Bug Bounty Talks

Listen to the wise one.

1. Top-Tier Bug Bounty Hunter Mindset - Yassine Aboukir (BSides Ahmedabad 2022)

Talk Link: https://www.youtube.com/watch?v=QhpqBnu5MXo&t=161s

Slides Link: https://www.yassineaboukir.com//blog/Top-Tier-Bug-bounty-Hunter-Mindset-(BSides-Ahmedadabad-2022-Keynote)/

Basic recon flow

Learning:

• Don't be lazy and test everything.

• Don't be scared of old programs and number of resolved reports. New code get pushed daily.

• Get paid features as not many people do it.

• Invest time in analysing JS files. Browse the application as a normal user and after that filter all .js files in burp.

• No impact no bug.

• There are two versions of getting aws metadata from ssrf

  • Simple get request

  • Authenticated request, which first needs to obtain a token to request aws metadata

CVE monitoring website: https://attackerkb.com/

Keep these in mind

2. Bug Bounty on steroids - Hussein Daher (BSides Ahmedabad 2022)

Talk Link: https://www.youtube.com/watch?v=xnx0IQMQD3o

Slides Link: https://pr0xy.cc/bsides.pdf

URL Payload list for fuzzing how application handles different URL patterns.

0xp.cc
0xp.cc/
@0xp.cc
\\0xp.cc
//0xp.cc
.0xp.cc/
.0xp.cc
%2f%2f0xp.cc

Learning:

• Don't just start hacking with very first thing you see. Browse the application thoroughly and let burp collect all endpoints.

• Understand all features of application.

• Get origin IP of server that may lead to WAF bypass.

  • Shodan can be helpful for that by searching for title.

  • If it's a big target get all IP ranges and resolve them and get their title and match it against the title you have.

3. Bugcrowd GodfatherOrwa recon