Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
METHODOLOGIES AND APPROACH TO START BUG BOUNTY ...
Search
Sponsored
·
Your Podcast. Everywhere. Effortlessly.
Share. Educate. Inspire. Entertain. You do you. We'll handle the rest.
→
Tushar Verma
July 25, 2021
Technology
0
600
METHODOLOGIES AND APPROACH TO START BUG BOUNTY HUNTING
Tushar Verma
July 25, 2021
Tweet
Share
More Decks by Tushar Verma
See All by Tushar Verma
The Power of Recon_ Leveraging Recon for Easy $$$$
e11i0t_4lders0n
0
200
AWS Cloud Forensics & Incident Response
e11i0t_4lders0n
1
700
Hacking OAuth Applications
e11i0t_4lders0n
1
2.1k
Exploiting SSRF like a Boss
e11i0t_4lders0n
2
1.1k
How to Fail at Bug Bounty Hunting
e11i0t_4lders0n
1
1.7k
The Bug Hunter’s Recon Methodology
e11i0t_4lders0n
2
790
Bypassing 2FA Misconfiguration
e11i0t_4lders0n
1
2.3k
How to get started in bug bounty
e11i0t_4lders0n
1
500
Other Decks in Technology
See All in Technology
Claude Code for NOT Programming
kawaguti
PRO
1
100
We Built for Predictability; The Workloads Didn’t Care
stahnma
0
150
コスト削減から「セキュリティと利便性」を担うプラットフォームへ
sansantech
PRO
3
1.6k
ブロックテーマ、WordPress でウェブサイトをつくるということ / 2026.02.07 Gifu WordPress Meetup
torounit
0
200
インフラエンジニア必見!Kubernetesを用いたクラウドネイティブ設計ポイント大全
daitak
1
390
OpenShiftでllm-dを動かそう!
jpishikawa
0
140
Embedded SREの終わりを設計する 「なんとなく」から計画的な自立支援へ
sansantech
PRO
3
2.6k
登壇駆動学習のすすめ — CfPのネタの見つけ方と書くときに意識していること
bicstone
3
130
AzureでのIaC - Bicep? Terraform? それ早く言ってよ会議
torumakabe
1
600
Bill One急成長の舞台裏 開発組織が直面した失敗と教訓
sansantech
PRO
2
400
(技術的には)社内システムもOKなブラウザエージェントを作ってみた!
har1101
0
200
AIエージェントを開発しよう!-AgentCore活用の勘所-
yukiogawa
0
190
Featured
See All Featured
Pawsitive SEO: Lessons from My Dog (and Many Mistakes) on Thriving as a Consultant in the Age of AI
davidcarrasco
0
68
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
508
140k
SEO in 2025: How to Prepare for the Future of Search
ipullrank
3
3.3k
Building a Modern Day E-commerce SEO Strategy
aleyda
45
8.7k
Code Reviewing Like a Champion
maltzj
527
40k
AI in Enterprises - Java and Open Source to the Rescue
ivargrimstad
0
1.1k
SEO for Brand Visibility & Recognition
aleyda
0
4.2k
[RailsConf 2023] Rails as a piece of cake
palkan
59
6.3k
Designing Experiences People Love
moore
144
24k
Git: the NoSQL Database
bkeepers
PRO
432
66k
Odyssey Design
rkendrick25
PRO
1
500
KATA
mclloyd
PRO
34
15k
Transcript
METHODOLOGIES AND APPROACH TO START BUG BOUNTY HUNTING By: Tushar
Verma
WHOAMI Application Security Engineer Synack Red Team Member Bug Bounty
Hunter
AGENDA What is Bug Bounty Hunting Bug Bounty Platform Scope
Review and Target Selection Recon Methodologies Manual Testing Approach
WHAT IS BUG BOUNTY HUNTING
Bug Bounty Platform Bugcrowd Hackerone Intigriti YesWeHack HackenProof Cesspa Synack
Private Programs
Scope Review and Target Selection Check the Description and Focus
Area Check the In-Scope and Out-scope of the target Check the average response time Check the pay-out and How many vulnerabilities reported
Recon Methodologies Small Scope Recon – Specific sets of single
URLs Medium Scope Recon - Specific set of “*.target.com” Large Scope Recon – Everything in Scope
Automating Recon Project Bheem ReconFTW Osmedeus
MANUAL TESTING APPROACH
GET IN TOUCH AT ◦ Twitter: @e11i0t_4lders0n ◦ LinkedIn: /in/tushars25
◦ Instagram: @e11i0t_4lders0n__ ◦ Email:
[email protected]
e11i0t_4lders0n
kawaguti
stahnma
sansantech
torounit
daitak
jpishikawa
bicstone
torumakabe
har1101
yukiogawa
davidcarrasco
chriscoyier
ipullrank
aleyda
maltzj
ivargrimstad
palkan
moore
bkeepers
rkendrick25
mclloyd
