Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
METHODOLOGIES AND APPROACH TO START BUG BOUNTY ...
Search
Tushar Verma
July 25, 2021
Technology
0
560
METHODOLOGIES AND APPROACH TO START BUG BOUNTY HUNTING
Tushar Verma
July 25, 2021
Tweet
Share
More Decks by Tushar Verma
See All by Tushar Verma
The Power of Recon_ Leveraging Recon for Easy $$$$
e11i0t_4lders0n
0
160
AWS Cloud Forensics & Incident Response
e11i0t_4lders0n
1
640
Hacking OAuth Applications
e11i0t_4lders0n
1
2k
Exploiting SSRF like a Boss
e11i0t_4lders0n
2
1.1k
How to Fail at Bug Bounty Hunting
e11i0t_4lders0n
1
1.7k
The Bug Hunter’s Recon Methodology
e11i0t_4lders0n
2
760
Bypassing 2FA Misconfiguration
e11i0t_4lders0n
1
2.2k
How to get started in bug bounty
e11i0t_4lders0n
1
470
Other Decks in Technology
See All in Technology
2024年にチャレンジしたことを振り返るぞ
mitchan
0
140
宇宙ベンチャーにおける最近の情シス取り組みについて
axelmizu
0
110
権威ドキュメントで振り返る2024 #年忘れセキュリティ2024
hirotomotaguchi
2
750
OpenAIの蒸留機能(Model Distillation)を使用して運用中のLLMのコストを削減する取り組み
pharma_x_tech
4
560
5分でわかるDuckDB
chanyou0311
10
3.2k
コンテナセキュリティのためのLandlock入門
nullpo_head
2
320
統計データで2024年の クラウド・インフラ動向を眺める
ysknsid25
2
840
re:Invent 2024 Innovation Talks(NET201)で語られた大切なこと
shotashiratori
0
310
株式会社ログラス − エンジニア向け会社説明資料 / Loglass Comapany Deck for Engineer
loglass2019
3
32k
どちらを使う?GitHub or Azure DevOps Ver. 24H2
kkamegawa
0
790
Amazon SageMaker Unified Studio(Preview)、Lakehouse と Amazon S3 Tables
ishikawa_satoru
0
150
Qiita埋め込み用スライド
naoki_0531
0
5.1k
Featured
See All Featured
Site-Speed That Sticks
csswizardry
2
190
Building Your Own Lightsaber
phodgson
103
6.1k
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
marcduiker
26
1.9k
Embracing the Ebb and Flow
colly
84
4.5k
Build The Right Thing And Hit Your Dates
maggiecrowley
33
2.4k
Done Done
chrislema
181
16k
Fantastic passwords and where to find them - at NoRuKo
philnash
50
2.9k
What's in a price? How to price your products and services
michaelherold
243
12k
Large-scale JavaScript Application Architecture
addyosmani
510
110k
Keith and Marios Guide to Fast Websites
keithpitt
410
22k
Fashionably flexible responsive web design (full day workshop)
malarkey
405
66k
A designer walks into a library…
pauljervisheath
204
24k
Transcript
METHODOLOGIES AND APPROACH TO START BUG BOUNTY HUNTING By: Tushar
Verma
WHOAMI Application Security Engineer Synack Red Team Member Bug Bounty
Hunter
AGENDA What is Bug Bounty Hunting Bug Bounty Platform Scope
Review and Target Selection Recon Methodologies Manual Testing Approach
WHAT IS BUG BOUNTY HUNTING
Bug Bounty Platform Bugcrowd Hackerone Intigriti YesWeHack HackenProof Cesspa Synack
Private Programs
Scope Review and Target Selection Check the Description and Focus
Area Check the In-Scope and Out-scope of the target Check the average response time Check the pay-out and How many vulnerabilities reported
Recon Methodologies Small Scope Recon – Specific sets of single
URLs Medium Scope Recon - Specific set of “*.target.com” Large Scope Recon – Everything in Scope
Automating Recon Project Bheem ReconFTW Osmedeus
MANUAL TESTING APPROACH
GET IN TOUCH AT ◦ Twitter: @e11i0t_4lders0n ◦ LinkedIn: /in/tushars25
◦ Instagram: @e11i0t_4lders0n__ ◦ Email:
[email protected]