Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
METHODOLOGIES AND APPROACH TO START BUG BOUNTY ...
Search
Tushar Verma
July 25, 2021
Technology
0
580
METHODOLOGIES AND APPROACH TO START BUG BOUNTY HUNTING
Tushar Verma
July 25, 2021
Tweet
Share
More Decks by Tushar Verma
See All by Tushar Verma
The Power of Recon_ Leveraging Recon for Easy $$$$
e11i0t_4lders0n
0
180
AWS Cloud Forensics & Incident Response
e11i0t_4lders0n
1
680
Hacking OAuth Applications
e11i0t_4lders0n
1
2k
Exploiting SSRF like a Boss
e11i0t_4lders0n
2
1.1k
How to Fail at Bug Bounty Hunting
e11i0t_4lders0n
1
1.7k
The Bug Hunter’s Recon Methodology
e11i0t_4lders0n
2
770
Bypassing 2FA Misconfiguration
e11i0t_4lders0n
1
2.3k
How to get started in bug bounty
e11i0t_4lders0n
1
490
Other Decks in Technology
See All in Technology
Amazon Q Developerを活用したアーキテクチャのリファクタリング
k1nakayama
2
190
Claude Codeから我々が学ぶべきこと
s4yuba
9
2.1k
Agent Development Kitで始める生成 AI エージェント実践開発
danishi
0
120
LLM開発を支えるエヌビディアの生成AIエコシステム
acceleratedmu3n
0
370
「Roblox」の開発環境とその効率化 ~DAU9700万人超の巨大プラットフォームの開発 事始め~
keitatanji
0
100
AI人生苦節10年で会得したAIがやること_人間がやること.pdf
shibuiwilliam
1
270
【CEDEC2025】現場を理解して実現!ゲーム開発を効率化するWebサービスの開発と、利用促進のための継続的な改善
cygames
PRO
0
720
마라톤 끝의 단거리 스퍼트: 2025년의 AI
inureyes
PRO
1
690
Serverless Meetup #21
yoshidashingo
1
110
【CEDEC2025】『Shadowverse: Worlds Beyond』二度目のDCG開発でゲームをリデザインする~遊びやすさと競技性の両立~
cygames
PRO
1
290
Amazon Qで2Dゲームを作成してみた
siromi
0
100
【CEDEC2025】『ウマ娘 プリティーダービー』における映像制作のさらなる高品質化へ!~ 豊富な素材出力と制作フローの改善を実現するツールについて~
cygames
PRO
0
230
Featured
See All Featured
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
29
9.6k
We Have a Design System, Now What?
morganepeng
53
7.7k
Product Roadmaps are Hard
iamctodd
PRO
54
11k
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
130
19k
Imperfection Machines: The Place of Print at Facebook
scottboms
267
13k
Put a Button on it: Removing Barriers to Going Fast.
kastner
60
3.9k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
283
13k
The Art of Delivering Value - GDevCon NA Keynote
reverentgeek
15
1.6k
How GitHub (no longer) Works
holman
314
140k
The Web Performance Landscape in 2024 [PerfNow 2024]
tammyeverts
8
750
The Psychology of Web Performance [Beyond Tellerrand 2023]
tammyeverts
49
2.9k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
33
2.4k
Transcript
METHODOLOGIES AND APPROACH TO START BUG BOUNTY HUNTING By: Tushar
Verma
WHOAMI Application Security Engineer Synack Red Team Member Bug Bounty
Hunter
AGENDA What is Bug Bounty Hunting Bug Bounty Platform Scope
Review and Target Selection Recon Methodologies Manual Testing Approach
WHAT IS BUG BOUNTY HUNTING
Bug Bounty Platform Bugcrowd Hackerone Intigriti YesWeHack HackenProof Cesspa Synack
Private Programs
Scope Review and Target Selection Check the Description and Focus
Area Check the In-Scope and Out-scope of the target Check the average response time Check the pay-out and How many vulnerabilities reported
Recon Methodologies Small Scope Recon – Specific sets of single
URLs Medium Scope Recon - Specific set of “*.target.com” Large Scope Recon – Everything in Scope
Automating Recon Project Bheem ReconFTW Osmedeus
MANUAL TESTING APPROACH
GET IN TOUCH AT ◦ Twitter: @e11i0t_4lders0n ◦ LinkedIn: /in/tushars25
◦ Instagram: @e11i0t_4lders0n__ ◦ Email:
[email protected]