How to Fail at Bug Bounty Hunting

Transcript

1. How to Fail at Bug Bounty Hunting By Tushar Verma

2. Whoami Application Security Engineer Synack Red Team Member Bug Bounty

   Hunter Infosec Trainer & Speaker

3. Failing at Bug Bounty

4. You participate in the wrong programs Failed to read Bug

   Bounty Guidelines Lots of Duplicate Failed to show impact You don’t stick to a program You don’t recon Bad Report Writing

5. Approach towards a better Bug Bounty Hunting

6. Take your time in choosing the right program Read and

   Understand Bug Bounty Brief Understand the Vulnerability/Bug and try to explain impact to Program owners Keep yourself updated with new update on old program so that you can be the first one to test and report Do manual and automated Recon. Try to spend more time on recon Better Report Writing

7. Tips for Beginners Go with VDP’s…Don’t be greedy Go for

   wide scopes targets No low hanging fruits Learn the “Art of Dorking” Google Try to learn use of burp extensions Learn chaining different vulnerabilities

8. Avoid Screenshots……… Unfollow them, Ignore them Don’t compare, everyone started

   from zero Spend more time in learning and believe me you will get success

9. Recon Automation Framework • ReconFTW • Project Bheem • Osmedeus

10. Bug Bounty Resources

11. None

12. Get in Touch • Twitter: @e11i0t_4lders0n • LinkedIn: @tushars25 •

    Instagram: @e11i0t_4lders0n__ • Medium: @tushars2517 • Slides: speakerdeck.com/e11i0t_4lders0n • Email: [email protected]

13. Thank You