SlideShare ist ein Scribd-Unternehmen logo

Bug Bounty #Defconlucknow2016

Als PPTX, PDF herunterladen
Shubham Gupta
Shubham Gupta

If you have some feedback please shoot me an mail to: shubhamgupta109.1995@gmail.com.

Internet
1 von 40
Bug Bounty Shubham Gupta & Yash Pandya
About Us
Shubham Gupta Just another random guy interested in security Web Application Hacker Security Consultant at Pyramid Cyber Security & Forensic I’ve been got acknowledgement by more than 100 companies like as Google, Microsoft, Twitter, Yahoo, Adobe. Among top 100 bug hunter in Hackerone. Penetration tester
Yash Pandya  23 yr old Electronics and communication engineer from Gujarat .  i have experience in R&D on Embedded systems , networking, image processing, Robotics ,RTOS and Web application security.  Working as a Senior Security tester at IGATE GLOBAL Solutions.  I’ve been got acknowledgement by more than 100 companies like as Google, Microsoft, Yahoo, Apple, AT&T.  My primary goal is to give contribution towards open source technologies and make cyber space more secure and safer.
Agenda Introduction Why bug hunting? How to do bug hunting? Quick Tips POC Pros and Cons of bug hunting. Q&A
INTRODUCTION
A Brief History of Bug Bounty Programs. - 1995 (Net Scape) - 2004 (FIREFOX) - 2005 - 2007 - 2010 - 2011 - 2012 - 2013 -2013 (Cobalt) - 2013 (Synack )
 Now even a College dropout or even school boy can do that seating at home so BIG THANKS TO BUGBOUNTY PROGRAMME!!! :D  In 2015 few researchers set a great example for community by earning 5,00,000$/year without doing any job.  BYE BYE !!!!  2015 was really challenging year for BUGBOUNTY Hunters. Because “><img src=x onerror=prompt(1)> was not gonna work :P .
 In 2015 bug hunters Proved that  Bug hunters going to do anything to earn more money in 2015 because of that they started thinking out of the box scenarios.  Some of the creative and impressive bugs reported in 2015 are as below: I. Svg File upload xss. II. CSV Injections III. EL Injections. IV. Sub domain takeover V. Same Origin bypass
Bug bounty hunters dream hall of fame companies
Why to invest time in hunting bugs rather then development?
Why bug hunting?  Chances of finding bugs to put on your cv.  Possibility of getting job.  lots of money in very less time  Cool T-shirts, Hoodies, Mugs and many more swags  Recognition  Connections  Less security breaches  Enjoyment  Person will Learn to work hard because of Competition
Types of bugs.  Web Vulnerabilities.  Software Products Vulnerabilities  Browser Vulnerabilities  Network Vulnerabilities  Mobile app Vulnerabilities.  Hardware Vulnerabilities.
How to kickoff for hunting bugs?
How to do bug hunting?  Bug hunting is all about Exploring Weaknesses and Experimentation.  It requires 30% programming knowledge and 70% logical out of box thinking.  Try each and every Combination to exploit bug .  Dig dipper.  Try more to find logical bugs it will increase your chance for higher payouts and reduce chances for Duplicates.
 OWASP Testing Guide / Web Application Hackers handbook.  Public reports and papers from . https://packetstormsecurity.com/ http://h1.nobbd.de/ https://www.facebook.com/notes/phwd/facebook-bug- bounties/707217202701640 Tools  Burp/ZAP/Fiddeler.  Ironowasp.  Appwatch  Appie
QUICK TIPS
Quick Tips  Don’t use scanner.  Use Google Dorks. I. EX: inurl: src|path|link|url II. filetype:asp|aspx|jsp|jspa|php  Make your own.  Create Google alerts for recent changes in Bug bounty programmes or for any other security related blogs.
 Look out for information disclosure which are quick to find: I. https://www.site.com/.htaccess if you are lucky then you will get access of .htaccess. Now go and report this bug and earn some $$ . II. Go to https://www.site.com/server-status III. GO to https://www.site.com/.svn/entries .  Try for Directory traversal using python script and using it try to find RCE .  IDOR by changing id parameters in request .  Unauthorized access of Data. Ex: Try to access pics or conversations or files which is deleted using api.
 Try to Complete CTF, online hacking Challenges.  Attend Webinars, Security Conferences.  Make Good relations with other security researchers and try to learn something from them.  Try to report Exploitable bugs .Don’t waste your and other’s time by reporting Non-Exploitable issues.  Try to test each platform IOS, ANDROID, SOFTWARE , Web Applications.  Read as much as you can.
POC
Svg XSS  One of the most unique bug of 2015 and easy to find.  Most of the web based projects include svg for a clear and interactive user experience.
 To verify this answer I created an svg file with an XSS vector below and started testing the websites that allow images .
Most of the site is vulner able for svg xss.
I was like
5 IDOR in GOOGLE’S ACQUISITION Title: IDOR : DELTE any user's Pagerduty services from stack driver. URL: https://app.stackdriver.com/settings/notifications/pagerduty/ Steps to reproduce: 1. go to https://app.stackdriver.com/settings/notifications/pagerduty/ 2. Add service 3. click on delete service 4. capture the request using burp suite 5. From Captured request change notification_method_id=any value 6. Remove x-CsrfToken value from request. 7. submit the request you can successfully delete pagerduty service of any user.
Request: GET /api/settings/policies-by-notification- method?notification_method_id=821&amp;notification_method_type=pagerduty HTTP/1.1Host: app.stackdriver.com User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0Accept: application/json, text/plain, */*Accept-Language: en- US,en;q=0.5Accept-Encoding: gzip, deflate X-CSRFToken: sNLQRp560GcTsDf228EWmzhoAfRt3XMg Referer: https://app.stackdriver.com/settings/notifications/pagerduty/ Cookie: __utma=25593471.1715845722.1411286450.1444643859.1445864251.5; csrftoken=sNLQRp560GcTsDf228EWmzhoAfRt3XMg;
Some time you can be lucky
Subdomain Takeover in Avant Parth thanks for writing that code 
Insecure Internal Storage
DO’S AND DON’TS
Do’s and Don’ts  When don’t “pay” don’t invest much time.  Don’t be a script kiddie always dig dipper.  Play by your own rules  Learn about the most common eligible vulnerabilities, how to find them, and how to increase your chances of receiving rewards.  Become an effective hunter and start reporting bugs for cash in no time.
Thanks 
What to do with bug bounties?
Bug Bounty #Defconlucknow2016
Bug Bounty #Defconlucknow2016
Bug Bounty #Defconlucknow2016
Bug Bounty #Defconlucknow2016

