuse report だけじゃない。AWS から緊急連絡が来る状況とは？昨今の攻撃や被害の事例の紹介と備えておきたい考え方について

1

720

[E2]CCoEはAI指揮官へ。Bedrock×MCPで構築するコスト・セキュリティ自律運用基盤

0

170

Lambda Web AdapterでLambdaをWEBフレームワーク利用する

0

130

Dr. Werner Vogelsの14年のキーノートから紐解くエンジニアリング組織への処方箋@JAWS DAYS 2026

1

140

2026年もソフトウェアサプライチェーンのリスクに立ち向かうために / Product Security Square #3

1

300

Claude Code 2026年最新アップデート

13

10k

AI実装による「レビューボトルネック」を解消する仕様駆動開発（SDD）/ ai-sdd-review-bottleneck

0

140

情シスのための生成AI実践ガイド2026 / Generative AI Practical Guide for Business Technology 2026

0

260

複数クラスタ運用と検索の高度化：ビズリーチにおけるElastic活用事例 / ElasticON Tokyo2026

visional_engineering_and_design

0

160

AIエージェント時代に備える AWS Organizations とアカウント設計

3

1k

ランサムウエア対策してますか？やられた時の対策は本当にできてますか？AWSでのリスク分析と対応フローの泥臭いお話。

0

140

Zeal of the Convert: Taming Shai-Hulud with AI

0

100

Featured

See All Featured

Raft: Consensus for Rubyists

141

7.4k

Primal Persuasion: How to Engage the Brain for Learning That Lasts

0

290

Design and Strategy: How to Deal with People Who Don’t "Get" Design

133

19k

Organizational Design Perspectives: An Ontology of Organizational Design Elements

PRO

1

640

How to Think Like a Performance Engineer

28

2.5k

Java REST API Framework Comparison - PWX 2021

34

9.2k

Distributed Sagas: A Protocol for Coordinating Microservices

333

22k

Building a A Zero-Code AI SEO Workflow

PRO

0

390

A Soul's Torment

5

2.5k

Fashionably flexible responsive web design (full day workshop)

408

66k

Introduction to Domain-Driven Design and Collaborative software design

1

640

How to optimise 3,500 product descriptions for ecommerce in one day using ChatGPT

PRO

1

3.5k

Transcript

METHODOLOGIES AND APPROACH TO START BUG BOUNTY HUNTING By: Tushar
Verma
WHOAMI Application Security Engineer Synack Red Team Member Bug Bounty
Hunter
AGENDA What is Bug Bounty Hunting Bug Bounty Platform Scope
Review and Target Selection Recon Methodologies Manual Testing Approach
WHAT IS BUG BOUNTY HUNTING
Bug Bounty Platform Bugcrowd Hackerone Intigriti YesWeHack HackenProof Cesspa Synack
Private Programs
Scope Review and Target Selection Check the Description and Focus
Area Check the In-Scope and Out-scope of the target Check the average response time Check the pay-out and How many vulnerabilities reported
Recon Methodologies Small Scope Recon – Specific sets of single
URLs Medium Scope Recon - Specific set of “*.target.com” Large Scope Recon – Everything in Scope
Automating Recon Project Bheem ReconFTW Osmedeus
MANUAL TESTING APPROACH
GET IN TOUCH AT ◦ Twitter: @e11i0t_4lders0n ◦ LinkedIn: /in/tushars25
◦ Instagram: @e11i0t_4lders0n__ ◦ Email: [email protected]