Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
METHODOLOGIES AND APPROACH TO START BUG BOUNTY ...
Search
Tushar Verma
July 25, 2021
Technology
0
560
METHODOLOGIES AND APPROACH TO START BUG BOUNTY HUNTING
Tushar Verma
July 25, 2021
Tweet
Share
More Decks by Tushar Verma
See All by Tushar Verma
The Power of Recon_ Leveraging Recon for Easy $$$$
e11i0t_4lders0n
0
160
AWS Cloud Forensics & Incident Response
e11i0t_4lders0n
1
640
Hacking OAuth Applications
e11i0t_4lders0n
1
2k
Exploiting SSRF like a Boss
e11i0t_4lders0n
2
1.1k
How to Fail at Bug Bounty Hunting
e11i0t_4lders0n
1
1.7k
The Bug Hunter’s Recon Methodology
e11i0t_4lders0n
2
760
Bypassing 2FA Misconfiguration
e11i0t_4lders0n
1
2.2k
How to get started in bug bounty
e11i0t_4lders0n
1
470
Other Decks in Technology
See All in Technology
WACATE2024冬セッション資料(ユーザビリティ)
scarletplover
0
200
LINEスキマニにおけるフロントエンド開発
lycorptech_jp
PRO
0
330
サイバー攻撃を想定したセキュリティガイドライン 策定とASM及びCNAPPの活用方法
syoshie
3
1.3k
Postman と API セキュリティ / Postman and API Security
yokawasa
0
200
10個のフィルタをAXI4-Streamでつなげてみた
marsee101
0
170
kargoの魅力について伝える
magisystem0408
0
210
.NET 9 のパフォーマンス改善
nenonaninu
0
900
あの日俺達が夢見たサーバレスアーキテクチャ/the-serverless-architecture-we-dreamed-of
tomoki10
0
460
マルチプロダクト開発の現場でAWS Security Hubを1年以上運用して得た教訓
muziyoshiz
3
2.3k
生成AIをより賢く エンジニアのための RAG入門 - Oracle AI Jam Session #20
kutsushitaneko
4
220
Microsoft Azure全冠になってみた ~アレを使い倒した者が試験を制す!?~/Obtained all Microsoft Azure certifications Those who use "that" to the full will win the exam! ?
yuj1osm
2
110
Qiita埋め込み用スライド
naoki_0531
0
5.1k
Featured
See All Featured
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
29
2k
Rails Girls Zürich Keynote
gr2m
94
13k
It's Worth the Effort
3n
183
28k
A better future with KSS
kneath
238
17k
Principles of Awesome APIs and How to Build Them.
keavy
126
17k
[RailsConf 2023] Rails as a piece of cake
palkan
53
5k
XXLCSS - How to scale CSS and keep your sanity
sugarenia
247
1.3M
The Pragmatic Product Professional
lauravandoore
32
6.3k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
32
2.7k
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
44
6.9k
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
251
21k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
95
17k
Transcript
METHODOLOGIES AND APPROACH TO START BUG BOUNTY HUNTING By: Tushar
Verma
WHOAMI Application Security Engineer Synack Red Team Member Bug Bounty
Hunter
AGENDA What is Bug Bounty Hunting Bug Bounty Platform Scope
Review and Target Selection Recon Methodologies Manual Testing Approach
WHAT IS BUG BOUNTY HUNTING
Bug Bounty Platform Bugcrowd Hackerone Intigriti YesWeHack HackenProof Cesspa Synack
Private Programs
Scope Review and Target Selection Check the Description and Focus
Area Check the In-Scope and Out-scope of the target Check the average response time Check the pay-out and How many vulnerabilities reported
Recon Methodologies Small Scope Recon – Specific sets of single
URLs Medium Scope Recon - Specific set of “*.target.com” Large Scope Recon – Everything in Scope
Automating Recon Project Bheem ReconFTW Osmedeus
MANUAL TESTING APPROACH
GET IN TOUCH AT ◦ Twitter: @e11i0t_4lders0n ◦ LinkedIn: /in/tushars25
◦ Instagram: @e11i0t_4lders0n__ ◦ Email:
[email protected]
e11i0t_4lders0n
scarletplover
lycorptech_jp
syoshie
yokawasa
marsee101
magisystem0408
nenonaninu
tomoki10
muziyoshiz
kutsushitaneko
yuj1osm
naoki_0531
jcasabona
gr2m
3n
kneath
keavy
palkan
sugarenia
lauravandoore
rmw
eileencodes
smashingmag
panda_program
