Slide 1

Slide 1 text

A Story About OSINT and Bugbounty By PJBorah

Slide 2

Slide 2 text

A Story About OSINT and Bugbounty By PJBorah

Slide 3

Slide 3 text

Why OSINT Open-source intelligence is a multi-factor methodology for collecting, analyzing and making decisions about data accessible in publicly available sources to be used in an intelligence context. I Love Because discovering unknown assets I Love most censys.io

Slide 4

Slide 4 text

I do Part time Bugbounty Hunting And mostly i do recon using search engine Eg: shodan, censys which Gives lot's of info And My $$$$$ Lets Start Bugbounty and censys And $$$$ censys

Slide 5

Slide 5 text

Navigate to censys.io As we see we have option lookup Host info or Certificates info by IP, Domain Name , CIDR etc. This discover, monitor, and analyze Our target info But How it work? How this help us to find your Critical Bug

Slide 6

Slide 6 text

How to Lookup Host Info Lookup Host details using domain name Lookup Certificate Details Belongs to target eg: facebook.com

Slide 7

Slide 7 text

Look for Specific Services/port Finding for `8880' PORT Use Keyword: (target.com) and services.port=`8880`

Slide 8

Slide 8 text

Look for ftp Finding for 'ftp' Use Keyword: (target.com) and services.service_name=`FTP

Slide 9

Slide 9 text

How I found Some cool bug Using

Slide 10

Slide 10 text

Navigate to censys.io I was Testing on Private Program And where i found All 500+ employee data From Misconfigure This discover, monitor, and analyze Our target info But How it work? How this help us to find your Critical Bug

Slide 11

Slide 11 text

Always Look for unique port in my case i found 5001 come to know through One IP Which is AWS and deploying TableAir.AdminFlow And What They replied to me And Issue is resolved within 2 days .

Slide 12

Slide 12 text

Thanks Youtube: https://www.youtube.com/channel/UCN5YK R8q7TObhymuftzvvkw Twitter : https://twitter.com/pjborah2?lang=en