SlideShare a Scribd company logo

Bug Bounty Career.pdf

V
Vishal318796

Bug Bounty Career Guidance

Engineering
1 of 19
Download to read offline
Bug Bounty Career – WEB HACKING Joas Antonio
Details • The objective is to help Information Security professionals, enthusiasts and even the youngest, to enter the Bug Bounty area; • Knowing the skills necessary to work in the area of ​​Bug Bounty; • Of course, this is not a guide that will make you a professional, but I hope it helps; My LinkedIn: https://www.linkedin.com/in/joas-antonio-dos-santos/
Bug Bounty Platforms 1. HackerOne 2. Bugcrowd 3. Intigriti 4. Bug Hunt 5. Hackaflag 6. Yogosha 7. Zeroday initiative 8. Open Bug Bounty 9. YesWeHack 10. Cobalt.io 11. Synack Red Team
Skills Bug Bounty Hunter • Knowledge in Programming Logic; • Knowledge in Web Attack Vectors; • Knowledge in Reverse Engineering; • Skills in Web Development; • Programming Logic exercised; • Computational basis; • CTF Player; • Knowledge in Network Computer; • Knowledge in SystemAdministrator (Linux and Windows); • Knowledge in Cloud Computer (AWS, GOOGLE and AZURE); • Skills in Infrastructure Exploitation;
Web Vulnerabilities – TOP 17 1. Open Redirect; 2. HTTP Parameter Pollution; 3. Cross-Site Request Forgery; 4. HTML Injection and Content Spoofing; 5. Carriage Return Line Feed Injection; 6. Cross Site Scripting; 7. Template Injection; 8. SQL Injection; 9. Server Side Request Forgery; 10. XML External Entity; 11. Remote Code Execution; 12. Memory Vulnerabilities; 13. Subdomain Takeover; 14. Race Conditions; 15. Insecure Direct Object References; 16. Oauth Vulnerabilities; 17. Application Logic and Configuration Vulnerabilities;
Web Vulnerabilities - List
Web Vulnerabilities - List https://owasp.org/www- community/vulnerabilities/
Vulnerabilities – HackerOne Rank https://www.hackerone.com/top-ten-vulnerabilities
Resources Study • https://chawdamrunal.medium.com/pro-tips-for-bug-bounty- f9982a5fc5e9 • https://medium.com/bugbountywriteup/bug-bounty-hunting- methodology-toolkit-tips-tricks-blogs-ef6542301c65 • https://www.bugcrowd.com/resources/webinars/5-tips-and-tricks-to-run- successful-bug-bounty-programs/ • https://www.youtube.com/watch?v=CU9Iafc-Igs&ab_channel=ST%C3%96K • https://github.com/EdOverflow/bugbounty-cheatsheet https://chawdamrunal.medium.com/pro-tips-for-bug-bounty- f9982a5fc5e9 • https://medium.com/bugbountywriteup/bug-bounty-hunting- methodology-toolkit-tips-tricks-blogs-ef6542301c65 • https://www.bugcrowd.com/resources/webinars/5-tips-and-tricks-to-run- successful-bug-bounty-programs/
Resources Study • https://www.youtube.com/watch?v=CU9Iafc- Igs&ab_channel=ST%C3%96K • https://github.com/EdOverflow/bugbounty-cheatsheet • https://github.com/djadmin/awesome-bug-bounty • https://github.com/devanshbatham/Awesome-Bugbounty-Writeups • https://github.com/Muhammd/awesome-bug-bounty • https://github.com/ajdumanhug/awesome-bug-bounty-tips • https://medium.com/bugbountyhunting/bug-bounty-toolkit-aa36f4365f3f • https://github.com/nahamsec/Resources-for-Beginner-Bug-Bounty- Hunters • https://github.com/bobby-lin/bug-bounty-guide
Writeups Bug Bounty • https://pentester.land/list-of-bug-bounty-writeups.html • https://medium.com/bugbountywriteup • https://github.com/yaworsk/bugbounty/blob/master/writeups.md • https://www.youtube.com/channel/UCNRM4GH-SD85WCSqeSb4xUA • https://paper.seebug.org/802/
Skills Development – YouTube Channels • STÖK (Fredrik Alexandersson) https://lnkd.in/djwu5A6 • Red Team Village DC Red Team Village https://lnkd.in/dDhcEa5 • InsiderPhD Katie Paxton-Fear https://lnkd.in/duDph87 • Nahamsec Ben Sadeghipour https://lnkd.in/drBQim3 • HackerOne https://lnkd.in/d7QNQE8 • BugCrowd https://lnkd.in/dAqbA84 • The Cyber Mentor Heath Adams https://lnkd.in/dbYCM5Q • John Hammond John H. https://lnkd.in/dAp3xJM
