Fun & Profit with Bug Bounties - Tips for Getting Started
1. Fun & Profit with
Bug Bounties
- Madhu Akula
Null - DharamshalaNull - Dharamshala
2. About Me !
root@localhost :~# whoami
Madhu Akula
Information Security Enthusiastic
madhu.akula@hotmail.com
www.madhuakula.com
in.linkedin.com/in/madhuakula fb.com/madhu.akula twitter.com/madhuakula
3. Agenda
What and how to start
Bug Bounties
&
My experience with
bug bounties...
4. What is bug bounty ?
Vendor :
● Create a program
● Offer HOF (or) Swag (or) Reward (or) Duplicate
● Get the all vulnerabilities and Fix asap !
● Make products and applications secure
Researcher :
● Find the vulnerabilities in target
● Get mostly duplicates :P
● Other wise Hof, Swag (or) Reward !
● Share in Social Network
8. How to start ???
● Learn how things will work
● Owasp is our home to learn Web Application Security
● Do home work with Broken Web Apps
● Then apply what you learn !
Start with your requests untill you will get the response :)
9. How to start ???
● Your main resource for bug bounties is gathering Proof Of
Concepts (POC) !
● Checking blogs for write up
● Adding bug hunters into your friends list to get PoC's as
well as new programs :p
● Checking for new vulnerabilities
site:hackerone.com/reports/
10. How to start ???
● Take one site from the list of sites
● Check your luck with new sites
● Then try to map the target with attack surface
● Check for OWASP Vulnerabilities as first priority
● Check other type of vulnerabilities also
● Then get hof, swags and $$$$
11. Common checks !
● Cross Site Scripting
● Cross Site Request Forgery
● Injections
● Authentication and Session Mechanism
● Remote Code Execution
● Other...
12. Resources
Mozilla and addon's
● Live HTTP Headers
● Tamper Data
● Wappalyzer
● Foxyproxy
● Firebug
● Hack bar
● User switcher
● Others...
writing custom scripts will give you more good and quick results
searchdns.netcraft.com, www.wolframalpha.com - For subdomains finding !
Keep ready made report templates to become you are the first person to find !
Finally use https://pentest-tools.com
Proxies
● Burp
● Owasp ZAP
● Any other
Search Engine Discovery
Google, Shodan, Bing, other
Open Source
● Ironwasp
● Xenotix
● Many more...
Bye bye to Scanners !
13. My Experiance with Bug Bounties !
Started with Duplicates...
Don't know what is bug hunting (n00b)
14. Digging into deep !
● only one target, find bugs untill you will be the first person
to find !
● Once you are the first person if is there any reward try
more untill you will be listed in Top members...
18. The End !
● It's enough
● Realised that I'm wasting everyday 2hrs
● Luck is the best kick for duplicates
● Started as noob and got some expriance with app security
● Good friends in Social Networks
● Then started contributing to Open Source and got some
CVE-2014-4329, CVE-2014-4722, CVE-2014-4853
19. Conclusion
Bug bounties are not only for rewards (or) fame. You will
learn about new attacks and exploitation techniques by
playing with other applications.