Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
METHODOLOGIES AND APPROACH TO START BUG BOUNTY ...
Search
Tushar Verma
July 25, 2021
Technology
0
580
METHODOLOGIES AND APPROACH TO START BUG BOUNTY HUNTING
Tushar Verma
July 25, 2021
Tweet
Share
More Decks by Tushar Verma
See All by Tushar Verma
The Power of Recon_ Leveraging Recon for Easy $$$$
e11i0t_4lders0n
0
190
AWS Cloud Forensics & Incident Response
e11i0t_4lders0n
1
690
Hacking OAuth Applications
e11i0t_4lders0n
1
2k
Exploiting SSRF like a Boss
e11i0t_4lders0n
2
1.1k
How to Fail at Bug Bounty Hunting
e11i0t_4lders0n
1
1.7k
The Bug Hunter’s Recon Methodology
e11i0t_4lders0n
2
780
Bypassing 2FA Misconfiguration
e11i0t_4lders0n
1
2.3k
How to get started in bug bounty
e11i0t_4lders0n
1
490
Other Decks in Technology
See All in Technology
エンジニアにとってコードと並んで重要な「データ」のお話 - データが動くとコードが見える:関数型=データフロー入門
ismk
0
470
Redux → Recoil → Zustand → useSyncExternalStore: 状態管理の10年とReact本来の姿
zozotech
PRO
7
3.9k
日々のSlackアラート確認運用をCustom Chat Modesで楽にした話 / 日々のSlackアラート確認運用をCustom Chat Modesで楽にした話
imamotohikaru
0
450
フライトコントローラPX4の中身(制御器)を覗いてみた
santana_hammer
1
140
Proxmox × HCP Terraformで始めるお家プライベートクラウド
lamaglama39
1
190
[mercari GEARS 2025] Keynote
mercari
PRO
0
170
探求の技術
azukiazusa1
5
1.6k
マイクロリブート ~ACEマインドセットで実現するアジャイル~
sony
0
270
Introducing RFC9111 / YAPC::Fukuoka 2025
k1low
1
220
Copilotの精度を上げる!カスタムプロンプト入門.pdf
ismk
10
3.4k
コミュニティと共に変化する 私とFusicの8年間
ayasamind
0
450
Quarkusで作るInteractive Stream Application
joker1007
0
110
Featured
See All Featured
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
52
5.7k
Save Time (by Creating Custom Rails Generators)
garrettdimon
PRO
33
1.8k
The Straight Up "How To Draw Better" Workshop
denniskardys
239
140k
Optimising Largest Contentful Paint
csswizardry
37
3.5k
Optimizing for Happiness
mojombo
379
70k
Scaling GitHub
holman
463
140k
Unsuck your backbone
ammeep
671
58k
The Illustrated Children's Guide to Kubernetes
chrisshort
51
51k
Build your cross-platform service in a week with App Engine
jlugia
234
18k
jQuery: Nuts, Bolts and Bling
dougneiner
65
8k
The Cost Of JavaScript in 2023
addyosmani
55
9.2k
The Myth of the Modular Monolith - Day 2 Keynote - Rails World 2024
eileencodes
26
3.2k
Transcript
METHODOLOGIES AND APPROACH TO START BUG BOUNTY HUNTING By: Tushar
Verma
WHOAMI Application Security Engineer Synack Red Team Member Bug Bounty
Hunter
AGENDA What is Bug Bounty Hunting Bug Bounty Platform Scope
Review and Target Selection Recon Methodologies Manual Testing Approach
WHAT IS BUG BOUNTY HUNTING
Bug Bounty Platform Bugcrowd Hackerone Intigriti YesWeHack HackenProof Cesspa Synack
Private Programs
Scope Review and Target Selection Check the Description and Focus
Area Check the In-Scope and Out-scope of the target Check the average response time Check the pay-out and How many vulnerabilities reported
Recon Methodologies Small Scope Recon – Specific sets of single
URLs Medium Scope Recon - Specific set of “*.target.com” Large Scope Recon – Everything in Scope
Automating Recon Project Bheem ReconFTW Osmedeus
MANUAL TESTING APPROACH
GET IN TOUCH AT ◦ Twitter: @e11i0t_4lders0n ◦ LinkedIn: /in/tushars25
◦ Instagram: @e11i0t_4lders0n__ ◦ Email:
[email protected]
e11i0t_4lders0n
ismk
zozotech
imamotohikaru
.jpg){kind=avatar}
santana_hammer
.jpg){kind=avatar}
lamaglama39
mercari
azukiazusa1
sony
k1low
ayasamind
joker1007
reverentgeek
garrettdimon
denniskardys
csswizardry
mojombo
holman
ammeep
chrisshort
jlugia
dougneiner
addyosmani
eileencodes