Skills Development – Youtube Channels • Codingo Michael S. https://lnkd.in/dpEsrEk • HackerSploitHackerSploit https://lnkd.in/dGXwDkX • LiveOverflow https://lnkd.in/dTWHXSD • IPPSec https://lnkd.in/deCU5YZ • S4vitar MarceloVázquez (Spanish Content) https://lnkd.in/dMjbPft • Zigoo Ebrahim Hegazy (Arabic ) https://lnkd.in/dgQTeuG
Skills Development – Youtube Channels • ACADI-TI https://www.youtube.com/channel/UCi8P9S-PW7AF71g8Pi0W6Jw • Michael LaSalvia https://www.youtube.com/user/genxweb • Wraiith https://www.youtube.com/user/Wraiith75 • Bsides https://www.youtube.com/channel/UCVImyGhRATNFGPmJfxaq1dw • Vinicius Vieira https://www.youtube.com/channel/UCySphP8k4rv7Jf-7v3baWIA
Skills Development – Youtube Channels • Kindred https://www.youtube.com/channel/UCwTH3RkRCIE35RJ16Nh8V8Q • Bug Bounty Public Disclosure https://www.youtube.com/channel/UCNRM4GH-SD85WCSqeSb4xUA • https://www.youtube.com/channel/UCxHzA- Z97sjfK3OISjkbMCQ (RoadSec) • https://www.youtube.com/channel/UC2QgCedRNj_tLDrGWSM3Gs Q (Mindthesec) • https://www.youtube.com/channel/UCz1PsqIhim7PUqQfuXmD- Bw (Hackaflag) • https://www.youtube.com/user/BlackHatOfficialYT (Blackhat)
Skills Development – Youtube Channels • https://www.youtube.com/channel/UCqGONXW1ORgz5Y4qK-0JdkQ(Joe Grand) • https://www.youtube.com/user/DEFCONConference (Defcon) • https://www.youtube.com/channel/UC4dxXZQq- ofAadUWbqhoceQ (DeviantOllam) • https://www.youtube.com/channel/UC3s0BtrBJpwNDaflRSoiieQ (Hak5) • https://www.youtube.com/channel/UCimS6P854cQ23j6c_xst7EQ (Hacker Warehouse) • https://www.youtube.com/channel/UCe8j61ABYDuPTdtjItD2veA (OWASP ) • https://www.youtube.com/channel/UC42VsoDtra5hMiXZSsD6eGg/featu red (The Modern Rogue) • https://www.youtube.com/channel/UC3S8vxwRfqLBdIhgRlDRVzw(Stack Mashing)
Skills Development – Youtube Channels • https://www.youtube.com/channel/UCW6MNdOsqv2E9AjQkv9we7A(P wnFunction) • https://www.youtube.com/channel/UCUB9vOGEUpw7IKJRoR4PK- A (Murmus CTF) • https://www.youtube.com/channel/UCND1KVdVt8A580SjdaS4cZg (Colin Hardy) • https://www.youtube.com/user/GynvaelEN(GynvaelEN) • https://www.youtube.com/channel/UCBcljXmuXPok9kT_VGA3adg (Robe rt Baruch) • https://www.youtube.com/channel/UCGISJ8ZHkmIv1CaoHovK- Xw (/DEV/NULL) • https://www.youtube.com/channel/UCDbNNYUME_pgocqarSjfNGw (Kac per) • https://www.youtube.com/channel/UCdNLW93OyL4lTav1pbKbyaQ (Men torable)
Skills Development – Youtube Channels • https://www.youtube.com/channel/UCMACXuWd2w6_IEGog744UaA (Derek Rook) • https://www.youtube.com/channel/UCFvueUEWRfQ9qT9UmHCw_og (Prof. Joas Antonio) • https://www.youtube.com/user/ricardolongatto (Ricardo Longatto) • https://www.youtube.com/user/daybsonbruno (XTREME Security) • https://www.youtube.com/user/eduardoamaral07 (Facil Tech) • https://www.youtube.com/channel/UC70YG2WHVxlOJRng4v-CIFQ (Gabriel Pato) • https://www.youtube.com/user/Diolinux (Diolinux) • https://www.youtube.com/user/greatscottlab (Great Scott!) • https://www.youtube.com/user/esecuritytv (eSecurity) • https://www.youtube.com/channel/UCzWPaANpPISEE_xvJm8lqHA (Cybrary) • https://www.youtube.com/user/DanielDonda (Daniel Donda) • https://www.youtube.com/user/ZetaTwo (Calle Svensson) • https://www.youtube.com/channel/UCNKUSu4TPk979JzMeKDXiwQ (Georgia Wedman) • https://www.youtube.com/channel/UCqDLY9WFoJWqrhycW8cbv1Q (Manoel T)
Tools - Bug Bounty • https://github.com/KingOfBugbounty/KingOfBugBountyTips • https://medium.com/@hackbotone/10-recon-tools-for-bug-bounty- bafa8a5961bd • https://portswigger.net/solutions/bug-bounty-hunting/best-bug- bounty-tools • https://github.com/nahamsec/Resources-for-Beginner-Bug-Bounty- Hunters/blob/master/assets/tools.md • https://www.hackerone.com/blog/100-hacking-tools-and-resources

