Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
METHODOLOGIES AND APPROACH TO START BUG BOUNTY ...
Search
Tushar Verma
July 25, 2021
Technology
0
600
METHODOLOGIES AND APPROACH TO START BUG BOUNTY HUNTING
Tushar Verma
July 25, 2021
Tweet
Share
More Decks by Tushar Verma
See All by Tushar Verma
The Power of Recon_ Leveraging Recon for Easy $$$$
e11i0t_4lders0n
0
200
AWS Cloud Forensics & Incident Response
e11i0t_4lders0n
1
700
Hacking OAuth Applications
e11i0t_4lders0n
1
2.1k
Exploiting SSRF like a Boss
e11i0t_4lders0n
2
1.1k
How to Fail at Bug Bounty Hunting
e11i0t_4lders0n
1
1.7k
The Bug Hunter’s Recon Methodology
e11i0t_4lders0n
2
790
Bypassing 2FA Misconfiguration
e11i0t_4lders0n
1
2.3k
How to get started in bug bounty
e11i0t_4lders0n
1
500
Other Decks in Technology
See All in Technology
AIエージェントを5分で一気におさらい! AIエージェント「構築」元年に備えよう
yakumo
1
130
名刺メーカーDevグループ 紹介資料
sansan33
PRO
0
1k
re:Invent2025 セッションレポ ~Spec-driven development with Kiro~
nrinetcom
PRO
2
170
Contract One Engineering Unit 紹介資料
sansan33
PRO
0
12k
AWS re:Inventre:cap ~AmazonNova 2 Omniのワークショップを体験してきた~
nrinetcom
PRO
0
120
Scrum Guide Expansion Pack が示す現代プロダクト開発への補完的視点
sonjin
0
290
Digitization部 紹介資料
sansan33
PRO
1
6.4k
Data Hubグループ 紹介資料
sansan33
PRO
0
2.5k
テストセンター受験、オンライン受験、どっちなんだい?
yama3133
0
200
複雑さを受け入れるか、拒むか? - 事業成長とともに育ったモノリスを前に私が考えたこと #RSGT2026
murabayashi
0
950
戰略轉變:從建構 AI 代理人到發展可擴展的技能生態系統
appleboy
0
180
「駆動」って言葉、なんかカッコイイ_Mitz
comucal
PRO
0
130
Featured
See All Featured
Agile Actions for Facilitating Distributed Teams - ADO2019
mkilby
0
100
Bioeconomy Workshop: Dr. Julius Ecuru, Opportunities for a Bioeconomy in West Africa
akademiya2063
PRO
0
36
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
47
7.9k
How To Stay Up To Date on Web Technology
chriscoyier
791
250k
Designing for Timeless Needs
cassininazir
0
110
How to build a perfect <img>
jonoalderson
1
4.8k
Applied NLP in the Age of Generative AI
inesmontani
PRO
3
2k
StorybookのUI Testing Handbookを読んだ
zakiyama
31
6.5k
The World Runs on Bad Software
bkeepers
PRO
72
12k
Performance Is Good for Brains [We Love Speed 2024]
tammyeverts
12
1.4k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
37
6.2k
エンジニアに許された特別な時間の終わり
watany
106
220k
Transcript
METHODOLOGIES AND APPROACH TO START BUG BOUNTY HUNTING By: Tushar
Verma
WHOAMI Application Security Engineer Synack Red Team Member Bug Bounty
Hunter
AGENDA What is Bug Bounty Hunting Bug Bounty Platform Scope
Review and Target Selection Recon Methodologies Manual Testing Approach
WHAT IS BUG BOUNTY HUNTING
Bug Bounty Platform Bugcrowd Hackerone Intigriti YesWeHack HackenProof Cesspa Synack
Private Programs
Scope Review and Target Selection Check the Description and Focus
Area Check the In-Scope and Out-scope of the target Check the average response time Check the pay-out and How many vulnerabilities reported
Recon Methodologies Small Scope Recon – Specific sets of single
URLs Medium Scope Recon - Specific set of “*.target.com” Large Scope Recon – Everything in Scope
Automating Recon Project Bheem ReconFTW Osmedeus
MANUAL TESTING APPROACH
GET IN TOUCH AT ◦ Twitter: @e11i0t_4lders0n ◦ LinkedIn: /in/tushars25
◦ Instagram: @e11i0t_4lders0n__ ◦ Email:
[email protected]
e11i0t_4lders0n
yakumo
sansan33
nrinetcom
sonjin
yama3133
murabayashi
appleboy
comucal
mkilby
akademiya2063
eileencodes
chriscoyier
cassininazir
jonoalderson
inesmontani
zakiyama
bkeepers
tammyeverts
kevinliebholz
watany
