Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
--Abhijeth Dugginapeddi RECON AND BUG BOUNTIES WHAT A GREAT <3 STORY
PPT 101– INTRODUCE THE SPEAKER • I think I’m still a script kiddie maybe? • 9:00-17:00 work at a large organization • 17:0...
AGENDA
DO YOU DO PEN TESTING?
WEB SECURITY
AN UNINFORMED THREAT MODEL... www.website.com shop.website.com blog.website.com stage.website.com db.website.com api.websi...
BUT WHY?
ATTACK DIFFERENTLY
OK COOL BUT HOW?
DO YOU STILL REVERSE IP
SUB DOMAIN-ING
SUB DOMAINS • Sublist3r • Masscan • Shodan • censys
Yo!! Does this work?
OH YEA TEST DATABASES MADE PUBLIC? SURE THANKS
SNAPSHOT-ING YOUR SUB DOMAIN LIST
SOMETHING TO HELP YOU ALONG... snapple.py
DIVING IN: HACKING WITH GOOGLE(DEMO)
DO YOU GITHUB? • Site.com API_key • Password @site.com • Site.com secret_key • Site.com FTP password • Site.com ssh • Will...
EVER TRIED LINK FINDER?
#RANDOM TARGET
#RANDOM TARGET
OOPSY
MORAL OF THE STORY
FEW PEOPLE YOU SHOULD FOLLOW FOR SOME COOL STUFF IN THIS SPACE • Jason Haddix • Nahamsec • Naffy • Shubs_shah • Bharath ku...
CREDITS https://imgflip.com/memegenerator for memes/gifs All the authors of these tools  Great job guys and Thank you!!
Thanks to these guys for making internet secure again  @Bugcrowd @synack @Hacker0x01
Cheers to @Reconvillage questions? @abhijeth
Recon and Bug Bounties - What a great love story!
Recon and Bug Bounties - What a great love story!
Recon and Bug Bounties - What a great love story!
Recon and Bug Bounties - What a great love story!
Recon and Bug Bounties - What a great love story!
You’ve finished this document.
Download and read it offline.
Upcoming SlideShare
What to Upload to SlideShare
Next
Upcoming SlideShare
What to Upload to SlideShare
Next
Download to read offline and view in fullscreen.
Internet
Aug. 04, 2017
1,318 views

Share

Recon and Bug Bounties - What a great love story!

Download to read offline

Internet
Aug. 04, 2017
1,318 views

n this talk, the speaker will demonstrate few effective techniques using which researchers/pen testers can do better information gathering. The speaker would also share many stories which allowed him to earn some bounties using these recon techniques. This techniques might also be useful to red teams/incident response teams to identify rogue devices in their organisation which are often missed out during normal penetration testing. These might not be “best practices” but are definitely “good practices” and “nice to know” things while doing Penetration Testing.

Recommended

Related Books

Free with a 30 day trial from Scribd

See all
Hamlet's BlackBerry: A Practical Philosophy for Building a Good Life in the Digital Age William Powers
(4/5)
Free
In the Plex: How Google Thinks, Works, and Shapes Our Lives Steven Levy
(4.5/5)
Free
An Army of Davids: How Markets and Technology Empower Ordinary People to Beat Big Media, Big Government, and Other Goliaths Glenn Reynolds
(4/5)
Free
World Wide Mind: The Coming Integration of Humanity, Machines, and the Internet Michael Chorost
(4/5)
Free
Emergence: The Connected Lives of Ants, Brains, Cities, and Software Steven Johnson
(4.5/5)
Free
Tubes: A Journey to the Center of the Internet Andrew Blum
(4/5)
Free
The Impulse Economy: Understanding Mobile Shoppers and What Makes Them Buy Gary Schwartz
(4.5/5)
Free
Blog Schmog: The Truth About What Blogs Can (and Can't) Do for Your Business Robert W. Bly
(4/5)
Free
The End of Business As Usual: Rewire the Way You Work to Succeed in the Consumer Revolution Brian Solis
(5/5)
Free
Socialnomics: How Social Media Transforms the Way We Live and Do Business Erik Qualman
(3/5)
Free
Public Parts: How Sharing in the Digital Age Improves the Way We Work and Live Jeff Jarvis
(3.5/5)
Free
The Nature of the Future: Dispatches from the Socialstructed World Marina Gorbis
(4/5)
Free
Talking Back to Facebook: The Common Sense Guide to Raising Kids in the Digital Age James P. Steyer
(4.5/5)
Free
The Thank You Economy Gary Vaynerchuk
(4/5)
Free
How to Do Everything: Genealogy, Fourth Edition George G. Morgan
(0/5)
Free
Blog, Inc.: Blogging for Passion, Profit, and to Create Community Joy Deangdeelert Cho
(3.5/5)
Free

