Abhijeth D, profile picture
Uploaded byAbhijeth D
PPTX, PDF1,557 views

Recon and Bug Bounties - What a great love story!

The document is a presentation by Abhijeth Dugginapeddi discussing his experiences with bug bounties and cybersecurity. He shares insights on web security, penetration testing, and tools for discovering vulnerabilities, along with a few personal anecdotes and acknowledgments to fellow researchers. The presentation includes tips on various aspects of hacking and emphasizes the importance of community contributions to cybersecurity.

Embed presentation

Downloaded 30 times
--Abhijeth Dugginapeddi RECON AND BUG BOUNTIES WHAT A GREAT <3 STORY
PPT 101– INTRODUCE THE SPEAKER • I think I’m still a script kiddie maybe? • 9:00-17:00 work at a large organization • 17:00-9:00 work on the internet • Got lucky in finding bugs with Google, Facebook, Microsoft, Ebay etc • One among top 5 bug bounty researchers on Synack • Stop bragging and start the preso man
AGENDA
DO YOU DO PEN TESTING?
WEB SECURITY
AN UNINFORMED THREAT MODEL... www.website.com shop.website.com blog.website.com stage.website.com db.website.com api.website.com dev.website.com backup-syd.website.com archive.website.com s3 Buckets github pastebin third party providers mobile applications analytics etc etc…
BUT WHY?
ATTACK DIFFERENTLY
OK COOL BUT HOW?
DO YOU STILL REVERSE IP
SUB DOMAIN-ING
SUB DOMAINS • Sublist3r • Masscan • Shodan • censys
Yo!! Does this work?
OH YEA TEST DATABASES MADE PUBLIC? SURE THANKS
SNAPSHOT-ING YOUR SUB DOMAIN LIST
SOMETHING TO HELP YOU ALONG... snapple.py
DIVING IN: HACKING WITH GOOGLE(DEMO)
DO YOU GITHUB? • Site.com API_key • Password @site.com • Site.com secret_key • Site.com FTP password • Site.com ssh • Will leave combinations to your imagination
EVER TRIED LINK FINDER?
#RANDOM TARGET
#RANDOM TARGET
OOPSY
MORAL OF THE STORY
FEW PEOPLE YOU SHOULD FOLLOW FOR SOME COOL STUFF IN THIS SPACE • Jason Haddix • Nahamsec • Naffy • Shubs_shah • Bharath kumar • Edoverflow • And me ;)
CREDITS https://imgflip.com/memegenerator for memes/gifs All the authors of these tools  Great job guys and Thank you!!
Thanks to these guys for making internet secure again  @Bugcrowd @synack @Hacker0x01
Cheers to @Reconvillage questions? @abhijeth

More Related Content

PDF
Bug Bounty Basics
byHackerOne
 
PDF
Bug Bounty Hunter Methodology - Nullcon 2016
bybugcrowd
 
PDF
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016
byFrans Rosén
 
PPTX
Bug Bounty 101
byShahee Mirza
 
PPTX
Bug bounty
byn|u - The Open Security Community
 
PPTX
Directory Traversal & File Inclusion Attacks
byRaghav Bisht
 
PDF
Bug Bounty Secrets
byn|u - The Open Security Community
 
PDF
Neat tricks to bypass CSRF-protection
byMikhail Egorov
 
Bug Bounty Basics
byHackerOne
 
Bug Bounty Hunter Methodology - Nullcon 2016
bybugcrowd
 
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016
byFrans Rosén
 
Bug Bounty 101
byShahee Mirza
 
Bug bounty
byn|u - The Open Security Community
 
Directory Traversal & File Inclusion Attacks
byRaghav Bisht
 
Bug Bounty Secrets
byn|u - The Open Security Community
 
Neat tricks to bypass CSRF-protection
byMikhail Egorov
 

What's hot

PPTX
SSRF For Bug Bounties
byOWASP Nagpur
 
PPTX
Bug Bounty for - Beginners
byHimanshu Kumar Das
 
PDF
Privilege escalation from 1 to 0 Workshop
byHossam .M Hamed
 
PPTX
Saying Hello to Bug Bounty
byNull Bhubaneswar
 
PDF
Bug bounty null_owasp_2k17
bySagar M Parmar
 
PPTX
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
bySoroush Dalili
 
PPTX
Basics of getting Into Bug Bounty Hunting
byMuhammad Khizer Javed
 
PPTX
Vulnerabilities in modern web applications
byNiyas Nazar
 
PDF
Bug bounty recon.pdf
byEusebiuDanielBlindu
 
PDF
How to steal and modify data using Business Logic flaws - Insecure Direct Obj...
byFrans Rosén
 
PPTX
Attacking thru HTTP Host header
bySergey Belov
 
PPTX
Cross Site Scripting ( XSS)
byAmit Tyagi
 
PDF
The Game of Bug Bounty Hunting - Money, Drama, Action and Fame
byAbhinav Mishra
 