Empfohlen

Bug Bounty 101
Bug Bounty 101Bug Bounty 101
Bug Bounty 101Shahee Mirza
 
Bug Bounty Secrets
Bug Bounty Secrets Bug Bounty Secrets
Bug Bounty Secrets n|u - The Open Security Community
 
Saying Hello to Bug Bounty
Saying Hello to Bug BountySaying Hello to Bug Bounty
Saying Hello to Bug BountyNull Bhubaneswar
 
Bug Bounty for - Beginners
Bug Bounty for - BeginnersBug Bounty for - Beginners
Bug Bounty for - BeginnersHimanshu Kumar Das
 
Bug Bounty Programs For The Web
Bug Bounty Programs For The WebBug Bounty Programs For The Web
Bug Bounty Programs For The WebMichael Coates
 
Bug bounty
Bug bountyBug bounty
Bug bountyn|u - The Open Security Community
 
Bug bounty null_owasp_2k17
Bug bounty null_owasp_2k17Bug bounty null_owasp_2k17
Bug bounty null_owasp_2k17Sagar M Parmar
 
Bug Bounty Hunter Methodology - Nullcon 2016
Bug Bounty Hunter Methodology - Nullcon 2016Bug Bounty Hunter Methodology - Nullcon 2016
Bug Bounty Hunter Methodology - Nullcon 2016bugcrowd
 

Empfohlen

Bug Bounty 101
Bug Bounty 101Bug Bounty 101
Bug Bounty 101Shahee Mirza
 
Bug Bounty Secrets
Bug Bounty Secrets Bug Bounty Secrets
Bug Bounty Secrets n|u - The Open Security Community
 
Saying Hello to Bug Bounty
Saying Hello to Bug BountySaying Hello to Bug Bounty
Saying Hello to Bug BountyNull Bhubaneswar
 
Bug Bounty for - Beginners
Bug Bounty for - BeginnersBug Bounty for - Beginners
Bug Bounty for - BeginnersHimanshu Kumar Das
 
Bug Bounty Programs For The Web
Bug Bounty Programs For The WebBug Bounty Programs For The Web
Bug Bounty Programs For The WebMichael Coates
 
Bug bounty
Bug bountyBug bounty
Bug bountyn|u - The Open Security Community
 
Bug bounty null_owasp_2k17
Bug bounty null_owasp_2k17Bug bounty null_owasp_2k17
Bug bounty null_owasp_2k17Sagar M Parmar
 
Bug Bounty Hunter Methodology - Nullcon 2016
Bug Bounty Hunter Methodology - Nullcon 2016Bug Bounty Hunter Methodology - Nullcon 2016
Bug Bounty Hunter Methodology - Nullcon 2016bugcrowd
 
Bug Bounty - Play For Money
Bug Bounty - Play For MoneyBug Bounty - Play For Money
Bug Bounty - Play For MoneyShubham Gupta
 
Bug Bounty Basics
Bug Bounty BasicsBug Bounty Basics
Bug Bounty BasicsHackerOne
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applicationsNiyas Nazar
 
Web application security & Testing
Web application security & TestingWeb application security & Testing
Web application security & TestingDeepu S Nath
 
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...Edureka!
 