Recommended

2016 LatinAmericaStartups.com Winter Digital Accelerator
2016 LatinAmericaStartups.com Winter Digital Accelerator2016 LatinAmericaStartups.com Winter Digital Accelerator
2016 LatinAmericaStartups.com Winter Digital AcceleratorChristine Souffrant Ntim
 
2016 MiddleEastStartups.com Winter Digital Accelerator
2016 MiddleEastStartups.com Winter Digital Accelerator2016 MiddleEastStartups.com Winter Digital Accelerator
2016 MiddleEastStartups.com Winter Digital AcceleratorChristine Souffrant Ntim
 
Web Application Security And Getting Into Bug Bounties
Web Application Security And Getting Into Bug BountiesWeb Application Security And Getting Into Bug Bounties
Web Application Security And Getting Into Bug Bountieskunwaratul hax0r
 
Work with Developers for Fun and Progress - AppSec California
Work with Developers for Fun and Progress - AppSec CaliforniaWork with Developers for Fun and Progress - AppSec California
Work with Developers for Fun and Progress - AppSec Californialeifdreizler
 
Bug Bounty #Defconlucknow2016
Bug Bounty #Defconlucknow2016Bug Bounty #Defconlucknow2016
Bug Bounty #Defconlucknow2016Shubham Gupta
 
Bug Bounty - Play For Money
Bug Bounty - Play For MoneyBug Bounty - Play For Money
Bug Bounty - Play For MoneyShubham Gupta
 
Bug bounty cash for hack
Bug bounty cash for hackBug bounty cash for hack
Bug bounty cash for hackAtul Shedage
 
Crypto Night at CSUS - Bug Bounties
Crypto Night at CSUS - Bug Bounties Crypto Night at CSUS - Bug Bounties
Crypto Night at CSUS - Bug Bounties Behrouz Sadeghipour
 

Recommended

2016 LatinAmericaStartups.com Winter Digital Accelerator
2016 LatinAmericaStartups.com Winter Digital Accelerator2016 LatinAmericaStartups.com Winter Digital Accelerator
2016 LatinAmericaStartups.com Winter Digital AcceleratorChristine Souffrant Ntim
 
2016 MiddleEastStartups.com Winter Digital Accelerator
2016 MiddleEastStartups.com Winter Digital Accelerator2016 MiddleEastStartups.com Winter Digital Accelerator
2016 MiddleEastStartups.com Winter Digital AcceleratorChristine Souffrant Ntim
 
Web Application Security And Getting Into Bug Bounties
Web Application Security And Getting Into Bug BountiesWeb Application Security And Getting Into Bug Bounties
Web Application Security And Getting Into Bug Bountieskunwaratul hax0r
 
Work with Developers for Fun and Progress - AppSec California
Work with Developers for Fun and Progress - AppSec CaliforniaWork with Developers for Fun and Progress - AppSec California
Work with Developers for Fun and Progress - AppSec Californialeifdreizler
 
Bug Bounty #Defconlucknow2016
Bug Bounty #Defconlucknow2016Bug Bounty #Defconlucknow2016
Bug Bounty #Defconlucknow2016Shubham Gupta
 
Bug Bounty - Play For Money
Bug Bounty - Play For MoneyBug Bounty - Play For Money
Bug Bounty - Play For MoneyShubham Gupta
 
Bug bounty cash for hack
Bug bounty cash for hackBug bounty cash for hack
Bug bounty cash for hackAtul Shedage
 
Crypto Night at CSUS - Bug Bounties
Crypto Night at CSUS - Bug Bounties Crypto Night at CSUS - Bug Bounties
Crypto Night at CSUS - Bug Bounties Behrouz Sadeghipour
 
The Next Generation of Social is in a Hangout
The Next Generation of Social is in a HangoutThe Next Generation of Social is in a Hangout
The Next Generation of Social is in a HangoutJonathan Beri
 
Achieving Technical Excellence in Your Software Teams - from Devternity
Achieving Technical Excellence in Your Software Teams - from Devternity Achieving Technical Excellence in Your Software Teams - from Devternity
Achieving Technical Excellence in Your Software Teams - from Devternity Peter Gfader
 
2017 Asia Startup Ecosystem Winter Digital Accelerator
2017 Asia Startup Ecosystem Winter Digital Accelerator2017 Asia Startup Ecosystem Winter Digital Accelerator
2017 Asia Startup Ecosystem Winter Digital AcceleratorChristine Souffrant Ntim
 
Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...
Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...
Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...Mazin Ahmed
 
Technical SEO: Crawl Space Management - SEOZone Istanbul 2014
Technical SEO: Crawl Space Management - SEOZone Istanbul 2014Technical SEO: Crawl Space Management - SEOZone Istanbul 2014
Technical SEO: Crawl Space Management - SEOZone Istanbul 2014Bastian Grimm
 
聊聊測試左移
聊聊測試左移聊聊測試左移
聊聊測試左移Jersey (CHE-PING) Su
 
WordPress common SEO issues by Olesia Korobka
WordPress common SEO issues by Olesia KorobkaWordPress common SEO issues by Olesia Korobka
WordPress common SEO issues by Olesia KorobkaAnton Shulke
 
Só o Pentest não resolve!
Só o Pentest não resolve!Só o Pentest não resolve!
Só o Pentest não resolve!Anchises Moraes
 
2016 CaribbeanStartups.com Fall Boot Camp/ Demo Night
2016 CaribbeanStartups.com Fall Boot Camp/ Demo Night2016 CaribbeanStartups.com Fall Boot Camp/ Demo Night
2016 CaribbeanStartups.com Fall Boot Camp/ Demo NightChristine Souffrant Ntim
 
Free lowcost dec2010
Free lowcost dec2010Free lowcost dec2010
Free lowcost dec2010Highway T
 
crashing in style
crashing in stylecrashing in style
crashing in styleDroidcon Berlin
 
There’s an OpenBullet Attack Config for Your Site – What Should You Do?
There’s an OpenBullet Attack Config for Your Site – What Should You Do?There’s an OpenBullet Attack Config for Your Site – What Should You Do?
There’s an OpenBullet Attack Config for Your Site – What Should You Do?DevOps.com
 
Burp Zeronights workshop
Burp Zeronights workshopBurp Zeronights workshop
Burp Zeronights workshopIgor Bulatenko
 
Online Collaboration Tools
Online Collaboration ToolsOnline Collaboration Tools
Online Collaboration ToolsLeo Gaggl
 
Hack The Capitol - The Unlikely Romance - Critical Infrastructure Edition
Hack The Capitol - The Unlikely Romance - Critical Infrastructure EditionHack The Capitol - The Unlikely Romance - Critical Infrastructure Edition
Hack The Capitol - The Unlikely Romance - Critical Infrastructure EditionCasey Ellis
 
The Hacking Game - Think Like a Hacker Meetup 12072023.pptx
The Hacking Game - Think Like a Hacker Meetup 12072023.pptxThe Hacking Game - Think Like a Hacker Meetup 12072023.pptx
The Hacking Game - Think Like a Hacker Meetup 12072023.pptxlior mazor
 
4-identifying-problems.pdf
4-identifying-problems.pdf4-identifying-problems.pdf
4-identifying-problems.pdfBrian Rahmawan Purwoto
 
Personal learning networks
Personal learning networksPersonal learning networks
Personal learning networksrobin fay
 
SWFObject 2: The fine art of embedding Adobe Flash Player content
SWFObject 2: The fine art of embedding Adobe Flash Player contentSWFObject 2: The fine art of embedding Adobe Flash Player content
SWFObject 2: The fine art of embedding Adobe Flash Player contentBobby van der Sluis
 
Risk Mitigation Using Exploratory and Technical Testing | QASymphony Webinar
Risk Mitigation Using Exploratory and Technical Testing | QASymphony WebinarRisk Mitigation Using Exploratory and Technical Testing | QASymphony Webinar
Risk Mitigation Using Exploratory and Technical Testing | QASymphony WebinarQASymphony
 
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxDecoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxJoão Esperancinha
 

More Related Content

Similar to Bug Bounty Career.pdf

The Next Generation of Social is in a Hangout
The Next Generation of Social is in a HangoutThe Next Generation of Social is in a Hangout
The Next Generation of Social is in a HangoutJonathan Beri
 
Achieving Technical Excellence in Your Software Teams - from Devternity
Achieving Technical Excellence in Your Software Teams - from Devternity Achieving Technical Excellence in Your Software Teams - from Devternity
Achieving Technical Excellence in Your Software Teams - from Devternity Peter Gfader
 
2017 Asia Startup Ecosystem Winter Digital Accelerator
2017 Asia Startup Ecosystem Winter Digital Accelerator2017 Asia Startup Ecosystem Winter Digital Accelerator
2017 Asia Startup Ecosystem Winter Digital AcceleratorChristine Souffrant Ntim
 
Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...
Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...
Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...Mazin Ahmed
 
