Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
METHODOLOGIES AND APPROACH TO START BUG BOUNTY ...
Search
Tushar Verma
July 25, 2021
Technology
610
0
Share
METHODOLOGIES AND APPROACH TO START BUG BOUNTY HUNTING
Tushar Verma
July 25, 2021
More Decks by Tushar Verma
See All by Tushar Verma
The Power of Recon_ Leveraging Recon for Easy $$$$
e11i0t_4lders0n
0
220
AWS Cloud Forensics & Incident Response
e11i0t_4lders0n
1
720
Hacking OAuth Applications
e11i0t_4lders0n
1
2.1k
Exploiting SSRF like a Boss
e11i0t_4lders0n
2
1.1k
How to Fail at Bug Bounty Hunting
e11i0t_4lders0n
1
1.7k
The Bug Hunter’s Recon Methodology
e11i0t_4lders0n
2
800
Bypassing 2FA Misconfiguration
e11i0t_4lders0n
1
2.4k
How to get started in bug bounty
e11i0t_4lders0n
1
500
Other Decks in Technology
See All in Technology
Databricks Lakehouse Federationで 運用負荷ゼロのデータ連携
nek0128
0
110
スクラムを支える内部品質の話
iij_pr
0
170
ハーネスエンジニアリング×AI適応開発
aictokamiya
3
1.3k
ブラックボックス化したMLシステムのVertex AI移行 / mlops_community_62
visional_engineering_and_design
1
260
AWSで2番目にリリースされたサービスについてお話しします(諸説あります)
yama3133
0
110
Amazon Qはアマコネで頑張っています〜 Amazon Q in Connectについて〜
yama3133
1
170
OpenClaw初心者向けセミナー / OpenClaw Beginner Seminar
cmhiranofumio
0
190
Oracle AI Database@Google Cloud:サービス概要のご紹介
oracle4engineer
PRO
5
1.3k
Cortex Codeでデータの仕事を全部Agenticにやりきろう!
gappy50
0
170
OPENLOGI Company Profile for engineer
hr01
1
62k
Data Enabling Team立ち上げました
sansantech
PRO
0
180
The essence of decision-making lies in primary data
kaminashi
0
220
Featured
See All Featured
Navigating Weather and Climate Data
rabernat
0
150
Into the Great Unknown - MozCon
thekraken
40
2.3k
Breaking role norms: Why Content Design is so much more than writing copy - Taylor Woolridge
uxyall
0
240
Google's AI Overviews - The New Search
badams
0
950
The Myth of the Modular Monolith - Day 2 Keynote - Rails World 2024
eileencodes
27
3.4k
Leveraging LLMs for student feedback in introductory data science courses - posit::conf(2025)
minecr
1
220
How to build a perfect <img>
jonoalderson
1
5.3k
Deep Space Network (abreviated)
tonyrice
0
99
Why Mistakes Are the Best Teachers: Turning Failure into a Pathway for Growth
auna
0
110
Tips & Tricks on How to Get Your First Job In Tech
honzajavorek
1
470
WCS-LA-2024
lcolladotor
0
510
Music & Morning Musume
bryan
47
7.1k
Transcript
METHODOLOGIES AND APPROACH TO START BUG BOUNTY HUNTING By: Tushar
Verma
WHOAMI Application Security Engineer Synack Red Team Member Bug Bounty
Hunter
AGENDA What is Bug Bounty Hunting Bug Bounty Platform Scope
Review and Target Selection Recon Methodologies Manual Testing Approach
WHAT IS BUG BOUNTY HUNTING
Bug Bounty Platform Bugcrowd Hackerone Intigriti YesWeHack HackenProof Cesspa Synack
Private Programs
Scope Review and Target Selection Check the Description and Focus
Area Check the In-Scope and Out-scope of the target Check the average response time Check the pay-out and How many vulnerabilities reported
Recon Methodologies Small Scope Recon – Specific sets of single
URLs Medium Scope Recon - Specific set of “*.target.com” Large Scope Recon – Everything in Scope
Automating Recon Project Bheem ReconFTW Osmedeus
MANUAL TESTING APPROACH
GET IN TOUCH AT ◦ Twitter: @e11i0t_4lders0n ◦ LinkedIn: /in/tushars25
◦ Instagram: @e11i0t_4lders0n__ ◦ Email:
[email protected]
e11i0t_4lders0n
nek0128
iij_pr
aictokamiya
visional_engineering_and_design
yama3133
cmhiranofumio
oracle4engineer
gappy50
hr01
sansantech
kaminashi
rabernat
thekraken
uxyall
badams
eileencodes
minecr
jonoalderson
tonyrice
auna
honzajavorek
lcolladotor
bryan
