How to Fail at Bug Bounty Hunting By Tushar Verma

Whoami Application Security Engineer Synack Red Team Member Bug Bounty Hunter Infosec Trainer & Speaker

Failing at Bug Bounty

You participate in the wrong programs Failed to read Bug Bounty Guidelines Lots of Duplicate Failed to show impact You don’t stick to a program You don’t recon Bad Report Writing

Approach towards a better Bug Bounty Hunting

Take your time in choosing the right program Read and Understand Bug Bounty Brief Understand the Vulnerability/Bug and try to explain impact to Program owners Keep yourself updated with new update on old program so that you can be the first one to test and report Do manual and automated Recon. Try to spend more time on recon Better Report Writing

Tips for Beginners Go with VDP’s…Don’t be greedy Go for wide scopes targets No low hanging fruits Learn the “Art of Dorking” Google Try to learn use of burp extensions Learn chaining different vulnerabilities

Avoid Screenshots……… Unfollow them, Ignore them Don’t compare, everyone started from zero Spend more time in learning and believe me you will get success

Recon Automation Framework • ReconFTW • Project Bheem • Osmedeus

Bug Bounty Resources

No content

Get in Touch • Twitter: @e11i0t_4lders0n • LinkedIn: @tushars25 • Instagram: @e11i0t_4lders0n__ • Medium: @tushars2517 • Slides: speakerdeck.com/e11i0t_4lders0n • Email: [email protected]

Thank You