Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
METHODOLOGIES AND APPROACH TO START BUG BOUNTY ...
Search
Tushar Verma
July 25, 2021
Technology
620
0
Share
METHODOLOGIES AND APPROACH TO START BUG BOUNTY HUNTING
Tushar Verma
July 25, 2021
More Decks by Tushar Verma
See All by Tushar Verma
The Power of Recon_ Leveraging Recon for Easy $$$$
e11i0t_4lders0n
0
230
AWS Cloud Forensics & Incident Response
e11i0t_4lders0n
1
720
Hacking OAuth Applications
e11i0t_4lders0n
1
2.1k
Exploiting SSRF like a Boss
e11i0t_4lders0n
2
1.1k
How to Fail at Bug Bounty Hunting
e11i0t_4lders0n
1
1.7k
The Bug Hunter’s Recon Methodology
e11i0t_4lders0n
2
800
Bypassing 2FA Misconfiguration
e11i0t_4lders0n
1
2.4k
How to get started in bug bounty
e11i0t_4lders0n
1
510
Other Decks in Technology
See All in Technology
AI時代から振り返るTerraform drift運用の歴史 / AI Age Reflections on the History of Terraform Drift Operations
aeonpeople
0
600
NFLコンペ2026 解法
lycorptech_jp
PRO
0
130
Oracle Cloud Infrastructure:2026年5月度サービス・アップデート
oracle4engineer
PRO
1
270
Platform Engineering as a Product: Criteria for Improvement and Multi-Tenant Design
kumorn5s
0
390
電子辞書Brainをネットに繋げてみた(自力編)
raspython3
0
320
個人AIからチームAIへ:開発における品質と生産性の再設計
moongift
PRO
0
310
権限管理設計を完全に理解した
rsugi
2
240
Sony_KMP_Journey_KotlinConf2026
sony
0
170
Kaggle未経験社員をメダリストに育てる「AIドラゴン桜」
lycorptech_jp
PRO
0
660
Anthropic AIネイティブ・スタートアップ構築のプレイブック を理解する
nagatsu
0
220
AI時代に改めて考える、ドメイン駆動設計 - モデリングが「AIへの共通言語」になる
littlehands
8
2.9k
TROCCOで始めるクラウドコストを民主化するためのFinOps
tk3fftk
1
300
Featured
See All Featured
Accessibility Awareness
sabderemane
1
130
Chrome DevTools: State of the Union 2024 - Debugging React & Beyond
addyosmani
10
1.2k
How STYLIGHT went responsive
nonsquared
100
6.1k
AI: The stuff that nobody shows you
jnunemaker
PRO
7
670
Ethics towards AI in product and experience design
skipperchong
2
290
DevOps and Value Stream Thinking: Enabling flow, efficiency and business value
helenjbeal
1
210
コードの90%をAIが書く世界で何が待っているのか / What awaits us in a world where 90% of the code is written by AI
rkaga
61
44k
The browser strikes back
jonoalderson
0
1.1k
For a Future-Friendly Web
brad_frost
183
10k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
35
3.5k
Efficient Content Optimization with Google Search Console & Apps Script
katarinadahlin
PRO
1
580
Leadership Guide Workshop - DevTernity 2021
reverentgeek
1
290
Transcript
METHODOLOGIES AND APPROACH TO START BUG BOUNTY HUNTING By: Tushar
Verma
WHOAMI Application Security Engineer Synack Red Team Member Bug Bounty
Hunter
AGENDA What is Bug Bounty Hunting Bug Bounty Platform Scope
Review and Target Selection Recon Methodologies Manual Testing Approach
WHAT IS BUG BOUNTY HUNTING
Bug Bounty Platform Bugcrowd Hackerone Intigriti YesWeHack HackenProof Cesspa Synack
Private Programs
Scope Review and Target Selection Check the Description and Focus
Area Check the In-Scope and Out-scope of the target Check the average response time Check the pay-out and How many vulnerabilities reported
Recon Methodologies Small Scope Recon – Specific sets of single
URLs Medium Scope Recon - Specific set of “*.target.com” Large Scope Recon – Everything in Scope
Automating Recon Project Bheem ReconFTW Osmedeus
MANUAL TESTING APPROACH
GET IN TOUCH AT ◦ Twitter: @e11i0t_4lders0n ◦ LinkedIn: /in/tushars25
◦ Instagram: @e11i0t_4lders0n__ ◦ Email:
[email protected]
e11i0t_4lders0n
aeonpeople
lycorptech_jp
oracle4engineer
kumorn5s
raspython3
moongift
rsugi
sony
nagatsu
littlehands
tk3fftk
sabderemane
addyosmani
nonsquared
jnunemaker
skipperchong
.png){kind=avatar}
helenjbeal
rkaga
jonoalderson
brad_frost
rmw
katarinadahlin
reverentgeek