Technical SEO: Crawl Space Management - SEOZone Istanbul 2014
Technical SEO: Crawl Space Management - SEOZone Istanbul 2014Technical SEO: Crawl Space Management - SEOZone Istanbul 2014
Technical SEO: Crawl Space Management - SEOZone Istanbul 2014Bastian Grimm
 
WordPress common SEO issues by Olesia Korobka
WordPress common SEO issues by Olesia KorobkaWordPress common SEO issues by Olesia Korobka
WordPress common SEO issues by Olesia KorobkaAnton Shulke
 
Só o Pentest não resolve!
Só o Pentest não resolve!Só o Pentest não resolve!
Só o Pentest não resolve!Anchises Moraes
 
2016 CaribbeanStartups.com Fall Boot Camp/ Demo Night
2016 CaribbeanStartups.com Fall Boot Camp/ Demo Night2016 CaribbeanStartups.com Fall Boot Camp/ Demo Night
2016 CaribbeanStartups.com Fall Boot Camp/ Demo NightChristine Souffrant Ntim
 
Free lowcost dec2010
Free lowcost dec2010Free lowcost dec2010
Free lowcost dec2010Highway T
 
There’s an OpenBullet Attack Config for Your Site – What Should You Do?
There’s an OpenBullet Attack Config for Your Site – What Should You Do?There’s an OpenBullet Attack Config for Your Site – What Should You Do?
There’s an OpenBullet Attack Config for Your Site – What Should You Do?DevOps.com
 
Burp Zeronights workshop
Burp Zeronights workshopBurp Zeronights workshop
Burp Zeronights workshopIgor Bulatenko
 
Online Collaboration Tools
Online Collaboration ToolsOnline Collaboration Tools
Online Collaboration ToolsLeo Gaggl
 
Hack The Capitol - The Unlikely Romance - Critical Infrastructure Edition
Hack The Capitol - The Unlikely Romance - Critical Infrastructure EditionHack The Capitol - The Unlikely Romance - Critical Infrastructure Edition
Hack The Capitol - The Unlikely Romance - Critical Infrastructure EditionCasey Ellis
 
The Hacking Game - Think Like a Hacker Meetup 12072023.pptx
The Hacking Game - Think Like a Hacker Meetup 12072023.pptxThe Hacking Game - Think Like a Hacker Meetup 12072023.pptx
The Hacking Game - Think Like a Hacker Meetup 12072023.pptxlior mazor
 
Personal learning networks
Personal learning networksPersonal learning networks
Personal learning networksrobin fay
 
SWFObject 2: The fine art of embedding Adobe Flash Player content
SWFObject 2: The fine art of embedding Adobe Flash Player contentSWFObject 2: The fine art of embedding Adobe Flash Player content
SWFObject 2: The fine art of embedding Adobe Flash Player contentBobby van der Sluis
 
Risk Mitigation Using Exploratory and Technical Testing | QASymphony Webinar
Risk Mitigation Using Exploratory and Technical Testing | QASymphony WebinarRisk Mitigation Using Exploratory and Technical Testing | QASymphony Webinar
Risk Mitigation Using Exploratory and Technical Testing | QASymphony WebinarQASymphony
 

Similar to Bug Bounty Career.pdf (20)

The Next Generation of Social is in a Hangout
The Next Generation of Social is in a HangoutThe Next Generation of Social is in a Hangout
The Next Generation of Social is in a Hangout
 
Achieving Technical Excellence in Your Software Teams - from Devternity
Achieving Technical Excellence in Your Software Teams - from Devternity Achieving Technical Excellence in Your Software Teams - from Devternity
Achieving Technical Excellence in Your Software Teams - from Devternity
 
2017 Asia Startup Ecosystem Winter Digital Accelerator
2017 Asia Startup Ecosystem Winter Digital Accelerator2017 Asia Startup Ecosystem Winter Digital Accelerator
2017 Asia Startup Ecosystem Winter Digital Accelerator
 
Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...
Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...
Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...
 
Technical SEO: Crawl Space Management - SEOZone Istanbul 2014
Technical SEO: Crawl Space Management - SEOZone Istanbul 2014Technical SEO: Crawl Space Management - SEOZone Istanbul 2014
Technical SEO: Crawl Space Management - SEOZone Istanbul 2014
 
聊聊測試左移
聊聊測試左移聊聊測試左移
聊聊測試左移
 
WordPress common SEO issues by Olesia Korobka
WordPress common SEO issues by Olesia KorobkaWordPress common SEO issues by Olesia Korobka
WordPress common SEO issues by Olesia Korobka
 
Só o Pentest não resolve!
Só o Pentest não resolve!Só o Pentest não resolve!
Só o Pentest não resolve!
 
