Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
METHODOLOGIES AND APPROACH TO START BUG BOUNTY ...
Search
Tushar Verma
July 25, 2021
Technology
610
0
Share
METHODOLOGIES AND APPROACH TO START BUG BOUNTY HUNTING
Tushar Verma
July 25, 2021
More Decks by Tushar Verma
See All by Tushar Verma
The Power of Recon_ Leveraging Recon for Easy $$$$
e11i0t_4lders0n
0
220
AWS Cloud Forensics & Incident Response
e11i0t_4lders0n
1
720
Hacking OAuth Applications
e11i0t_4lders0n
1
2.1k
Exploiting SSRF like a Boss
e11i0t_4lders0n
2
1.1k
How to Fail at Bug Bounty Hunting
e11i0t_4lders0n
1
1.7k
The Bug Hunter’s Recon Methodology
e11i0t_4lders0n
2
800
Bypassing 2FA Misconfiguration
e11i0t_4lders0n
1
2.4k
How to get started in bug bounty
e11i0t_4lders0n
1
510
Other Decks in Technology
See All in Technology
AI時代の品質はテストプロセスの作り直し #scrumniigata
kyonmm
PRO
4
1.4k
ブラウザの投機的読み込みと投機ルールAPIを理解し、Webサービスのパフォーマンスを最適化する
shuta13
3
290
Anthropic「Long-running a gents」をGeminiで再現してみた
tkikuchi
0
790
[Scram Fest Niigata2026]Quality as Code〜AIにQAの思考を再現させる試み〜
masamiyajiri
1
290
20260428_Product Management Summit_Loglass_JoeHirose
loglassjoe
4
7.3k
変化の激しい時代をゴキゲンに生き抜くために 〜ストレスマネジメントのススメ〜
kakehashi
PRO
4
1.2k
Agent の「自由」と「安全」〜未来に向けて今できること〜
katayan
0
350
ボトムアップ限界を越える - 20チームを束る "Drive Map" / Beyond Bottom-Up: A 'Drive Map' for 20 Teams
kaonavi
0
150
Sociotechnical Architecture Reviews: Understanding Teams, not just Artefacts
ewolff
1
150
Oracle Cloud Infrastructure presents managed, serverless MCP Servers for Oracle AI Database
thatjeffsmith
0
170
アプリブロック機能のつくりかたと、AIとHTMLの不合理な相性の良さについて
kumamotone
0
180
CyberAgent YJC Connect
shimaf4979
1
170
Featured
See All Featured
The Impact of AI in SEO - AI Overviews June 2024 Edition
aleyda
5
1.1k
The Invisible Side of Design
smashingmag
302
52k
SEO for Brand Visibility & Recognition
aleyda
0
4.5k
SERP Conf. Vienna - Web Accessibility: Optimizing for Inclusivity and SEO
sarafernandez
2
1.4k
Technical Leadership for Architectural Decision Making
baasie
3
350
How to Grow Your eCommerce with AI & Automation
katarinadahlin
PRO
1
180
Embracing the Ebb and Flow
colly
88
5k
GraphQLとの向き合い方2022年版
quramy
50
15k
Practical Orchestrator
shlominoach
191
11k
Impact Scores and Hybrid Strategies: The future of link building
tamaranovitovic
0
270
Leadership Guide Workshop - DevTernity 2021
reverentgeek
1
280
AI: The stuff that nobody shows you
jnunemaker
PRO
6
630
Transcript
METHODOLOGIES AND APPROACH TO START BUG BOUNTY HUNTING By: Tushar
Verma
WHOAMI Application Security Engineer Synack Red Team Member Bug Bounty
Hunter
AGENDA What is Bug Bounty Hunting Bug Bounty Platform Scope
Review and Target Selection Recon Methodologies Manual Testing Approach
WHAT IS BUG BOUNTY HUNTING
Bug Bounty Platform Bugcrowd Hackerone Intigriti YesWeHack HackenProof Cesspa Synack
Private Programs
Scope Review and Target Selection Check the Description and Focus
Area Check the In-Scope and Out-scope of the target Check the average response time Check the pay-out and How many vulnerabilities reported
Recon Methodologies Small Scope Recon – Specific sets of single
URLs Medium Scope Recon - Specific set of “*.target.com” Large Scope Recon – Everything in Scope
Automating Recon Project Bheem ReconFTW Osmedeus
MANUAL TESTING APPROACH
GET IN TOUCH AT ◦ Twitter: @e11i0t_4lders0n ◦ LinkedIn: /in/tushars25
◦ Instagram: @e11i0t_4lders0n__ ◦ Email:
[email protected]
e11i0t_4lders0n
kyonmm
shuta13
tkikuchi
masamiyajiri
loglassjoe
kakehashi
katayan
kaonavi
ewolff
thatjeffsmith
kumamotone
shimaf4979
aleyda
smashingmag
sarafernandez
baasie
katarinadahlin
colly
quramy
shlominoach
tamaranovitovic
reverentgeek
jnunemaker
