Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
METHODOLOGIES AND APPROACH TO START BUG BOUNTY ...
Search
Sponsored
·
SiteGround - Reliable hosting with speed, security, and support you can count on.
→
Tushar Verma
July 25, 2021
Technology
0
610
METHODOLOGIES AND APPROACH TO START BUG BOUNTY HUNTING
Tushar Verma
July 25, 2021
Tweet
Share
More Decks by Tushar Verma
See All by Tushar Verma
The Power of Recon_ Leveraging Recon for Easy $$$$
e11i0t_4lders0n
0
210
AWS Cloud Forensics & Incident Response
e11i0t_4lders0n
1
720
Hacking OAuth Applications
e11i0t_4lders0n
1
2.1k
Exploiting SSRF like a Boss
e11i0t_4lders0n
2
1.1k
How to Fail at Bug Bounty Hunting
e11i0t_4lders0n
1
1.7k
The Bug Hunter’s Recon Methodology
e11i0t_4lders0n
2
790
Bypassing 2FA Misconfiguration
e11i0t_4lders0n
1
2.4k
How to get started in bug bounty
e11i0t_4lders0n
1
500
Other Decks in Technology
See All in Technology
SSoT(Single Source of Truth)で「壊して再生」する設計
kawauso
2
380
脳が溶けた話 / Melted Brain
keisuke69
1
1.1k
Phase05_ClaudeCode入門
overflowinc
0
2.4k
大規模ECサイトのあるバッチのパフォーマンスを改善するために僕たちのチームがしてきたこと
panda_program
1
400
Zephyr(RTOS)でOpenPLCを実装してみた
iotengineer22
0
130
20年以上続く PHP 大規模プロダクトを Kubernetes へ ── クラウド基盤刷新プロジェクトの4年間
oogfranz
PRO
0
320
来期の評価で変えようと思っていること 〜AI時代に変わること・変わらないこと〜
estie
0
110
【Oracle Cloud ウェビナー】データ主権はクラウドで守れるのか?NTTデータ様のOracle Alloyで実現するソブリン対応クラウドの最適解
oracle4engineer
PRO
3
110
スピンアウト講座01_GitHub管理
overflowinc
0
1.5k
QA組織のAI戦略とAIテスト設計システムAITASの実践
sansantech
PRO
1
200
20260323_データ分析基盤でGeminiを使う話
1210yuichi0
0
190
開発チームとQAエンジニアの新しい協業モデル -年末調整開発チームで実践する【QAリード施策】-
qa
0
360
Featured
See All Featured
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
34
2.7k
職位にかかわらず全員がリーダーシップを発揮するチーム作り / Building a team where everyone can demonstrate leadership regardless of position
madoxten
62
53k
Producing Creativity
orderedlist
PRO
348
40k
Statistics for Hackers
jakevdp
799
230k
Highjacked: Video Game Concept Design
rkendrick25
PRO
1
330
4 Signs Your Business is Dying
shpigford
187
22k
sira's awesome portfolio website redesign presentation
elsirapls
0
200
XXLCSS - How to scale CSS and keep your sanity
sugarenia
249
1.3M
Test your architecture with Archunit
thirion
1
2.2k
The Straight Up "How To Draw Better" Workshop
denniskardys
239
140k
Odyssey Design
rkendrick25
PRO
2
560
Unsuck your backbone
ammeep
672
58k
Transcript
METHODOLOGIES AND APPROACH TO START BUG BOUNTY HUNTING By: Tushar
Verma
WHOAMI Application Security Engineer Synack Red Team Member Bug Bounty
Hunter
AGENDA What is Bug Bounty Hunting Bug Bounty Platform Scope
Review and Target Selection Recon Methodologies Manual Testing Approach
WHAT IS BUG BOUNTY HUNTING
Bug Bounty Platform Bugcrowd Hackerone Intigriti YesWeHack HackenProof Cesspa Synack
Private Programs
Scope Review and Target Selection Check the Description and Focus
Area Check the In-Scope and Out-scope of the target Check the average response time Check the pay-out and How many vulnerabilities reported
Recon Methodologies Small Scope Recon – Specific sets of single
URLs Medium Scope Recon - Specific set of “*.target.com” Large Scope Recon – Everything in Scope
Automating Recon Project Bheem ReconFTW Osmedeus
MANUAL TESTING APPROACH
GET IN TOUCH AT ◦ Twitter: @e11i0t_4lders0n ◦ LinkedIn: /in/tushars25
◦ Instagram: @e11i0t_4lders0n__ ◦ Email:
[email protected]
SiteGround - Reliable hosting with speed, security, and support you can count on.
e11i0t_4lders0n
kawauso
keisuke69
overflowinc
panda_program
iotengineer22
oogfranz
estie
oracle4engineer
sansantech
1210yuichi0
qa
jcasabona
madoxten
orderedlist
jakevdp
rkendrick25
shpigford
elsirapls
sugarenia
thirion
denniskardys
ammeep