PDF
Web Application Security and Awareness
byAbdul Rahman Sherzad
 
PDF
Live Hacking like a MVH – A walkthrough on methodology and strategies to win big
byFrans Rosén
 
PDF
Hackfest presentation.pptx
byPeter Yaworski
 
PPTX
Introduction to path traversal attack
byPrashant Hegde
 
PPTX
Rest API Security - A quick understanding of Rest API Security
byMohammed Fazuluddin
 
PPTX
Introduction to Malware Analysis
byAndrew McNicol
 
PPTX
Rest API Security
byStormpath
 
SSRF For Bug Bounties
byOWASP Nagpur
 
Bug Bounty for - Beginners
byHimanshu Kumar Das
 
Privilege escalation from 1 to 0 Workshop
byHossam .M Hamed
 
Saying Hello to Bug Bounty
byNull Bhubaneswar
 
Bug bounty null_owasp_2k17
bySagar M Parmar
 
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
bySoroush Dalili
 
Basics of getting Into Bug Bounty Hunting
byMuhammad Khizer Javed
 
Vulnerabilities in modern web applications
byNiyas Nazar
 
Bug bounty recon.pdf
byEusebiuDanielBlindu
 
How to steal and modify data using Business Logic flaws - Insecure Direct Obj...
byFrans Rosén
 
Attacking thru HTTP Host header
bySergey Belov
 
Cross Site Scripting ( XSS)
byAmit Tyagi
 
The Game of Bug Bounty Hunting - Money, Drama, Action and Fame
byAbhinav Mishra
 
Web Application Security and Awareness
byAbdul Rahman Sherzad
 
Live Hacking like a MVH – A walkthrough on methodology and strategies to win big
byFrans Rosén
 
Hackfest presentation.pptx
byPeter Yaworski
 
Introduction to path traversal attack
byPrashant Hegde
 
Rest API Security - A quick understanding of Rest API Security
byMohammed Fazuluddin
 
Introduction to Malware Analysis
byAndrew McNicol
 
Rest API Security
byStormpath
 

Similar to Recon and Bug Bounties - What a great love story!

PPTX
Bug Bounty - Play For Money
byShubham Gupta
 
PPTX
Bug Bounty #Defconlucknow2016
byShubham Gupta
 
PDF
BugBounty Roadmap with Mohammed Adam
byMohammed Adam
 
PDF
BugBounty Tips.pdf
byKhaledMohamed767546
 
PPTX
Hacking WebApps for fun and profit : how to approach a target?
byYassine Aboukir
 
PDF
Bug Bounty Blueprint : A Beginner's Guide
byVarun Mithran
 
PDF
Bug Bounty Career.pdf
byVishal318796
 
PPTX
Getting_Started_with_Bug_Bounty program.
byglcrushgaming
 
PDF
Testers, get into security bug bounties!
byeusebiu daniel blindu
 
PPTX
HackerOne X IoT Lab Bug Bounty 101 with Encryptsaan & IoT Lab at KIIT Univers...
bykumarpriyanshu81
 
PPTX
How to do well in Bug bounty programs. Presentation at @nullhyd by Abhijeth
byAbhijeth D
 
PPTX
Squashing bugs: Introduction to Bug Bounties ISSA Dehradun Chapter
byAvi Sharma
 
PDF
Yet another talk on bug bounty
byvinoth kumar
 
PPTX
Crypto Night at CSUS - Bug Bounties
byBehrouz Sadeghipour
 
PPTX
Web Application Security And Getting Into Bug Bounties
bykunwaratul hax0r
 
PPTX
Bug bounties - cén scéal?
byCiaran McNally
 
PDF
Fun & profit with bug bounties
byn|u - The Open Security Community
 
PPTX
Nbt con december-2014-slides
byBehrouz Sadeghipour
 
PPTX
Nbt con december-2014-slides
byBehrouz Sadeghipour
 
PPTX
bug_bountybug_bountybug_bountybug_bounty.pptx
byFutureTechnologies3
 
Bug Bounty - Play For Money
byShubham Gupta
 
Bug Bounty #Defconlucknow2016
byShubham Gupta
 
BugBounty Roadmap with Mohammed Adam
byMohammed Adam
 
BugBounty Tips.pdf
byKhaledMohamed767546
 
Hacking WebApps for fun and profit : how to approach a target?
byYassine Aboukir
 
Bug Bounty Blueprint : A Beginner's Guide
byVarun Mithran
 
Bug Bounty Career.pdf
byVishal318796
 
Getting_Started_with_Bug_Bounty program.
byglcrushgaming
 
Testers, get into security bug bounties!
byeusebiu daniel blindu
 
HackerOne X IoT Lab Bug Bounty 101 with Encryptsaan & IoT Lab at KIIT Univers...
bykumarpriyanshu81
 
