Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
METHODOLOGIES AND APPROACH TO START BUG BOUNTY ...
Search
Tushar Verma
July 25, 2021
Technology
0
580
METHODOLOGIES AND APPROACH TO START BUG BOUNTY HUNTING
Tushar Verma
July 25, 2021
Tweet
Share
More Decks by Tushar Verma
See All by Tushar Verma
The Power of Recon_ Leveraging Recon for Easy $$$$
e11i0t_4lders0n
0
180
AWS Cloud Forensics & Incident Response
e11i0t_4lders0n
1
680
Hacking OAuth Applications
e11i0t_4lders0n
1
2k
Exploiting SSRF like a Boss
e11i0t_4lders0n
2
1.1k
How to Fail at Bug Bounty Hunting
e11i0t_4lders0n
1
1.7k
The Bug Hunter’s Recon Methodology
e11i0t_4lders0n
2
780
Bypassing 2FA Misconfiguration
e11i0t_4lders0n
1
2.3k
How to get started in bug bounty
e11i0t_4lders0n
1
490
Other Decks in Technology
See All in Technology
会社を支える Pythonという言語戦略 ~なぜPythonを主要言語にしているのか?~
curekoshimizu
1
500
名刺メーカーDevグループ 紹介資料
sansan33
PRO
0
940
Implementing and Evaluating a High-Level Language with WasmGC and the Wasm Component Model: Scala’s Case
tanishiking
0
170
Introdução a Service Mesh usando o Istio
aeciopires
1
280
Zephyr(RTOS)にEdge AIを組み込んでみた話
iotengineer22
1
260
あなたの知らない Linuxカーネル脆弱性の世界
recruitengineers
PRO
3
130
物体検出モデルでシイタケの収穫時期を自動判定してみた。 #devio2025
lamaglama39
0
270
OSSで50の競合と戦うためにやったこと
yamadashy
3
930
[2025年10月版] Databricks Data + AI Boot Camp
databricksjapan
1
240
研究開発部メンバーの働き⽅ / Sansan R&D Profile
sansan33
PRO
3
20k
Bill One 開発エンジニア 紹介資料
sansan33
PRO
4
14k
私のMCPの使い方
tsubakimoto_s
0
120
Featured
See All Featured
Agile that works and the tools we love
rasmusluckow
331
21k
The Language of Interfaces
destraynor
162
25k
Faster Mobile Websites
deanohume
310
31k
No one is an island. Learnings from fostering a developers community.
thoeni
21
3.5k
StorybookのUI Testing Handbookを読んだ
zakiyama
31
6.2k
Large-scale JavaScript Application Architecture
addyosmani
514
110k
Java REST API Framework Comparison - PWX 2021
mraible
34
8.9k
The Power of CSS Pseudo Elements
geoffreycrofte
79
6k
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
194
16k
Making the Leap to Tech Lead
cromwellryan
135
9.6k
How To Stay Up To Date on Web Technology
chriscoyier
791
250k
Raft: Consensus for Rubyists
vanstee
140
7.2k
Transcript
METHODOLOGIES AND APPROACH TO START BUG BOUNTY HUNTING By: Tushar
Verma
WHOAMI Application Security Engineer Synack Red Team Member Bug Bounty
Hunter
AGENDA What is Bug Bounty Hunting Bug Bounty Platform Scope
Review and Target Selection Recon Methodologies Manual Testing Approach
WHAT IS BUG BOUNTY HUNTING
Bug Bounty Platform Bugcrowd Hackerone Intigriti YesWeHack HackenProof Cesspa Synack
Private Programs
Scope Review and Target Selection Check the Description and Focus
Area Check the In-Scope and Out-scope of the target Check the average response time Check the pay-out and How many vulnerabilities reported
Recon Methodologies Small Scope Recon – Specific sets of single
URLs Medium Scope Recon - Specific set of “*.target.com” Large Scope Recon – Everything in Scope
Automating Recon Project Bheem ReconFTW Osmedeus
MANUAL TESTING APPROACH
GET IN TOUCH AT ◦ Twitter: @e11i0t_4lders0n ◦ LinkedIn: /in/tushars25
◦ Instagram: @e11i0t_4lders0n__ ◦ Email:
[email protected]