# Bug Bounty Talks

## 1. Top-Tier Bug Bounty Hunter Mindset - Yassine Aboukir (BSides Ahmedabad 2022)

Talk Link: <https://www.youtube.com/watch?v=QhpqBnu5MXo&t=161s>

Slides Link: <https://www.yassineaboukir.com//blog/Top-Tier-Bug-bounty-Hunter-Mindset-(BSides-Ahmedadabad-2022-Keynote)/>

<figure><img src="/files/Iq9xCeBDpxihPzoIOfWX" alt=""><figcaption><p>Basic recon flow</p></figcaption></figure>

#### Learning:

* Don't be lazy and test everything.
* Don't be scared of old programs and number of resolved reports. New code get pushed daily.
* Get paid features as not many people do it.
* Invest time in analysing JS files. Browse the application as a normal user and after that filter all `.js` files in burp.
* No impact no bug.
* There are two versions of getting aws metadata from ssrf
  * Simple get request
  * Authenticated request, which first needs to obtain a token to request aws metadata

CVE monitoring website: <https://attackerkb.com/>

<figure><img src="/files/QX1k8eQcvWKcOBvZqrYr" alt=""><figcaption><p>Keep these in mind</p></figcaption></figure>

##

## 2. Bug Bounty on steroids - Hussein Daher (BSides Ahmedabad 2022)

Talk Link: <https://www.youtube.com/watch?v=xnx0IQMQD3o>

Slides Link: <https://pr0xy.cc/bsides.pdf>

URL Payload list for fuzzing how application handles different URL patterns.

```
0xp.cc
0xp.cc/
@0xp.cc
\\0xp.cc
//0xp.cc
.0xp.cc/
.0xp.cc
%2f%2f0xp.cc
```

#### Learning:

* Don't just start hacking with very first thing you see. Browse the application thoroughly and let burp collect all endpoints.
* Understand all features of application.
* Get origin IP of server that may lead to WAF bypass.&#x20;
  * Shodan can be helpful for that by searching for title.
  * If it's a big target get all IP ranges and resolve them and get their title and match it against the title you have.

### 3. Bugcrowd GodfatherOrwa recon


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://newrouge.gitbook.io/roguebook1/group/bug-bounty/talks-interviews-podcasts/bug-bounty-talks.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.