Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
METHODOLOGIES AND APPROACH TO START BUG BOUNTY ...
Search
Sponsored
·
Your Podcast. Everywhere. Effortlessly.
Share. Educate. Inspire. Entertain. You do you. We'll handle the rest.
→
Tushar Verma
July 25, 2021
Technology
620
0
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
METHODOLOGIES AND APPROACH TO START BUG BOUNTY HUNTING
Tushar Verma
July 25, 2021
More Decks by Tushar Verma
See All by Tushar Verma
The Power of Recon_ Leveraging Recon for Easy $$$$
e11i0t_4lders0n
0
230
AWS Cloud Forensics & Incident Response
e11i0t_4lders0n
1
720
Hacking OAuth Applications
e11i0t_4lders0n
1
2.1k
Exploiting SSRF like a Boss
e11i0t_4lders0n
2
1.1k
How to Fail at Bug Bounty Hunting
e11i0t_4lders0n
1
1.7k
The Bug Hunter’s Recon Methodology
e11i0t_4lders0n
2
800
Bypassing 2FA Misconfiguration
e11i0t_4lders0n
1
2.4k
How to get started in bug bounty
e11i0t_4lders0n
1
510
Other Decks in Technology
See All in Technology
AIのReact習熟度を測る
uhyo
2
640
MCP Appsを作ってみよう
iwamot
PRO
4
680
LayerXにおけるセキュリティ管理の現在地と次の一手
tosho
0
240
あなたの知らないPDFのアクセシビリティ
lycorptech_jp
PRO
0
210
2026TECHFRESH畢業分享會 - 葬送的通靈師:化系統與用戶雜訊成行動訊號
line_developers_tw
PRO
0
1.2k
AIソロプレナー時代に2ヶ月で20人増員した事業創造会社の開発組織の話
miyatakoji
0
690
日本 Fintech 未来予測レポート 2027〜2028年(手動編集版)
8maki
0
2.4k
気づかぬうちにセキュリティ負債を生むAPIキー運用
sgwrmctk
0
170
AI時代のコスト管理を考えよう〜明日から使える実践AWSノウハウ~
yoshimi0227
0
190
AWS Security Agent といっしょに脅威モデリングをやってみよう
amarelo_n24
0
150
フィジカル版Github Onshapeの紹介
shiba_8ro
0
290
200個のGitHubリポジトリを横断調査したかった
icck
0
130
Featured
See All Featured
<Decoding/> the Language of Devs - We Love SEO 2024
nikkihalliwell
1
250
Navigating Team Friction
lara
192
16k
Design in an AI World
tapps
1
240
The Illustrated Guide to Node.js - THAT Conference 2024
reverentgeek
1
390
Building Flexible Design Systems
yeseniaperezcruz
330
40k
Paper Plane
katiecoart
PRO
1
51k
職位にかかわらず全員がリーダーシップを発揮するチーム作り / Building a team where everyone can demonstrate leadership regardless of position
madoxten
62
54k
The agentic SEO stack - context over prompts
schlessera
0
820
Raft: Consensus for Rubyists
vanstee
141
7.5k
Unlocking the hidden potential of vector embeddings in international SEO
frankvandijk
0
840
エンジニアに許された特別な時間の終わり
watany
107
250k
Building Better People: How to give real-time feedback that sticks.
wjessup
370
20k
Transcript
METHODOLOGIES AND APPROACH TO START BUG BOUNTY HUNTING By: Tushar
Verma
WHOAMI Application Security Engineer Synack Red Team Member Bug Bounty
Hunter
AGENDA What is Bug Bounty Hunting Bug Bounty Platform Scope
Review and Target Selection Recon Methodologies Manual Testing Approach
WHAT IS BUG BOUNTY HUNTING
Bug Bounty Platform Bugcrowd Hackerone Intigriti YesWeHack HackenProof Cesspa Synack
Private Programs
Scope Review and Target Selection Check the Description and Focus
Area Check the In-Scope and Out-scope of the target Check the average response time Check the pay-out and How many vulnerabilities reported
Recon Methodologies Small Scope Recon – Specific sets of single
URLs Medium Scope Recon - Specific set of “*.target.com” Large Scope Recon – Everything in Scope
Automating Recon Project Bheem ReconFTW Osmedeus
MANUAL TESTING APPROACH
GET IN TOUCH AT ◦ Twitter: @e11i0t_4lders0n ◦ LinkedIn: /in/tushars25
◦ Instagram: @e11i0t_4lders0n__ ◦ Email:
[email protected]
e11i0t_4lders0n
uhyo
iwamot
tosho
lycorptech_jp
line_developers_tw
miyatakoji
8maki
sgwrmctk
yoshimi0227
amarelo_n24
shiba_8ro
icck
nikkihalliwell
lara
tapps
reverentgeek
yeseniaperezcruz
katiecoart
madoxten
schlessera
vanstee
frankvandijk
watany
wjessup