How to do well in Bug bounty programs. Presentation at @nullhyd by Abhijeth
byAbhijeth D
 
Squashing bugs: Introduction to Bug Bounties ISSA Dehradun Chapter
byAvi Sharma
 
Yet another talk on bug bounty
byvinoth kumar
 
Crypto Night at CSUS - Bug Bounties
byBehrouz Sadeghipour
 
Web Application Security And Getting Into Bug Bounties
bykunwaratul hax0r
 
Bug bounties - cén scéal?
byCiaran McNally
 
Fun & profit with bug bounties
byn|u - The Open Security Community
 
Nbt con december-2014-slides
byBehrouz Sadeghipour
 
Nbt con december-2014-slides
byBehrouz Sadeghipour
 
bug_bountybug_bountybug_bountybug_bounty.pptx
byFutureTechnologies3
 

Recently uploaded

PPT
INTRODUCTION_TO_SOFTWARE_APPLICATION.pptx
byMESFINBELAY4
 
PPTX
ENDNOTE refrencing how to do step by step..
byhumairasohaib19
 
PDF
Cybrain Software Solutions – Building Future-Ready Digital Tools
byCybrain Software Solutions
 
PPTX
evolution of internet (internet journey)
byyamunadevi49
 
PDF
OFFENSIVE OPERATIONS : THE ANATOMY OF A NETWORK TAKEOVER
byBangladesh Network Operators Group
 
PDF
DNSSEC Implementation Journey at Prime Bank’s Domain
byBangladesh Network Operators Group
 
PDF
Automating ISP Networks Using Ansible and IPAM as a Source of Truth [SoT]
byBangladesh Network Operators Group
 
PDF
A Day in the Life of IPv6 Scanning by Matsuzaki ʻmazʼ
byBangladesh Network Operators Group
 
PPTX
BTCFi on Starknet,Troves.fi offers automated strategies for Bitcoin users on ...
bytrovesfi
 
PDF
A La Recherche Du Temps Perdu: In Search of the Cozy Web
byJen Looper
 
PPTX
Facebook: How to Maximize for Everyday Business
byLP3I Surabaya
 
PPTX
AI Presentation it all about what is ai and how to implement in real life
byshraddhasule1710
 
PPTX
Passive Presentation pasdskpasdasdasdasf
byNoOne501682
 
PPTX
ARCHITECTURESACGCHCIUOHCOHCSAKJCOQKCHUO.pptx
bymchlrdpc2921
 
PPTX
MEANING OF EMOJIS OF SOCIAL MEDIA - RUKUNDO Emmanuel..pptx
bysongsormusics
 
INTRODUCTION_TO_SOFTWARE_APPLICATION.pptx
byMESFINBELAY4
 
ENDNOTE refrencing how to do step by step..
byhumairasohaib19
 
Cybrain Software Solutions – Building Future-Ready Digital Tools
byCybrain Software Solutions
 
evolution of internet (internet journey)
byyamunadevi49
 
OFFENSIVE OPERATIONS : THE ANATOMY OF A NETWORK TAKEOVER
byBangladesh Network Operators Group
 
DNSSEC Implementation Journey at Prime Bank’s Domain
byBangladesh Network Operators Group
 
Automating ISP Networks Using Ansible and IPAM as a Source of Truth [SoT]
byBangladesh Network Operators Group
 
A Day in the Life of IPv6 Scanning by Matsuzaki ʻmazʼ
byBangladesh Network Operators Group
 
BTCFi on Starknet,Troves.fi offers automated strategies for Bitcoin users on ...
bytrovesfi
 
A La Recherche Du Temps Perdu: In Search of the Cozy Web
byJen Looper
 
Facebook: How to Maximize for Everyday Business
byLP3I Surabaya
 
AI Presentation it all about what is ai and how to implement in real life
byshraddhasule1710
 
Passive Presentation pasdskpasdasdasdasf
byNoOne501682
 
ARCHITECTURESACGCHCIUOHCOHCSAKJCOQKCHUO.pptx
bymchlrdpc2921
 
MEANING OF EMOJIS OF SOCIAL MEDIA - RUKUNDO Emmanuel..pptx
bysongsormusics
 
In this document
Powered by AI

Speaker introduces himself, his bug bounty experience, and his work as a top researcher.

Overview of the topics covered in the presentation regarding bug bounties and security.

Discussion on performing pentesting and understanding web security fundamentals.

Identification of various attack vectors and importance of understanding threat modeling.

Techniques for subdomain enumeration using tools like Sublist3r, Masscan, etc.

Addressing vulnerabilities in public databases and importance of subdomain lists.

Demonstration of hacking techniques using Google and extracting sensitive data.

Techniques for finding data and target practice; emphasizes creative targeting.

Recommendations for industry figures to follow for insights and learning in cybersecurity.

Acknowledgment of tools, contributors, and encouragement to maintain internet security.

Recon and Bug Bounties - What a great love story!