Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
METHODOLOGIES AND APPROACH TO START BUG BOUNTY ...
Search
Tushar Verma
July 25, 2021
Technology
610
0
Share
METHODOLOGIES AND APPROACH TO START BUG BOUNTY HUNTING
Tushar Verma
July 25, 2021
More Decks by Tushar Verma
See All by Tushar Verma
The Power of Recon_ Leveraging Recon for Easy $$$$
e11i0t_4lders0n
0
220
AWS Cloud Forensics & Incident Response
e11i0t_4lders0n
1
720
Hacking OAuth Applications
e11i0t_4lders0n
1
2.1k
Exploiting SSRF like a Boss
e11i0t_4lders0n
2
1.1k
How to Fail at Bug Bounty Hunting
e11i0t_4lders0n
1
1.7k
The Bug Hunter’s Recon Methodology
e11i0t_4lders0n
2
800
Bypassing 2FA Misconfiguration
e11i0t_4lders0n
1
2.4k
How to get started in bug bounty
e11i0t_4lders0n
1
500
Other Decks in Technology
See All in Technology
Eight Engineering Unit 紹介資料
sansan33
PRO
3
7.2k
AI時代における技術的負債への取り組み
codenote
0
470
AIペネトレーションテスト・ セキュリティ検証「AgenticSec」ご紹介資料
laysakura
0
2.8k
Master Dataグループ紹介資料
sansan33
PRO
1
4.6k
サイボウズ 開発本部採用ピッチ / Cybozu Engineer Recruit
cybozuinsideout
PRO
10
78k
Databricksで構築するログ検索基盤とアーキテクチャ設計
cscengineer
0
200
Sansan Engineering Unit 紹介資料
sansan33
PRO
1
4.2k
ハーネスエンジニアリングの概要と設計思想
sergicalsix
4
1.5k
LLM時代の検索アーキテクチャと技術的意思決定
shibuiwilliam
1
330
3つのボトルネックを解消し、リリースエンジニアリングを再定義した話
nealle
0
500
マルチエージェント × ハーネスエンジニアリング × GitLab Duo Agent Platformで実現する「AIエージェントに仕事をさせる時代へ。」 / 20260421 GitLab Duo Agent Platform
n11sh1
0
120
Rapid Start: Faster Internet Connections, with Ruby's Help
kazuho
1
110
Featured
See All Featured
Site-Speed That Sticks
csswizardry
13
1.2k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
141
35k
Building the Perfect Custom Keyboard
takai
2
730
The AI Revolution Will Not Be Monopolized: How open-source beats economies of scale, even for LLMs
inesmontani
PRO
3
3.3k
The World Runs on Bad Software
bkeepers
PRO
72
12k
Evolving SEO for Evolving Search Engines
ryanjones
0
180
SEO in 2025: How to Prepare for the Future of Search
ipullrank
3
3.4k
Kristin Tynski - Automating Marketing Tasks With AI
techseoconnect
PRO
0
220
Practical Tips for Bootstrapping Information Extraction Pipelines
honnibal
25
1.8k
Impact Scores and Hybrid Strategies: The future of link building
tamaranovitovic
0
260
A brief & incomplete history of UX Design for the World Wide Web: 1989–2019
jct
1
350
Being A Developer After 40
akosma
91
590k
Transcript
METHODOLOGIES AND APPROACH TO START BUG BOUNTY HUNTING By: Tushar
Verma
WHOAMI Application Security Engineer Synack Red Team Member Bug Bounty
Hunter
AGENDA What is Bug Bounty Hunting Bug Bounty Platform Scope
Review and Target Selection Recon Methodologies Manual Testing Approach
WHAT IS BUG BOUNTY HUNTING
Bug Bounty Platform Bugcrowd Hackerone Intigriti YesWeHack HackenProof Cesspa Synack
Private Programs
Scope Review and Target Selection Check the Description and Focus
Area Check the In-Scope and Out-scope of the target Check the average response time Check the pay-out and How many vulnerabilities reported
Recon Methodologies Small Scope Recon – Specific sets of single
URLs Medium Scope Recon - Specific set of “*.target.com” Large Scope Recon – Everything in Scope
Automating Recon Project Bheem ReconFTW Osmedeus
MANUAL TESTING APPROACH
GET IN TOUCH AT ◦ Twitter: @e11i0t_4lders0n ◦ LinkedIn: /in/tushars25
◦ Instagram: @e11i0t_4lders0n__ ◦ Email:
[email protected]
e11i0t_4lders0n
sansan33
codenote
laysakura
cybozuinsideout
cscengineer
sergicalsix
shibuiwilliam
nealle
n11sh1
kazuho
csswizardry
eileencodes
takai
inesmontani
bkeepers
ryanjones
ipullrank
techseoconnect
honnibal
tamaranovitovic
jct
akosma