2016 CaribbeanStartups.com Fall Boot Camp/ Demo Night
2016 CaribbeanStartups.com Fall Boot Camp/ Demo Night2016 CaribbeanStartups.com Fall Boot Camp/ Demo Night
2016 CaribbeanStartups.com Fall Boot Camp/ Demo Night
 
Free lowcost dec2010
Free lowcost dec2010Free lowcost dec2010
Free lowcost dec2010
 
crashing in style
crashing in stylecrashing in style
crashing in style
 
There’s an OpenBullet Attack Config for Your Site – What Should You Do?
There’s an OpenBullet Attack Config for Your Site – What Should You Do?There’s an OpenBullet Attack Config for Your Site – What Should You Do?
There’s an OpenBullet Attack Config for Your Site – What Should You Do?
 
Burp Zeronights workshop
Burp Zeronights workshopBurp Zeronights workshop
Burp Zeronights workshop
 
Online Collaboration Tools
Online Collaboration ToolsOnline Collaboration Tools
Online Collaboration Tools
 
Hack The Capitol - The Unlikely Romance - Critical Infrastructure Edition
Hack The Capitol - The Unlikely Romance - Critical Infrastructure EditionHack The Capitol - The Unlikely Romance - Critical Infrastructure Edition
Hack The Capitol - The Unlikely Romance - Critical Infrastructure Edition
 
The Hacking Game - Think Like a Hacker Meetup 12072023.pptx
The Hacking Game - Think Like a Hacker Meetup 12072023.pptxThe Hacking Game - Think Like a Hacker Meetup 12072023.pptx
The Hacking Game - Think Like a Hacker Meetup 12072023.pptx
 
4-identifying-problems.pdf
4-identifying-problems.pdf4-identifying-problems.pdf
4-identifying-problems.pdf
 
Personal learning networks
Personal learning networksPersonal learning networks
Personal learning networks
 
SWFObject 2: The fine art of embedding Adobe Flash Player content
SWFObject 2: The fine art of embedding Adobe Flash Player contentSWFObject 2: The fine art of embedding Adobe Flash Player content
SWFObject 2: The fine art of embedding Adobe Flash Player content
 
Risk Mitigation Using Exploratory and Technical Testing | QASymphony Webinar
Risk Mitigation Using Exploratory and Technical Testing | QASymphony WebinarRisk Mitigation Using Exploratory and Technical Testing | QASymphony Webinar
Risk Mitigation Using Exploratory and Technical Testing | QASymphony Webinar
 

Recently uploaded

(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxDecoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxJoão Esperancinha
 
Processing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptxProcessing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptxpranjaldaimarysona
 
IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024Mark Billinghurst
 
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝soniya singh
 
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Serviceranjana rawat
 
IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...
IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...
IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...RajaP95
 
Microscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxMicroscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxpurnimasatapathy1234
 
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLSMANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLSSIVASHANKAR N
 
Current Transformer Drawing and GTP for MSETCL
Current Transformer Drawing and GTP for MSETCLCurrent Transformer Drawing and GTP for MSETCL
Current Transformer Drawing and GTP for MSETCLDeelipZope
 
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Dr.Costas Sachpazis
 
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINEMANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINESIVASHANKAR N
 
Coefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxCoefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxAsutosh Ranjan
 
Porous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writingPorous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writingrakeshbaidya232001
 
Call Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile serviceCall Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile servicerehmti665
 
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)Suman Mia
 
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICSAPPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICSKurinjimalarL3
 
What are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptxWhat are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptxwendy cai
 

Recently uploaded (20)

(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxDecoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
 
Processing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptxProcessing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptx
 
IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024
 
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝
 
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service
 
IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...
IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...
IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...
 
Microscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxMicroscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptx
 
Exploring_Network_Security_with_JA3_by_Rakesh Seal.pptx
Exploring_Network_Security_with_JA3_by_Rakesh Seal.pptxExploring_Network_Security_with_JA3_by_Rakesh Seal.pptx
Exploring_Network_Security_with_JA3_by_Rakesh Seal.pptx
 
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLSMANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
 
Current Transformer Drawing and GTP for MSETCL
Current Transformer Drawing and GTP for MSETCLCurrent Transformer Drawing and GTP for MSETCL
Current Transformer Drawing and GTP for MSETCL
 
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
 
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINEMANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
 
Coefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxCoefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptx
 
Porous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writingPorous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writing
 
Call Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile serviceCall Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile service
 
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
 
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICSAPPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
 
What are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptxWhat are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptx
 

