Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

"Introduction to Bug Hunting", Yasser Ali

327 views

Published on

Have you ever dreamed of getting paid to hack?!
As a Bug Hunter, this is what its all about, you hack and find vulnerabilities in software and websites, then end up with profit and fame.
In this session, I will explain to you how to start your journey in bug hunting, Are you ready?

Published in: Technology
  • Be the first to comment

"Introduction to Bug Hunting", Yasser Ali

  1. 1. Вступ до полювання на баги Ясер Али Security Analyst @ HackerOne
  2. 2. What are we going to learn today? ✓ Bug Hunting and Bug Bounty Platforms. ✓ Preparing yourself psychologically and technically. ✓ Sharpening your hacking tools. ✓ Hunting the lowest hanging fruits. ✓ Writing an effective report and the right way to communicate. ✓ Today’s homework. ✓ Questions?
  3. 3. Bug Hunting and Bug Bounty Platforms What is a Bug Hunter: He is that guy who sits behind the keyboard and makes millions of Hryvnias without even going to work? Bug Bounty Platforms: ➢ HackerOne ➢ BugCrowd ➢ Cobalt ➢ BugBountyHQ ➢ Hacken
  4. 4. Begin your journey Psycology: Your expectations should always be high for finding vulnerabilities and low for payouts. Technically: ➢ Read about everything and focus on one field and learn everything about it. ➢ Understand How different operating systems work, how web servers work. ➢ Get a Linux distro, install a webserver and start playing around. ➢ Learn a scripting/programming language.
  5. 5. Bug Hunters favorite tools Reconnaissance: ✓ Sublist3r / AWSBucketDump. ✓ DirBuster / DirSearch / Google Hacking/ Archive.org ✓ Nmap ✓ BurpSuite
  6. 6. The lowest hanging fruit ▪ Unprotected admin areas/ GitHub repositories / Backup files. ▪ Unclaimed subdomains / Legacy subdomains. ▪ Software with knows vulnerabilities. ▪ Business Logic flaws. ▪ File upload functionality. ▪ Mobile Apps/APIs.
  7. 7. The lowest hanging fruit ✓ File Upload Functionality (Data Scheme URI)
  8. 8. Submitting your report and communicating with the triage team ❑ Review the program policy. ❑ Revalidate your report. ❑ Be Clear. ❑ Be patient. (Plz bro)
  9. 9. What should I do today? 1. Read “How To Become A Hacker” historical article. 2. Get “The Web Applications Hackers Handbook”. 1. Download and install any virtualization software such as Virtual Box, “Kali Linux” and start exploring the Web tools. 1. Keep an eye on all hacking news and bug bounty channels (BugBountyForum), participate in local and international events.
  10. 10. Спасибо за внимание! Ясер Али Y@sserali.com +971 55 3535 200 https://www.yasserali.com Спасибо за внимание!

×