Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
METHODOLOGIES AND APPROACH TO START BUG BOUNTY ...
Search
Tushar Verma
July 25, 2021
Technology
0
580
METHODOLOGIES AND APPROACH TO START BUG BOUNTY HUNTING
Tushar Verma
July 25, 2021
Tweet
Share
More Decks by Tushar Verma
See All by Tushar Verma
The Power of Recon_ Leveraging Recon for Easy $$$$
e11i0t_4lders0n
0
180
AWS Cloud Forensics & Incident Response
e11i0t_4lders0n
1
670
Hacking OAuth Applications
e11i0t_4lders0n
1
2k
Exploiting SSRF like a Boss
e11i0t_4lders0n
2
1.1k
How to Fail at Bug Bounty Hunting
e11i0t_4lders0n
1
1.7k
The Bug Hunter’s Recon Methodology
e11i0t_4lders0n
2
770
Bypassing 2FA Misconfiguration
e11i0t_4lders0n
1
2.3k
How to get started in bug bounty
e11i0t_4lders0n
1
480
Other Decks in Technology
See All in Technology
菸酒生在 LINE Taiwan 的後端雙刀流
line_developers_tw
PRO
0
1.1k
本当に使える?AutoUpgrade の新機能を実践検証してみた
oracle4engineer
PRO
1
120
監視のこれまでとこれから/sakura monitoring seminar 2025
fujiwara3
10
2.9k
Create a Rails8 responsive app with Gemini and RubyLLM
palladius
0
140
IAMのマニアックな話 2025を執筆して、 見えてきたAWSアカウント管理の現在
nrinetcom
PRO
4
660
Oracle Cloud Infrastructure:2025年6月度サービス・アップデート
oracle4engineer
PRO
1
140
25分で解説する「最小権限の原則」を実現するための AWS「ポリシー」大全
opelab
9
2.2k
Definition of Done
kawaguti
PRO
6
460
Agentic Workflowという選択肢を考える
tkikuchi1002
1
380
Uniadex__公開版_20250617-AIxIoTビジネス共創ラボ_ツナガルチカラ_.pdf
iotcomjpadmin
0
150
標準技術と独自システムで作る「つらくない」SaaS アカウント管理 / Effortless SaaS Account Management with Standard Technologies & Custom Systems
yuyatakeyama
2
1k
AIエージェントの継続的改善のためオブザーバビリティ
pharma_x_tech
6
1.4k
Featured
See All Featured
Raft: Consensus for Rubyists
vanstee
140
7k
Speed Design
sergeychernyshev
31
1k
Chrome DevTools: State of the Union 2024 - Debugging React & Beyond
addyosmani
7
700
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
357
30k
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
45
7.4k
Unsuck your backbone
ammeep
671
58k
Making the Leap to Tech Lead
cromwellryan
134
9.3k
Keith and Marios Guide to Fast Websites
keithpitt
411
22k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
137
34k
Testing 201, or: Great Expectations
jmmastey
42
7.5k
Connecting the Dots Between Site Speed, User Experience & Your Business [WebExpo 2025]
tammyeverts
4
200
Put a Button on it: Removing Barriers to Going Fast.
kastner
60
3.9k
Transcript
METHODOLOGIES AND APPROACH TO START BUG BOUNTY HUNTING By: Tushar
Verma
WHOAMI Application Security Engineer Synack Red Team Member Bug Bounty
Hunter
AGENDA What is Bug Bounty Hunting Bug Bounty Platform Scope
Review and Target Selection Recon Methodologies Manual Testing Approach
WHAT IS BUG BOUNTY HUNTING
Bug Bounty Platform Bugcrowd Hackerone Intigriti YesWeHack HackenProof Cesspa Synack
Private Programs
Scope Review and Target Selection Check the Description and Focus
Area Check the In-Scope and Out-scope of the target Check the average response time Check the pay-out and How many vulnerabilities reported
Recon Methodologies Small Scope Recon – Specific sets of single
URLs Medium Scope Recon - Specific set of “*.target.com” Large Scope Recon – Everything in Scope
Automating Recon Project Bheem ReconFTW Osmedeus
MANUAL TESTING APPROACH
GET IN TOUCH AT ◦ Twitter: @e11i0t_4lders0n ◦ LinkedIn: /in/tushars25
◦ Instagram: @e11i0t_4lders0n__ ◦ Email:
[email protected]
e11i0t_4lders0n
line_developers_tw
oracle4engineer
fujiwara3
palladius
nrinetcom
opelab
kawaguti
tkikuchi1002
iotcomjpadmin
yuyatakeyama
.png){kind=icon}
pharma_x_tech
vanstee
sergeychernyshev
addyosmani
bermonpainter
eileencodes
ammeep
cromwellryan
keithpitt
jmmastey
tammyeverts
kastner
