> For the complete documentation index, see [llms.txt](https://newrouge.gitbook.io/roguebook1/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://newrouge.gitbook.io/roguebook1/group/bug-bounty/talks-interviews-podcasts/bug-bounty-talks.md).

# Bug Bounty Talks

## 1. Top-Tier Bug Bounty Hunter Mindset - Yassine Aboukir (BSides Ahmedabad 2022)

Talk Link: <https://www.youtube.com/watch?v=QhpqBnu5MXo&t=161s>

Slides Link: <https://www.yassineaboukir.com//blog/Top-Tier-Bug-bounty-Hunter-Mindset-(BSides-Ahmedadabad-2022-Keynote)/>

<figure><img src="/files/Iq9xCeBDpxihPzoIOfWX" alt=""><figcaption><p>Basic recon flow</p></figcaption></figure>

#### Learning:

* Don't be lazy and test everything.
* Don't be scared of old programs and number of resolved reports. New code get pushed daily.
* Get paid features as not many people do it.
* Invest time in analysing JS files. Browse the application as a normal user and after that filter all `.js` files in burp.
* No impact no bug.
* There are two versions of getting aws metadata from ssrf
  * Simple get request
  * Authenticated request, which first needs to obtain a token to request aws metadata

CVE monitoring website: <https://attackerkb.com/>

<figure><img src="/files/QX1k8eQcvWKcOBvZqrYr" alt=""><figcaption><p>Keep these in mind</p></figcaption></figure>

##

## 2. Bug Bounty on steroids - Hussein Daher (BSides Ahmedabad 2022)

Talk Link: <https://www.youtube.com/watch?v=xnx0IQMQD3o>

Slides Link: <https://pr0xy.cc/bsides.pdf>

URL Payload list for fuzzing how application handles different URL patterns.

```
0xp.cc
0xp.cc/
@0xp.cc
\\0xp.cc
//0xp.cc
.0xp.cc/
.0xp.cc
%2f%2f0xp.cc
```

#### Learning:

* Don't just start hacking with very first thing you see. Browse the application thoroughly and let burp collect all endpoints.
* Understand all features of application.
* Get origin IP of server that may lead to WAF bypass.&#x20;
  * Shodan can be helpful for that by searching for title.
  * If it's a big target get all IP ranges and resolve them and get their title and match it against the title you have.

### 3. Bugcrowd GodfatherOrwa recon
