Fun & profit with bug bounties

3,496 views

Published on

null Dharmashal Chapter - July 2014 Meet

Published in: Education

Fun & profit with bug bounties

  1. 1. Fun & Profit with Bug Bounties - Madhu Akula Null - DharamshalaNull - Dharamshala
  2. 2. About Me ! root@localhost :~# whoami Madhu Akula Information Security Enthusiastic madhu.akula@hotmail.com www.madhuakula.com in.linkedin.com/in/madhuakula fb.com/madhu.akula twitter.com/madhuakula
  3. 3. Agenda What and how to start Bug Bounties & My experience with bug bounties...
  4. 4. What is bug bounty ? Vendor : ● Create a program ● Offer HOF (or) Swag (or) Reward (or) Duplicate ● Get the all vulnerabilities and Fix asap ! ● Make products and applications secure Researcher : ● Find the vulnerabilities in target ● Get mostly duplicates :P ● Other wise Hof, Swag (or) Reward ! ● Share in Social Network
  5. 5. History... https://blog.crowdcurity.com/the-history-of-bug-bounty-programs/
  6. 6. Who are eligible ? ● Are you able to p0p up
  7. 7. Where to find the list? ● Here you go...
  8. 8. How to start ??? ● Learn how things will work ● Owasp is our home to learn Web Application Security ● Do home work with Broken Web Apps ● Then apply what you learn ! Start with your requests untill you will get the response :)
  9. 9. How to start ??? ● Your main resource for bug bounties is gathering Proof Of Concepts (POC) ! ● Checking blogs for write up ● Adding bug hunters into your friends list to get PoC's as well as new programs :p ● Checking for new vulnerabilities site:hackerone.com/reports/
  10. 10. How to start ??? ● Take one site from the list of sites ● Check your luck with new sites ● Then try to map the target with attack surface ● Check for OWASP Vulnerabilities as first priority ● Check other type of vulnerabilities also ● Then get hof, swags and $$$$
  11. 11. Common checks ! ● Cross Site Scripting ● Cross Site Request Forgery ● Injections ● Authentication and Session Mechanism ● Remote Code Execution ● Other...
  12. 12. Resources Mozilla and addon's ● Live HTTP Headers ● Tamper Data ● Wappalyzer ● Foxyproxy ● Firebug ● Hack bar ● User switcher ● Others... writing custom scripts will give you more good and quick results searchdns.netcraft.com, www.wolframalpha.com - For subdomains finding ! Keep ready made report templates to become you are the first person to find ! Finally use https://pentest-tools.com Proxies ● Burp ● Owasp ZAP ● Any other Search Engine Discovery Google, Shodan, Bing, other Open Source ● Ironwasp ● Xenotix ● Many more... Bye bye to Scanners !
  13. 13. My Experiance with Bug Bounties ! Started with Duplicates... Don't know what is bug hunting (n00b)
  14. 14. Digging into deep ! ● only one target, find bugs untill you will be the first person to find ! ● Once you are the first person if is there any reward try more untill you will be listed in Top members...
  15. 15. After... Many More...Many More...
  16. 16. After... Many More...Many More...
  17. 17. After... Many More...Many More...
  18. 18. The End ! ● It's enough ● Realised that I'm wasting everyday 2hrs ● Luck is the best kick for duplicates ● Started as noob and got some expriance with app security ● Good friends in Social Networks ● Then started contributing to Open Source and got some CVE-2014-4329, CVE-2014-4722, CVE-2014-4853
  19. 19. Conclusion Bug bounties are not only for rewards (or) fame. You will learn about new attacks and exploitation techniques by playing with other applications.
  20. 20. Demo's & POC's
  21. 21. Walk Through !
  22. 22. Special Thanks ! http://null.co.infb.com/null0x00 twitter.com/null0x00

×