Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
METHODOLOGIES AND APPROACH TO START BUG BOUNTY HUNTING
Search
Tushar Verma
July 25, 2021
Technology
0
530
METHODOLOGIES AND APPROACH TO START BUG BOUNTY HUNTING
Tushar Verma
July 25, 2021
Tweet
Share
More Decks by Tushar Verma
See All by Tushar Verma
The Power of Recon_ Leveraging Recon for Easy $$$$
e11i0t_4lders0n
0
120
AWS Cloud Forensics & Incident Response
e11i0t_4lders0n
1
620
Hacking OAuth Applications
e11i0t_4lders0n
1
1.9k
Exploiting SSRF like a Boss
e11i0t_4lders0n
2
1k
How to Fail at Bug Bounty Hunting
e11i0t_4lders0n
1
1.7k
The Bug Hunter’s Recon Methodology
e11i0t_4lders0n
2
730
Bypassing 2FA Misconfiguration
e11i0t_4lders0n
1
2.2k
How to get started in bug bounty
e11i0t_4lders0n
1
450
Other Decks in Technology
See All in Technology
Postman v10リリース後を振り返る
nagix
0
170
Vertex AI を中心に 生成AIのアップデートを共有します
kaz1437
0
290
どうするコスト最適化のトレードオフ
tetsuyaooooo
1
490
Compose Compiler Metricsを使った実践的なコードレビュー
tomorrowkey
1
220
ワールドカフェI /チューターを改良する / World Café I and Improving the Tutors
ks91
PRO
0
120
反実仮想機械学習とは何か
usaito
PRO
8
3k
推しは推せるときに推せ! プロダクトにフィードバックしていこう
nakasho
0
280
JAWS-UG Bedrock Claude Night
yamahiro
3
540
日本におけるデータエンジニアリングのこれまでとこれから
foursue
16
4.1k
ここが嬉しいABAC ここが辛いよABAC #再解説+補足編
masahirokawahara
1
270
コンテナセキュリティの基本と脅威への対策
kyohmizu
3
750
DevOpsメトリクスとアウトカムの接続にトライ!開発プロセスを通して計測できるメトリクスの活用方法
ham0215
2
230
Featured
See All Featured
Building Effective Engineering Teams - LeadDev
addyosmani
28
1.8k
A Modern Web Designer's Workflow
chriscoyier
689
190k
How to Ace a Technical Interview
jacobian
272
22k
How to train your dragon (web standard)
notwaldorf
73
5.2k
Docker and Python
trallard
34
2.7k
The MySQL Ecosystem @ GitHub 2015
samlambert
243
12k
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
20
1.9k
Fireside Chat
paigeccino
21
2.6k
Product Roadmaps are Hard
iamctodd
44
9.7k
WebSockets: Embracing the real-time Web
robhawkes
59
7k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
7
990
Practical Orchestrator
shlominoach
182
9.7k
Transcript
METHODOLOGIES AND APPROACH TO START BUG BOUNTY HUNTING By: Tushar
Verma
WHOAMI Application Security Engineer Synack Red Team Member Bug Bounty
Hunter
AGENDA What is Bug Bounty Hunting Bug Bounty Platform Scope
Review and Target Selection Recon Methodologies Manual Testing Approach
WHAT IS BUG BOUNTY HUNTING
Bug Bounty Platform Bugcrowd Hackerone Intigriti YesWeHack HackenProof Cesspa Synack
Private Programs
Scope Review and Target Selection Check the Description and Focus
Area Check the In-Scope and Out-scope of the target Check the average response time Check the pay-out and How many vulnerabilities reported
Recon Methodologies Small Scope Recon – Specific sets of single
URLs Medium Scope Recon - Specific set of “*.target.com” Large Scope Recon – Everything in Scope
Automating Recon Project Bheem ReconFTW Osmedeus
MANUAL TESTING APPROACH
GET IN TOUCH AT ◦ Twitter: @e11i0t_4lders0n ◦ LinkedIn: /in/tushars25
◦ Instagram: @e11i0t_4lders0n__ ◦ Email:
[email protected]
e11i0t_4lders0n
nagix
kaz1437
tetsuyaooooo
tomorrowkey
ks91
usaito
nakasho
yamahiro
foursue
masahirokawahara
kyohmizu
ham0215
addyosmani
chriscoyier
jacobian
notwaldorf
trallard
samlambert
danielanewman
paigeccino
iamctodd
robhawkes
bluesmoon
shlominoach
