Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Bug Hunting Tactics

Harsh Bothra
November 28, 2020

Bug Hunting Tactics

Bug Hunting Tactics talk at UPES Dehradun with Cyber Sentinel Student Chapter. This talk covers various aspects of Bug Bounty, Approach for Manual Pentesting, Threat Mapping, Recon, Burp Suite, and Various Server-Side, Client-Side, and logical issues.

Harsh Bothra

November 28, 2020
Tweet

More Decks by Harsh Bothra

Other Decks in Technology

Transcript

  1. B U G
    H U N T I N G
    T A C T I C S
    B Y – H A R S H B O T H R A

    View full-size slide

  2. $(whoami)
    Cobalt Core Pentester
    Synack Red Teamer
    Security Analyst @ Detox Technologies
    Bugcrowd TOP 150 (All-Time) & MVP 2020 Q1-Q2
    Author – 2 Hacking Books
    Infosec Blogger | International Speaker
    Author @Project Bheem
    Author @Project Hanu
    Learner
    @harshbothra_

    View full-size slide

  3. Agenda
    Bug Hunting 101
    Bug Hunting Methodologies
    Application Testing Methodology
    Recon Tactics
    Burp Suite Hacks
    Approaches for Client-Side Issues
    Approaches for Server-Side Issues
    Approaches for Logical & Access Control Issues
    @harshbothra_

    View full-size slide

  4. Bug Hunting 101
    For those who are not familiar with Bug
    Bounties:
    • White Hat approach towards Hacking
    • Help Organizations in securing their
    Assets
    • In Return, get Rewards.
    • Rewards maybe from a Simple “Thanks”
    to $$$$$
    • Legal profession worldwide
    • Get good reputation and status
    • Multiple Platforms to Get Started
    • Big, Lovely Community
    • Lots of Support Material Available
    @harshbothra_

    View full-size slide

  5. Bug Hunting 101
    Platforms
    • HackerOne
    • Intigriti
    • Bugcrowd
    • Synack
    • YesWeHack
    • HackenProof
    • Cesppa
    • Private Programs
    • Company Managed Programs
    (Google, Facebook, Apple,
    Microsoft, etc.)
    @harshbothra_

    View full-size slide

  6. Bug Hunting Methodologies
    Rule – 1: Don’t limit
    yourself to what you
    have learnt through
    tutorials and labs. Real
    life scenarios are
    totally different most
    of the time
    Rule – 2: Create your
    own checklist. Make a
    detailed checklist for
    every possible test
    cases that you can
    perform, and you
    know.
    Rule – 3: Keep a track
    record of everything
    you test. Often you
    may return to a
    program later
    someday or maybe
    your payload execute
    later.
    @harshbothra_

    View full-size slide

  7. Bug Hunting Methodologies
    Rule – 4: Track CVEs & Public
    Exploit Releases. It will help you a
    lot specially in Network
    Pentesting.
    Rule – 5: Be Lazy & Automate
    Stuff. Automate repetitive tasks,
    write small scripts that do your
    job while you focus on manual
    approach.
    Rule – 6: Say no to Automated
    Vulnerability Scanners. They miss
    a lot of security issues and are not
    reliable. They are a helping hand
    not a replacement.
    Rule – 7: Always be active to
    learn, apply & Experiment. Spend
    time on your target and you will
    see results eventually.
    @harshbothra_

    View full-size slide

  8. Application
    Testing
    Methodology
    Learn Learn where you lack and hit back Hard
    Document Document what you have Observed
    Perform Perform Application Specific Attacks
    Perform Perform Manual Pentest
    Perform Perform Scope Based Recon
    Prepare Prepare a Potential Threat Map
    Understand Understand Application’s Business Logic
    Navigate Navigate Application as an End User
    Define Define Target Scope
    @harshbothra_

    View full-size slide

  9. Potential
    Threat
    Mapping
    Navigate Application
    Thoroughly
    List All Components
    & Functionalities
    Prepare Theoretical
    Attack Scenarios for
    each Functionality
    Create possible C.I.A.
    & C.R.U.D. based
    Impact Scenarios
    Export Potential Test
    Cases in a Check List
    format
    Verify all these test
    cases while you
    perform Assessment
    @harshbothra_

    View full-size slide

  10. Manual Testing Approach
    • Keep Vulnerability Standards such as OWASP TOP 10, OWASP ASVS &
    SANS TOP Risks in mind while performing pentest
    • Under the application workflows
    • Figure out various possible workflows of the same features
    • Try to break the application flow – This is where Business Logics exists
    • Understand what technologies are being used by the application
    • Perform technology specific attacks
    • Try to find out bypasses for evading filters
    • Try to perform testing for every single vulnerabilities
    • Do not rely upon Automated Scanner Tools
    • Learn, Research & Hack Again
    @harshbothra_

    View full-size slide

  11. Scope Based Recon
    • Scope Based Recon is a simply methodology to divide How to
    Perform when a specific set of Scope is Provided.
    • Scopes are divided into three categories:
    • Small Scope
    • Medium Scope
    • Large Scope
    • Why Scope Based Recon?
    • Saves a lot of time
    • You know what exactly to look for
    • You can easily automate your recon workflow
    • Less-chance to submit Out-of-Scope Issues
    • Just like other security methodologies enables you perform a better Recon
    @harshbothra_

    View full-size slide

  12. Burp Suite Hacks
    • Advance Scope Controls
    • Important Extensions
    • Testing Access Control Issues
    • Fuzzing with Burp Suite
    • Introduction to Burp Macros
    • Other Interesting Options
    @harshbothra_

    View full-size slide

  13. A P P R O A C H E S
    F O R S E R V E R -
    S I D E I S S U E S
    @harshbothra_

    View full-size slide

  14. A P P R O A C H E S
    F O R C L I E N T -
    S I D E I S S U E S
    @harshbothra_

    View full-size slide

  15. A P P R O A C H E S
    F O R
    B U S I N E S S
    L O G I C
    I S S U E S
    @harshbothra_

    View full-size slide

  16. You can Bombard with Questions if any!
    @harshbothra_

    View full-size slide

  17. Get in Touch at
    @harshbothra_
    Website – https://harshbothra.tech
    Twitter - @harshbothra_
    Instagram - @harshbothra_
    Medium - hbothra22.medium.com
    LinkedIn - @harshbothra
    SpeakerDeck - /harshbothra
    Email – [email protected]

    View full-size slide

  18. T H A N K S …

    View full-size slide