Bug Bounty Career.pdf

  • 1. Bug Bounty Career – WEB HACKING Joas Antonio
  • 2. Details • The objective is to help Information Security professionals, enthusiasts and even the youngest, to enter the Bug Bounty area; • Knowing the skills necessary to work in the area of ​​Bug Bounty; • Of course, this is not a guide that will make you a professional, but I hope it helps; My LinkedIn: https://www.linkedin.com/in/joas-antonio-dos-santos/
  • 3. Bug Bounty Platforms 1. HackerOne 2. Bugcrowd 3. Intigriti 4. Bug Hunt 5. Hackaflag 6. Yogosha 7. Zeroday initiative 8. Open Bug Bounty 9. YesWeHack 10. Cobalt.io 11. Synack Red Team
  • 4. Skills Bug Bounty Hunter • Knowledge in Programming Logic; • Knowledge in Web Attack Vectors; • Knowledge in Reverse Engineering; • Skills in Web Development; • Programming Logic exercised; • Computational basis; • CTF Player; • Knowledge in Network Computer; • Knowledge in SystemAdministrator (Linux and Windows); • Knowledge in Cloud Computer (AWS, GOOGLE and AZURE); • Skills in Infrastructure Exploitation;
  • 5. Web Vulnerabilities – TOP 17 1. Open Redirect; 2. HTTP Parameter Pollution; 3. Cross-Site Request Forgery; 4. HTML Injection and Content Spoofing; 5. Carriage Return Line Feed Injection; 6. Cross Site Scripting; 7. Template Injection; 8. SQL Injection; 9. Server Side Request Forgery; 10. XML External Entity; 11. Remote Code Execution; 12. Memory Vulnerabilities; 13. Subdomain Takeover; 14. Race Conditions; 15. Insecure Direct Object References; 16. Oauth Vulnerabilities; 17. Application Logic and Configuration Vulnerabilities;
  • 7. Web Vulnerabilities - List https://owasp.org/www- community/vulnerabilities/
  • 8. Vulnerabilities – HackerOne Rank https://www.hackerone.com/top-ten-vulnerabilities
  • 9. Resources Study • https://chawdamrunal.medium.com/pro-tips-for-bug-bounty- f9982a5fc5e9 • https://medium.com/bugbountywriteup/bug-bounty-hunting- methodology-toolkit-tips-tricks-blogs-ef6542301c65 • https://www.bugcrowd.com/resources/webinars/5-tips-and-tricks-to-run- successful-bug-bounty-programs/ • https://www.youtube.com/watch?v=CU9Iafc-Igs&ab_channel=ST%C3%96K • https://github.com/EdOverflow/bugbounty-cheatsheet https://chawdamrunal.medium.com/pro-tips-for-bug-bounty- f9982a5fc5e9 • https://medium.com/bugbountywriteup/bug-bounty-hunting- methodology-toolkit-tips-tricks-blogs-ef6542301c65 • https://www.bugcrowd.com/resources/webinars/5-tips-and-tricks-to-run- successful-bug-bounty-programs/
  • 10. Resources Study • https://www.youtube.com/watch?v=CU9Iafc- Igs&ab_channel=ST%C3%96K • https://github.com/EdOverflow/bugbounty-cheatsheet • https://github.com/djadmin/awesome-bug-bounty • https://github.com/devanshbatham/Awesome-Bugbounty-Writeups • https://github.com/Muhammd/awesome-bug-bounty • https://github.com/ajdumanhug/awesome-bug-bounty-tips • https://medium.com/bugbountyhunting/bug-bounty-toolkit-aa36f4365f3f • https://github.com/nahamsec/Resources-for-Beginner-Bug-Bounty- Hunters • https://github.com/bobby-lin/bug-bounty-guide
  • 11. Writeups Bug Bounty • https://pentester.land/list-of-bug-bounty-writeups.html • https://medium.com/bugbountywriteup • https://github.com/yaworsk/bugbounty/blob/master/writeups.md • https://www.youtube.com/channel/UCNRM4GH-SD85WCSqeSb4xUA • https://paper.seebug.org/802/
  • 12. Skills Development – YouTube Channels • STÖK (Fredrik Alexandersson) https://lnkd.in/djwu5A6 • Red Team Village DC Red Team Village https://lnkd.in/dDhcEa5 • InsiderPhD Katie Paxton-Fear https://lnkd.in/duDph87 • Nahamsec Ben Sadeghipour https://lnkd.in/drBQim3 • HackerOne https://lnkd.in/d7QNQE8 • BugCrowd https://lnkd.in/dAqbA84 • The Cyber Mentor Heath Adams https://lnkd.in/dbYCM5Q • John Hammond John H. https://lnkd.in/dAp3xJM
