Bug Bounty

Himanshu MehtaSenior Threat Analysis Engineer

✓ Security Intelligence Team @ Symantec

✓ Mentor @ NITI Aayog

✓ Bug Hunter | Penetration Tester | Security Researcher

✓ Speaker at National Cyber Security Conference, Hakon, Hack

In The Box & Hack In Paris

✓ Advisory Board Member @EC-Council & Convetit

✓ Program Committee Member of Dubai International

Conferences - Data Mining & Knowledge Management, and

Fuzzy Logic Systems

@LionHeartRoxx

Sachin Wagh

Threat Analysis Engineer

✓ Security Intelligence Team @ Symantec

✓ Speaker at HAKON, Infosecurity Europe and Hack In

Paris

✓ Bug Hunter | Penetration Tester | Security

Researcher

✓ Reviewer of “Hands-On Bug Bounty for Penetration

Testers” and “Burp Suite Cookbook”

@tiger_tigerboy

and the list continues..Yandex

Hats

Black Hat Grey Hat White Hat

Thinking Out of the Box

Thinking Out of the Box

Thinking Out of the Box

❑ Think out of the box.

❑ Report as soon as you find the bug.

Fast & Furious

Teams

Bug Bounty

Bug Bounty

❑ Companies: Receive vulnerability reports from bug hunters.

❑ Vulnerability: A security flaw or weakness found in software or in an operating system (OS) that can lead to security concerns.

❑ Bug Hunters: Receive awards for valid submissions.

❖ Bounty: 10$ - 100,000$

❖ Swag: T-shirt, Hoodie, Mug etc.

❑ Open For Signup

➢ Hackerone

➢ Bugcrowd

➢ BountyFactory

➢ Bugbountyjp

➢ Intigriti

➢ Open Bug Bounty

➢ Yogosha

❑ Invite based Platforms

➢ Synack

➢ Cobalt

Report Writing/Bug Submission

An awesome write-up of the bug you’ve found.

- hackerone

➢ P1 - Critical: Vulnerabilities that cause a privilege escalation from unprivileged to admin or allow for remote code execution, financial theft, etc.

➢ P2 - High: Vulnerabilities that affect the security of the software and impact the processes it supports.

➢ P3 - Medium: Vulnerabilities that affect multiple users and require little or no user interaction to trigger.

➢ P4 - Low: Vulnerabilities that affect singular users and require interaction or significant prerequisites to trigger (MitM) to trigger.

➢ P5 - Informational: Non-exploitable vulnerabilities in functionality. Vulnerabilities that are by design or are deemed acceptable business risk to the customer.

Burp Suite

OWASP ZAP

Kali Linux

SQLMAP

Wfuzz

Nmap

DirBuster and continue……..

inurl:"bug bounty" and intext:"€" and inurl:/security

intext:bounty inurl:/security

intext:"Bug Bounty" and intext:"BTC" and intext:"reward“

intext:"Bug Bounty" and inurl:"/bounty" and intext:"reward“

https://www.virustotal.com/#/domain/google.com

https://searchdns.netcraft.com/

Sublist3r

SubBrute

Knock

DNS Dumpster

How To Test:

0.lookup.axfr.support:true

dig @<name server> <target> axfr

1. Create two account for testing. In my case attacker1@gmail.comand attacker2@gmail.com

2. Now login with attacker1@gmail.com in one browser. After login, open another browser and request for reset password for attacker2@gmail.com.

3. After entering email id and captcha, you will get the link for resetting password.

4. Just copy the link and paste into the first browser where you already login for attacker1@gmail.com account.

E.g https://www.tesla.com/user/reset/98389498/1472248302/4ujwKW8mbcCottRZYCayKKRAjT_0LweAxjFRRMfz-1E

where 98389498 is userid.

5. Just increase it with 1 and it will discloses the email id of another user.

DLL Highjacking is a process by which malicious code is

injected into an application via a maliciousDLL with the

same name as a DLL used by the application.

Look for access denied, Require authentication error

GET http://www.example.com - 200

GET http://www.example.com/backlog/ - 404

GET http://www.example.com/admin/ - 401 hmm.. ok

GET http://www.example.com/admin/[bruteforce here now]

❑ Tools/OS

➢ Kali Linux OS

➢ Burp Suite

➢ Browser Plugins

❑ Methodologies

➢ OWASP Top 10

➢ SANS Top 25

➢ Google Hacking Database (GHDB)

❑ Web and browser

➢ Web Hacking 101 by Peter Yaworski.

➢ Breaking into Information Security: Learning the Ropes 101 by Andy Gill.

➢ The Web Application Hacker’s Handbook: Finding and Exploiting Security Flaws

by Dafydd Stuttard and Marcus Pinto.

➢ Tangled Web by Michal Zalewski.

➢ OWASP Testing Guide v4 by OWASP Breakers community.

❑ Mobile

➢ The Mobile Application Hacker's Handbook by Dominic Chell et al.

➢ iOS Application Security: The Definitive Guide for Hackers and Developers by David Thiel.

❑ Cryptography

➢ Crypto 101 by Laurens Van Houtven.

❑ IEEE Papers

➢ https://sci-hub.io/

➢ VulnHub

➢ Pentesterlab

➢ XSS Game

➢ Hack This Site

➢ Root-Me

➢ HackTheBox

➢ Hack Me

➢ CTF 365

➢ Google Gruyere

➢ OWASP Juice Shop

➢ Hack Yourself First

➢ bWAPP

➢ Pentestbox

Certifications

❑ Offensive Security

❑ SANS

❑ EC-Council

❑ eLearnSecurity

Conferences

❑ HAKON

❑ Blackhat

❑ Defcon

❑ RSA

❑ ShmooCon

❑ HITBSecConf

❑ Bsides

❑ Hack In Paris

Thank You