Recon and Bug Bounties - What a great love story!
Recon and Bug Bounties - What a great love story!Recon and Bug Bounties - What a great love story!
Recon and Bug Bounties - What a great love story!Abhijeth D
 
Penetration testing reporting and methodology
Penetration testing reporting and methodologyPenetration testing reporting and methodology
Penetration testing reporting and methodologyRashad Aliyev
 
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxDARSHANBHAVSAR14
 
The Game of Bug Bounty Hunting - Money, Drama, Action and Fame
The Game of Bug Bounty Hunting - Money, Drama, Action and FameThe Game of Bug Bounty Hunting - Money, Drama, Action and Fame
The Game of Bug Bounty Hunting - Money, Drama, Action and FameAbhinav Mishra
 
Web Application Security and Awareness
Web Application Security and AwarenessWeb Application Security and Awareness
Web Application Security and AwarenessAbdul Rahman Sherzad
 
Cybersecurity for Small Business - Incident Response.pptx
Cybersecurity for Small Business - Incident Response.pptxCybersecurity for Small Business - Incident Response.pptx
Cybersecurity for Small Business - Incident Response.pptxArt Ocain
 
Application Security - Your Success Depends on it
Application Security - Your Success Depends on itApplication Security - Your Success Depends on it
Application Security - Your Success Depends on itWSO2
 
Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)Amit Tyagi
 
Penetration testing web application web application (in) security
Penetration testing web application web application (in) securityPenetration testing web application web application (in) security
Penetration testing web application web application (in) securityNahidul Kibria
 
ATTACKers Think in Graphs: Building Graphs for Threat Intelligence
ATTACKers Think in Graphs: Building Graphs for Threat IntelligenceATTACKers Think in Graphs: Building Graphs for Threat Intelligence
ATTACKers Think in Graphs: Building Graphs for Threat IntelligenceMITRE - ATT&CKcon
 
DDoS Protection
DDoS ProtectionDDoS Protection
DDoS ProtectionAmazon Web Services
 
A2 - broken authentication and session management(OWASP thailand chapter Apri...
A2 - broken authentication and session management(OWASP thailand chapter Apri...A2 - broken authentication and session management(OWASP thailand chapter Apri...
A2 - broken authentication and session management(OWASP thailand chapter Apri...Noppadol Songsakaew
 
Ethical hacking/ Penetration Testing
Ethical hacking/ Penetration TestingEthical hacking/ Penetration Testing
Ethical hacking/ Penetration TestingANURAG CHAKRABORTY
 
Web Application Security 101
Web Application Security 101Web Application Security 101
Web Application Security 101Cybersecurity Education and Research Centre
 
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016Frans Rosén
 
Android mobile app security offensive security workshop
Android mobile app security offensive security workshopAndroid mobile app security offensive security workshop
Android mobile app security offensive security workshopAbhinav Sejpal
 
Squashing bugs: Introduction to Bug Bounties ISSA Dehradun Chapter
Squashing bugs: Introduction to Bug Bounties ISSA Dehradun ChapterSquashing bugs: Introduction to Bug Bounties ISSA Dehradun Chapter
Squashing bugs: Introduction to Bug Bounties ISSA Dehradun ChapterAvi Sharma
 

Weitere ähnliche Inhalte

Was ist angesagt?

Bug Bounty - Play For Money
Bug Bounty - Play For MoneyBug Bounty - Play For Money
Bug Bounty - Play For MoneyShubham Gupta
 
Bug Bounty Basics
Bug Bounty BasicsBug Bounty Basics
Bug Bounty BasicsHackerOne
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applicationsNiyas Nazar
 
Web application security & Testing
Web application security & TestingWeb application security & Testing
Web application security & TestingDeepu S Nath
 
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...Edureka!
 
Recon and Bug Bounties - What a great love story!
Recon and Bug Bounties - What a great love story!Recon and Bug Bounties - What a great love story!
Recon and Bug Bounties - What a great love story!Abhijeth D
 
Penetration testing reporting and methodology
Penetration testing reporting and methodologyPenetration testing reporting and methodology
Penetration testing reporting and methodologyRashad Aliyev
 
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxDARSHANBHAVSAR14
 
The Game of Bug Bounty Hunting - Money, Drama, Action and Fame
The Game of Bug Bounty Hunting - Money, Drama, Action and FameThe Game of Bug Bounty Hunting - Money, Drama, Action and Fame
The Game of Bug Bounty Hunting - Money, Drama, Action and FameAbhinav Mishra
 
