Slide 1

Slide 1 text

How to Fail at Bug Bounty Hunting By Tushar Verma

Slide 2

Slide 2 text

Whoami Application Security Engineer Synack Red Team Member Bug Bounty Hunter Infosec Trainer & Speaker

Slide 3

Slide 3 text

Failing at Bug Bounty

Slide 4

Slide 4 text

You participate in the wrong programs Failed to read Bug Bounty Guidelines Lots of Duplicate Failed to show impact You don’t stick to a program You don’t recon Bad Report Writing

Slide 5

Slide 5 text

Approach towards a better Bug Bounty Hunting

Slide 6

Slide 6 text

Take your time in choosing the right program Read and Understand Bug Bounty Brief Understand the Vulnerability/Bug and try to explain impact to Program owners Keep yourself updated with new update on old program so that you can be the first one to test and report Do manual and automated Recon. Try to spend more time on recon Better Report Writing

Slide 7

Slide 7 text

Tips for Beginners Go with VDP’s…Don’t be greedy Go for wide scopes targets No low hanging fruits Learn the “Art of Dorking” Google Try to learn use of burp extensions Learn chaining different vulnerabilities

Slide 8

Slide 8 text

Avoid Screenshots……… Unfollow them, Ignore them Don’t compare, everyone started from zero Spend more time in learning and believe me you will get success

Slide 9

Slide 9 text

Recon Automation Framework • ReconFTW • Project Bheem • Osmedeus

Slide 10

Slide 10 text

Bug Bounty Resources

Slide 11

Slide 11 text

No content

Slide 12

Slide 12 text

Get in Touch • Twitter: @e11i0t_4lders0n • LinkedIn: @tushars25 • Instagram: @e11i0t_4lders0n__ • Medium: @tushars2517 • Slides: speakerdeck.com/e11i0t_4lders0n • Email: [email protected]

Slide 13

Slide 13 text

Thank You