Upcoming SlideShare
Recon and Bug Bounties - What a great love story!
- 1. --Abhijeth Dugginapeddi RECON AND BUG BOUNTIES WHAT A GREAT <3 STORY
- 2. PPT 101– INTRODUCE THE SPEAKER • I think I’m still a script kiddie maybe? • 9:00-17:00 work at a large organization • 17:00-9:00 work on the internet • Got lucky in finding bugs with Google, Facebook, Microsoft, Ebay etc • One among top 5 bug bounty researchers on Synack • Stop bragging and start the preso man
- 3. AGENDA
- 4. DO YOU DO PEN TESTING?
- 5. WEB SECURITY
- 6. AN UNINFORMED THREAT MODEL... www.website.com shop.website.com blog.website.com stage.website.com db.website.com api.website.com dev.website.com backup-syd.website.com archive.website.com s3 Buckets github pastebin third party providers mobile applications analytics etc etc…
- 7. BUT WHY?
- 8. ATTACK DIFFERENTLY
- 9. OK COOL BUT HOW?
- 10. DO YOU STILL REVERSE IP
- 11. SUB DOMAIN-ING
- 12. SUB DOMAINS • Sublist3r • Masscan • Shodan • censys
- 13. Yo!! Does this work?
- 14. OH YEA TEST DATABASES MADE PUBLIC? SURE THANKS
- 15. SNAPSHOT-ING YOUR SUB DOMAIN LIST
- 16. SOMETHING TO HELP YOU ALONG... snapple.py
- 17. DIVING IN: HACKING WITH GOOGLE(DEMO)
- 18. DO YOU GITHUB? • Site.com API_key • Password @site.com • Site.com secret_key • Site.com FTP password • Site.com ssh • Will leave combinations to your imagination
- 19. EVER TRIED LINK FINDER?
- 20. #RANDOM TARGET
- 21. #RANDOM TARGET
- 22. OOPSY
- 23. MORAL OF THE STORY
- 24. FEW PEOPLE YOU SHOULD FOLLOW FOR SOME COOL STUFF IN THIS SPACE • Jason Haddix • Nahamsec • Naffy • Shubs_shah • Bharath kumar • Edoverflow • And me ;)
- 25. CREDITS https://imgflip.com/memegenerator for memes/gifs All the authors of these tools Great job guys and Thank you!!
- 26. Thanks to these guys for making internet secure again @Bugcrowd @synack @Hacker0x01
- 27. Cheers to @Reconvillage questions? @abhijeth
Be the first to comment