Related Audiobooks

Free with a 30 day trial from Scribd

See all
The Secret Life: Three True Stories of the Digital Age Andrew O'Hagan
(4/5)
Free
Blockchain Revolution: How the Technology Behind Bitcoin Is Changing Money, Business, and the World Don Tapscott
(4/5)
Free
Internet Riches: The Simple Money-Making Secrets of Online Millionaires Scott Fox
(4/5)
Free
Exploding Data: Reclaiming Our Cyber Security in the Digital Age Michael Chertoff
(4/5)
Free
Cyberwar: How Russian Hackers and Trolls Helped Elect a President—What We Don't, Can't, and Do Know Kathleen Hall Jamieson
(3/5)
Free
Hacker, Hoaxer, Whistleblower, Spy: The Many Faces of Anonymous Gabriella Coleman
(4/5)
Free
The Art of Social Media: Power Tips for Power Users Guy Kawasaki
(4/5)
Free
Kill All Normies: Online Culture Wars From 4Chan And Tumblr To Trump And The Alt-Right Angela Nagle
(4/5)
Free
Who Owns the Future? Jaron Lanier
(4/5)
Free
Instagram for Business for Dummies: 2nd Edition Jenn Herman
(0/5)
Free
The Dark Net: Inside the Digital Underworld Jamie Bartlett
(3.5/5)
Free
This Machine Kills Secrets: How Wikileakers, Cypherpunks, and Hacktivists Aim to Free the World's Information Andy Greenberg
(4/5)
Free
So You Want to Start a Podcast: Finding Your Voice, Telling Your Story, and Building a Community that Will Listen Kristen Meinzer
(4.5/5)
Free
Stop Checking Your Likes: Shake Off the Need for Approval and Live an Incredible Life Susie Moore
(4/5)
Free
Ten Arguments for Deleting Your Social Media Accounts Right Now Jaron Lanier
(4.5/5)
Free
How to Handle a Crowd: The Art of Creating Healthy and Dynamic Online Communities Anika Gupta
(5/5)
Free

Recon and Bug Bounties - What a great love story!

  1. 1. --Abhijeth Dugginapeddi RECON AND BUG BOUNTIES WHAT A GREAT <3 STORY
  2. 2. PPT 101– INTRODUCE THE SPEAKER • I think I’m still a script kiddie maybe? • 9:00-17:00 work at a large organization • 17:00-9:00 work on the internet • Got lucky in finding bugs with Google, Facebook, Microsoft, Ebay etc • One among top 5 bug bounty researchers on Synack • Stop bragging and start the preso man
  3. 3. AGENDA
  4. 4. DO YOU DO PEN TESTING?
  5. 5. WEB SECURITY
  6. 6. AN UNINFORMED THREAT MODEL... www.website.com shop.website.com blog.website.com stage.website.com db.website.com api.website.com dev.website.com backup-syd.website.com archive.website.com s3 Buckets github pastebin third party providers mobile applications analytics etc etc…
  7. 7. BUT WHY?
  8. 8. ATTACK DIFFERENTLY
  9. 9. OK COOL BUT HOW?
  10. 10. DO YOU STILL REVERSE IP
  11. 11. SUB DOMAIN-ING
  12. 12. SUB DOMAINS • Sublist3r • Masscan • Shodan • censys
  13. 13. Yo!! Does this work?
  14. 14. OH YEA TEST DATABASES MADE PUBLIC? SURE THANKS
  15. 15. SNAPSHOT-ING YOUR SUB DOMAIN LIST
  16. 16. SOMETHING TO HELP YOU ALONG... snapple.py
  17. 17. DIVING IN: HACKING WITH GOOGLE(DEMO)
  18. 18. DO YOU GITHUB? • Site.com API_key • Password @site.com • Site.com secret_key • Site.com FTP password • Site.com ssh • Will leave combinations to your imagination
  19. 19. EVER TRIED LINK FINDER?
  20. 20. #RANDOM TARGET
  21. 21. #RANDOM TARGET
  22. 22. OOPSY
  23. 23. MORAL OF THE STORY
  24. 24. FEW PEOPLE YOU SHOULD FOLLOW FOR SOME COOL STUFF IN THIS SPACE • Jason Haddix • Nahamsec • Naffy • Shubs_shah • Bharath kumar • Edoverflow • And me ;)
  25. 25. CREDITS https://imgflip.com/memegenerator for memes/gifs All the authors of these tools  Great job guys and Thank you!!
  26. 26. Thanks to these guys for making internet secure again  @Bugcrowd @synack @Hacker0x01
  27. 27. Cheers to @Reconvillage questions? @abhijeth

  • SametSahin8

    Aug. 2, 2020

  • SleepyEinstein

    Sep. 18, 2017

n this talk, the speaker will demonstrate few effective techniques using which researchers/pen testers can do better information gathering. The speaker would also share many stories which allowed him to earn some bounties using these recon techniques. This techniques might also be useful to red teams/incident response teams to identify rogue devices in their organisation which are often missed out during normal penetration testing. These might not be “best practices” but are definitely “good practices” and “nice to know” things while doing Penetration Testing.

Views

Total views

1,318

On Slideshare

0

From embeds

0

Number of embeds

359

Actions

Downloads

28

Shares

0

Comments

0

Likes

2

×