Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
METHODOLOGIES AND APPROACH TO START BUG BOUNTY ...
Search
Tushar Verma
July 25, 2021
Technology
0
600
METHODOLOGIES AND APPROACH TO START BUG BOUNTY HUNTING
Tushar Verma
July 25, 2021
Tweet
Share
More Decks by Tushar Verma
See All by Tushar Verma
The Power of Recon_ Leveraging Recon for Easy $$$$
e11i0t_4lders0n
0
200
AWS Cloud Forensics & Incident Response
e11i0t_4lders0n
1
700
Hacking OAuth Applications
e11i0t_4lders0n
1
2.1k
Exploiting SSRF like a Boss
e11i0t_4lders0n
2
1.1k
How to Fail at Bug Bounty Hunting
e11i0t_4lders0n
1
1.7k
The Bug Hunter’s Recon Methodology
e11i0t_4lders0n
2
790
Bypassing 2FA Misconfiguration
e11i0t_4lders0n
1
2.3k
How to get started in bug bounty
e11i0t_4lders0n
1
500
Other Decks in Technology
See All in Technology
Databricks Free Edition講座 データサイエンス編
taka_aki
0
250
The Engineer with a Three-Year Cycle - 2
e99h2121
0
210
toCプロダクトにおけるAI機能開発のしくじりと学び / ai-product-failures-and-learnings
rince
6
4.6k
月間数億レコードのアクセスログ基盤を無停止・低コストでAWS移行せよ!アプリケーションエンジニアのSREチャレンジ💪
miyamu
0
220
制約が導く迷わない設計 〜 信頼性と運用性を両立するマイナンバー管理システムの実践 〜
bwkw
1
240
re:Inventで出たインフラエンジニアが嬉しかったアップデート
nagisa53
4
230
SREじゃなかった僕らがenablingを通じて「SRE実践者」になるまでのリアル / SRE Kaigi 2026
aeonpeople
1
120
Amazon Bedrock AgentCore 認証・認可入門
hironobuiga
1
450
20260129_CB_Kansai
takuyay0ne
1
230
Riverpod3.xで実現する実践的UI実装
fumiyasac0921
2
360
Embedded SREの終わりを設計する 「なんとなく」から計画的な自立支援へ
sansantech
PRO
1
110
SMTP完全に理解した ✉️
yamatai1212
0
120
Featured
See All Featured
Leveraging Curiosity to Care for An Aging Population
cassininazir
1
150
Beyond borders and beyond the search box: How to win the global "messy middle" with AI-driven SEO
davidcarrasco
1
44
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
194
17k
<Decoding/> the Language of Devs - We Love SEO 2024
nikkihalliwell
1
120
Avoiding the “Bad Training, Faster” Trap in the Age of AI
tmiket
0
65
Art, The Web, and Tiny UX
lynnandtonic
304
21k
Optimising Largest Contentful Paint
csswizardry
37
3.6k
Fantastic passwords and where to find them - at NoRuKo
philnash
52
3.6k
Prompt Engineering for Job Search
mfonobong
0
150
Design of three-dimensional binary manipulators for pick-and-place task avoiding obstacles (IECON2024)
konakalab
0
340
Agile Leadership in an Agile Organization
kimpetersen
PRO
0
76
Improving Core Web Vitals using Speculation Rules API
sergeychernyshev
21
1.4k
Transcript
METHODOLOGIES AND APPROACH TO START BUG BOUNTY HUNTING By: Tushar
Verma
WHOAMI Application Security Engineer Synack Red Team Member Bug Bounty
Hunter
AGENDA What is Bug Bounty Hunting Bug Bounty Platform Scope
Review and Target Selection Recon Methodologies Manual Testing Approach
WHAT IS BUG BOUNTY HUNTING
Bug Bounty Platform Bugcrowd Hackerone Intigriti YesWeHack HackenProof Cesspa Synack
Private Programs
Scope Review and Target Selection Check the Description and Focus
Area Check the In-Scope and Out-scope of the target Check the average response time Check the pay-out and How many vulnerabilities reported
Recon Methodologies Small Scope Recon – Specific sets of single
URLs Medium Scope Recon - Specific set of “*.target.com” Large Scope Recon – Everything in Scope
Automating Recon Project Bheem ReconFTW Osmedeus
MANUAL TESTING APPROACH
GET IN TOUCH AT ◦ Twitter: @e11i0t_4lders0n ◦ LinkedIn: /in/tushars25
◦ Instagram: @e11i0t_4lders0n__ ◦ Email:
[email protected]
e11i0t_4lders0n
taka_aki
e99h2121
rince
miyamu
bwkw
nagisa53
aeonpeople
hironobuiga
takuyay0ne
fumiyasac0921
sansantech
yamatai1212
cassininazir
davidcarrasco
afnizarnur
nikkihalliwell
tmiket
lynnandtonic
csswizardry
philnash
mfonobong
konakalab
kimpetersen
sergeychernyshev
