Bug Bounty Talks

Listen to the wise one.

1. Top-Tier Bug Bounty Hunter Mindset - Yassine Aboukir (BSides Ahmedabad 2022)

Talk Link: https://www.youtube.com/watch?v=QhpqBnu5MXo&t=161s

Slides Link: https://www.yassineaboukir.com//blog/Top-Tier-Bug-bounty-Hunter-Mindset-(BSides-Ahmedadabad-2022-Keynote)/

Basic recon flow

Learning:

  • Don't be lazy and test everything.

  • Don't be scared of old programs and number of resolved reports. New code get pushed daily.

  • Get paid features as not many people do it.

  • Invest time in analysing JS files. Browse the application as a normal user and after that filter all .js files in burp.

  • No impact no bug.

  • There are two versions of getting aws metadata from ssrf

    • Simple get request

    • Authenticated request, which first needs to obtain a token to request aws metadata

CVE monitoring website: https://attackerkb.com/

Keep these in mind

2. Bug Bounty on steroids - Hussein Daher (BSides Ahmedabad 2022)

Talk Link: https://www.youtube.com/watch?v=xnx0IQMQD3o

Slides Link: https://pr0xy.cc/bsides.pdf

URL Payload list for fuzzing how application handles different URL patterns.

0xp.cc
0xp.cc/
@0xp.cc
\\0xp.cc
//0xp.cc
.0xp.cc/
.0xp.cc
%2f%2f0xp.cc

Learning:

  • Don't just start hacking with very first thing you see. Browse the application thoroughly and let burp collect all endpoints.

  • Understand all features of application.

  • Get origin IP of server that may lead to WAF bypass.

    • Shodan can be helpful for that by searching for title.

    • If it's a big target get all IP ranges and resolve them and get their title and match it against the title you have.

3. Bugcrowd GodfatherOrwa recon

PreviousTalks/Interviews/PodcastsNextPodcasts

Last updated