  • 13. Skills Development – Youtube Channels • Codingo Michael S. https://lnkd.in/dpEsrEk • HackerSploitHackerSploit https://lnkd.in/dGXwDkX • LiveOverflow https://lnkd.in/dTWHXSD • IPPSec https://lnkd.in/deCU5YZ • S4vitar MarceloVázquez (Spanish Content) https://lnkd.in/dMjbPft • Zigoo Ebrahim Hegazy (Arabic ) https://lnkd.in/dgQTeuG
  • 14. Skills Development – Youtube Channels • ACADI-TI https://www.youtube.com/channel/UCi8P9S-PW7AF71g8Pi0W6Jw • Michael LaSalvia https://www.youtube.com/user/genxweb • Wraiith https://www.youtube.com/user/Wraiith75 • Bsides https://www.youtube.com/channel/UCVImyGhRATNFGPmJfxaq1dw • Vinicius Vieira https://www.youtube.com/channel/UCySphP8k4rv7Jf-7v3baWIA
  • 15. Skills Development – Youtube Channels • Kindred https://www.youtube.com/channel/UCwTH3RkRCIE35RJ16Nh8V8Q • Bug Bounty Public Disclosure https://www.youtube.com/channel/UCNRM4GH-SD85WCSqeSb4xUA • https://www.youtube.com/channel/UCxHzA- Z97sjfK3OISjkbMCQ (RoadSec) • https://www.youtube.com/channel/UC2QgCedRNj_tLDrGWSM3Gs Q (Mindthesec) • https://www.youtube.com/channel/UCz1PsqIhim7PUqQfuXmD- Bw (Hackaflag) • https://www.youtube.com/user/BlackHatOfficialYT (Blackhat)
  • 16. Skills Development – Youtube Channels • https://www.youtube.com/channel/UCqGONXW1ORgz5Y4qK-0JdkQ(Joe Grand) • https://www.youtube.com/user/DEFCONConference (Defcon) • https://www.youtube.com/channel/UC4dxXZQq- ofAadUWbqhoceQ (DeviantOllam) • https://www.youtube.com/channel/UC3s0BtrBJpwNDaflRSoiieQ (Hak5) • https://www.youtube.com/channel/UCimS6P854cQ23j6c_xst7EQ (Hacker Warehouse) • https://www.youtube.com/channel/UCe8j61ABYDuPTdtjItD2veA (OWASP ) • https://www.youtube.com/channel/UC42VsoDtra5hMiXZSsD6eGg/featu red (The Modern Rogue) • https://www.youtube.com/channel/UC3S8vxwRfqLBdIhgRlDRVzw(Stack Mashing)
  • 17. Skills Development – Youtube Channels • https://www.youtube.com/channel/UCW6MNdOsqv2E9AjQkv9we7A(P wnFunction) • https://www.youtube.com/channel/UCUB9vOGEUpw7IKJRoR4PK- A (Murmus CTF) • https://www.youtube.com/channel/UCND1KVdVt8A580SjdaS4cZg (Colin Hardy) • https://www.youtube.com/user/GynvaelEN(GynvaelEN) • https://www.youtube.com/channel/UCBcljXmuXPok9kT_VGA3adg (Robe rt Baruch) • https://www.youtube.com/channel/UCGISJ8ZHkmIv1CaoHovK- Xw (/DEV/NULL) • https://www.youtube.com/channel/UCDbNNYUME_pgocqarSjfNGw (Kac per) • https://www.youtube.com/channel/UCdNLW93OyL4lTav1pbKbyaQ (Men torable)
  • 18. Skills Development – Youtube Channels • https://www.youtube.com/channel/UCMACXuWd2w6_IEGog744UaA (Derek Rook) • https://www.youtube.com/channel/UCFvueUEWRfQ9qT9UmHCw_og (Prof. Joas Antonio) • https://www.youtube.com/user/ricardolongatto (Ricardo Longatto) • https://www.youtube.com/user/daybsonbruno (XTREME Security) • https://www.youtube.com/user/eduardoamaral07 (Facil Tech) • https://www.youtube.com/channel/UC70YG2WHVxlOJRng4v-CIFQ (Gabriel Pato) • https://www.youtube.com/user/Diolinux (Diolinux) • https://www.youtube.com/user/greatscottlab (Great Scott!) • https://www.youtube.com/user/esecuritytv (eSecurity) • https://www.youtube.com/channel/UCzWPaANpPISEE_xvJm8lqHA (Cybrary) • https://www.youtube.com/user/DanielDonda (Daniel Donda) • https://www.youtube.com/user/ZetaTwo (Calle Svensson) • https://www.youtube.com/channel/UCNKUSu4TPk979JzMeKDXiwQ (Georgia Wedman) • https://www.youtube.com/channel/UCqDLY9WFoJWqrhycW8cbv1Q (Manoel T)
  • 19. Tools - Bug Bounty • https://github.com/KingOfBugbounty/KingOfBugBountyTips • https://medium.com/@hackbotone/10-recon-tools-for-bug-bounty- bafa8a5961bd • https://portswigger.net/solutions/bug-bounty-hunting/best-bug- bounty-tools • https://github.com/nahamsec/Resources-for-Beginner-Bug-Bounty- Hunters/blob/master/assets/tools.md • https://www.hackerone.com/blog/100-hacking-tools-and-resources