Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
METHODOLOGIES AND APPROACH TO START BUG BOUNTY ...
Search
Tushar Verma
July 25, 2021
Technology
0
580
METHODOLOGIES AND APPROACH TO START BUG BOUNTY HUNTING
Tushar Verma
July 25, 2021
Tweet
Share
More Decks by Tushar Verma
See All by Tushar Verma
The Power of Recon_ Leveraging Recon for Easy $$$$
e11i0t_4lders0n
0
180
AWS Cloud Forensics & Incident Response
e11i0t_4lders0n
1
670
Hacking OAuth Applications
e11i0t_4lders0n
1
2k
Exploiting SSRF like a Boss
e11i0t_4lders0n
2
1.1k
How to Fail at Bug Bounty Hunting
e11i0t_4lders0n
1
1.7k
The Bug Hunter’s Recon Methodology
e11i0t_4lders0n
2
770
Bypassing 2FA Misconfiguration
e11i0t_4lders0n
1
2.3k
How to get started in bug bounty
e11i0t_4lders0n
1
480
Other Decks in Technology
See All in Technology
Snowflake Summit 2025 データエンジニアリング関連新機能紹介 / Snowflake Summit 2025 What's New about Data Engineering
tiltmax3
0
300
Oracle Audit Vault and Database Firewall 20 概要
oracle4engineer
PRO
3
1.7k
Observability в PHP без боли. Олег Мифле, тимлид Altenar
lamodatech
0
330
PostgreSQL 18 cancel request key長の変更とRailsへの関連
yahonda
0
120
CSS、JSをHTMLテンプレートにまとめるフロントエンド戦略
d120145
0
280
Amazon S3標準/ S3 Tables/S3 Express One Zoneを使ったログ分析
shigeruoda
3
460
~宇宙最速~ 2025年AWS Summit レポート
satodesu
1
1.8k
生成AIでwebアプリケーションを作ってみた
tajimon
2
140
Amazon Bedrockで実現する 新たな学習体験
kzkmaeda
1
510
本当に使える?AutoUpgrade の新機能を実践検証してみた
oracle4engineer
PRO
1
140
VISITS_AIIoTビジネス共創ラボ登壇資料.pdf
iotcomjpadmin
0
160
rubygem開発で鍛える設計力
joker1007
2
190
Featured
See All Featured
Into the Great Unknown - MozCon
thekraken
39
1.9k
Keith and Marios Guide to Fast Websites
keithpitt
411
22k
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
130
19k
KATA
mclloyd
29
14k
Typedesign – Prime Four
hannesfritz
42
2.7k
Save Time (by Creating Custom Rails Generators)
garrettdimon
PRO
31
1.2k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
29
1.8k
How To Stay Up To Date on Web Technology
chriscoyier
790
250k
Stop Working from a Prison Cell
hatefulcrawdad
270
20k
Reflections from 52 weeks, 52 projects
jeffersonlam
351
20k
Writing Fast Ruby
sferik
628
61k
Practical Orchestrator
shlominoach
188
11k
Transcript
METHODOLOGIES AND APPROACH TO START BUG BOUNTY HUNTING By: Tushar
Verma
WHOAMI Application Security Engineer Synack Red Team Member Bug Bounty
Hunter
AGENDA What is Bug Bounty Hunting Bug Bounty Platform Scope
Review and Target Selection Recon Methodologies Manual Testing Approach
WHAT IS BUG BOUNTY HUNTING
Bug Bounty Platform Bugcrowd Hackerone Intigriti YesWeHack HackenProof Cesspa Synack
Private Programs
Scope Review and Target Selection Check the Description and Focus
Area Check the In-Scope and Out-scope of the target Check the average response time Check the pay-out and How many vulnerabilities reported
Recon Methodologies Small Scope Recon – Specific sets of single
URLs Medium Scope Recon - Specific set of “*.target.com” Large Scope Recon – Everything in Scope
Automating Recon Project Bheem ReconFTW Osmedeus
MANUAL TESTING APPROACH
GET IN TOUCH AT ◦ Twitter: @e11i0t_4lders0n ◦ LinkedIn: /in/tushars25
◦ Instagram: @e11i0t_4lders0n__ ◦ Email:
[email protected]
e11i0t_4lders0n
tiltmax3
oracle4engineer
lamodatech
yahonda
d120145
shigeruoda
satodesu
tajimon
kzkmaeda
iotcomjpadmin
joker1007
thekraken
keithpitt
morganepeng
mclloyd
hannesfritz
garrettdimon
bluesmoon
chriscoyier
hatefulcrawdad
jeffersonlam
sferik
shlominoach
