Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
{
Bug Bounty
Play for Money
#Whoami
Shubham Gupta (@hackerspider1)
Just another random lazy guy interested in security
Security Consultant at Pyramid Cyber Se...
Lucky Enough
 Introduction
 History
 Why bug hunting?
 How to do bug hunting?
 Quick Tips
 POC
 Pros and Cons of bug hunting.
 ...
What is #Bug Bounty
• Also calls as VRP (Vulnerability Reward Program)
• Company (Security Team/Vendor)
Create Program.
Of...
A Brief History of Bug Bounty
Programs.
- 1995 (Net Scape)
- 2004 (FIREFOX)
- 2005
- 2007
- 2010 - 2011
- 2012 - 2013
-201...
Why bug hunting?
 Chances of finding bugs to put on
your cv.
 Possibility of getting job.
 lots of money in very less t...
Bug Bounty Programs And Platforms
• Popular Programs
- Google (Min 100$ & Max 20000$)
- Yahoo (Min 50$ & Max 15000$)
- Fac...
Want Few More?
https://bugcrowd.com/list-of-bug-bounty-programs
https://hackerone.com/directory
https://cobalt.io/programs
Popular Platform
BugCrowd
Managed Security Program for Company
27125 World Wide Researcher
200+ Programs
HackerOne
Securit...
How to kickoff for hunting bugs?
How to do bug hunting?
 Bug hunting is all about Exploring Weaknesses and
Experimentation.
 It requires 30% programming ...
Quick Tips
How to Write Report?
Title
Issue Information
Step by step instruction to reproduce the bug
Impact
Mitigation
POC
Video Demo
Yahoo Xss Filter Bypass
SVG XSS
 One of the most unique bug of 2015 and easy to find.
 Most of the web based projects include svg for a clear an...
Live Demo of SVG XSS on BugCrowd
Tapjacking Live Demo POC Video
Thanks 
-My Nigga
Bug Bounty - Play For Money
Bug Bounty - Play For Money
Bug Bounty - Play For Money
Bug Bounty - Play For Money
Bug Bounty - Play For Money
Upcoming SlideShare
Loading in …5
×

Bug Bounty - Play For Money

1,411 views

Published on

#CSA #Dehradun

XSS Video POC in Yahoo :

https://www.youtube.com/watch?v=I2WKUJn8P7I

Tapjacking bug poc in Android 6.0 Video :

https://www.youtube.com/watch?v=8BcP3Q4ZWXQ

Published in: Internet
  • Get the best essay, research papers or dissertations. from ⇒ www.HelpWriting.net ⇐ A team of professional authors with huge experience will give u a result that will overcome your expectations.
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • My brother found Custom Writing Service ⇒ www.WritePaper.info ⇐ and ordered a couple of works. Their customer service is outstanding, never left a query unanswered.
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Got a new Iphone 6 in just 7 days completing surveys and offers! Now I'm just a few days away from completing and receiving my samsung tablet! Highly recommended! Definitely the best survey site out there!  http://t.cn/AieXAuZz
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Unlock Her Legs(Official) $69 | Get 90% Off + 8 Special Bonus? ▲▲▲ http://ishbv.com/unlockher/pdf
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Just watch this FREE video that explains exactly how you can use the power of the "abundance secret" to tap into the universe, and bring you unlimited wealth. Hurry, this video won't be up for long! ♥♥♥ https://tinyurl.com/y44vwbuh
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Be the first to like this

Bug Bounty - Play For Money

  1. 1. { Bug Bounty Play for Money
  2. 2. #Whoami
  3. 3. Shubham Gupta (@hackerspider1) Just another random lazy guy interested in security Security Consultant at Pyramid Cyber Security & Forensic Bug Bounty Hunter {Just do when I need money BCA Graduate {Doesn’t Matter Penetration tester
  4. 4. Lucky Enough
  5. 5.  Introduction  History  Why bug hunting?  How to do bug hunting?  Quick Tips  POC  Pros and Cons of bug hunting.  Q&A Agenda
  6. 6. What is #Bug Bounty • Also calls as VRP (Vulnerability Reward Program) • Company (Security Team/Vendor) Create Program. Offer Cash , HOF , Swag. Acknowledge Your Work. • Researchers / Bug Hunter Hit Target and Get Bugs. Sometimes Duplicates , Sometime $$$ , Sometime Swag. Recheck Bug After Fix.
  7. 7. A Brief History of Bug Bounty Programs. - 1995 (Net Scape) - 2004 (FIREFOX) - 2005 - 2007 - 2010 - 2011 - 2012 - 2013 -2013 (Cobalt) - 2013 (Synac k)
  8. 8. Why bug hunting?  Chances of finding bugs to put on your cv.  Possibility of getting job.  lots of money in very less time  Cool T-shirts, Hoodies, Mugs and many more swags  Recognition  Connections  Less security breaches  Enjoyment  Person will Learn to work hard because of Competition
  9. 9. Bug Bounty Programs And Platforms • Popular Programs - Google (Min 100$ & Max 20000$) - Yahoo (Min 50$ & Max 15000$) - Facebook Min 500$ - Want to know More  Github  Twitter  Microsoft
  10. 10. Want Few More? https://bugcrowd.com/list-of-bug-bounty-programs https://hackerone.com/directory https://cobalt.io/programs
  11. 11. Popular Platform BugCrowd Managed Security Program for Company 27125 World Wide Researcher 200+ Programs HackerOne Security Inbox for Company 133+ Public Program 6.91M Paid Synack Everyone Want To Join Cobalt
  12. 12. How to kickoff for hunting bugs?
  13. 13. How to do bug hunting?  Bug hunting is all about Exploring Weaknesses and Experimentation.  It requires 30% programming knowledge and 70% logical out of box thinking.  Try each and every Combination to exploit bug .  Dig dipper.  Try more to find logical bugs it will increase your chance for higher payouts and reduce chances for Duplicates.
  14. 14. Quick Tips
  15. 15. How to Write Report? Title Issue Information Step by step instruction to reproduce the bug Impact Mitigation
  16. 16. POC
  17. 17. Video Demo
  18. 18. Yahoo Xss Filter Bypass
  19. 19. SVG XSS  One of the most unique bug of 2015 and easy to find.  Most of the web based projects include svg for a clear and interactive user experience.  To verify this answer I created an svg file with an XSS vector below and started testing the websites that allow images .
  20. 20. Live Demo of SVG XSS on BugCrowd
  21. 21. Tapjacking Live Demo POC Video
  22. 22. Thanks  -My Nigga

×