Web Application Security and Awareness
Web Application Security and AwarenessWeb Application Security and Awareness
Web Application Security and AwarenessAbdul Rahman Sherzad
 
Cybersecurity for Small Business - Incident Response.pptx
Cybersecurity for Small Business - Incident Response.pptxCybersecurity for Small Business - Incident Response.pptx
Cybersecurity for Small Business - Incident Response.pptxArt Ocain
 
Application Security - Your Success Depends on it
Application Security - Your Success Depends on itApplication Security - Your Success Depends on it
Application Security - Your Success Depends on itWSO2
 
Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)Amit Tyagi
 
Penetration testing web application web application (in) security
Penetration testing web application web application (in) securityPenetration testing web application web application (in) security
Penetration testing web application web application (in) securityNahidul Kibria
 
ATTACKers Think in Graphs: Building Graphs for Threat Intelligence
ATTACKers Think in Graphs: Building Graphs for Threat IntelligenceATTACKers Think in Graphs: Building Graphs for Threat Intelligence
ATTACKers Think in Graphs: Building Graphs for Threat IntelligenceMITRE - ATT&CKcon
 
A2 - broken authentication and session management(OWASP thailand chapter Apri...
A2 - broken authentication and session management(OWASP thailand chapter Apri...A2 - broken authentication and session management(OWASP thailand chapter Apri...
A2 - broken authentication and session management(OWASP thailand chapter Apri...Noppadol Songsakaew
 
Ethical hacking/ Penetration Testing
Ethical hacking/ Penetration TestingEthical hacking/ Penetration Testing
Ethical hacking/ Penetration TestingANURAG CHAKRABORTY
 
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016Frans Rosén
 

Was ist angesagt? (20)

Bug Bounty - Play For Money
Bug Bounty - Play For MoneyBug Bounty - Play For Money
Bug Bounty - Play For Money
 
Bug Bounty Basics
Bug Bounty BasicsBug Bounty Basics
Bug Bounty Basics
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applications
 
Web application security & Testing
Web application security & TestingWeb application security & Testing
Web application security & Testing
 
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
 
Recon and Bug Bounties - What a great love story!
Recon and Bug Bounties - What a great love story!Recon and Bug Bounties - What a great love story!
Recon and Bug Bounties - What a great love story!
 
Penetration testing reporting and methodology
Penetration testing reporting and methodologyPenetration testing reporting and methodology
Penetration testing reporting and methodology
 
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptx
 
The Game of Bug Bounty Hunting - Money, Drama, Action and Fame
The Game of Bug Bounty Hunting - Money, Drama, Action and FameThe Game of Bug Bounty Hunting - Money, Drama, Action and Fame
The Game of Bug Bounty Hunting - Money, Drama, Action and Fame
 
Web Application Security and Awareness
Web Application Security and AwarenessWeb Application Security and Awareness
Web Application Security and Awareness
 
Cybersecurity for Small Business - Incident Response.pptx
Cybersecurity for Small Business - Incident Response.pptxCybersecurity for Small Business - Incident Response.pptx
Cybersecurity for Small Business - Incident Response.pptx
 
Application Security - Your Success Depends on it
Application Security - Your Success Depends on itApplication Security - Your Success Depends on it
Application Security - Your Success Depends on it
 
Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)
 
Penetration testing web application web application (in) security
Penetration testing web application web application (in) securityPenetration testing web application web application (in) security
Penetration testing web application web application (in) security
 
ATTACKers Think in Graphs: Building Graphs for Threat Intelligence
ATTACKers Think in Graphs: Building Graphs for Threat IntelligenceATTACKers Think in Graphs: Building Graphs for Threat Intelligence
ATTACKers Think in Graphs: Building Graphs for Threat Intelligence
 
DDoS Protection
DDoS ProtectionDDoS Protection
DDoS Protection
 
A2 - broken authentication and session management(OWASP thailand chapter Apri...
A2 - broken authentication and session management(OWASP thailand chapter Apri...A2 - broken authentication and session management(OWASP thailand chapter Apri...
A2 - broken authentication and session management(OWASP thailand chapter Apri...
 
Ethical hacking/ Penetration Testing
Ethical hacking/ Penetration TestingEthical hacking/ Penetration Testing
Ethical hacking/ Penetration Testing
 
Web Application Security 101
Web Application Security 101Web Application Security 101
Web Application Security 101
 
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016
 

Ähnlich wie Bug Bounty #Defconlucknow2016

Android mobile app security offensive security workshop
Android mobile app security offensive security workshopAndroid mobile app security offensive security workshop
Android mobile app security offensive security workshopAbhinav Sejpal
 
Squashing bugs: Introduction to Bug Bounties ISSA Dehradun Chapter
Squashing bugs: Introduction to Bug Bounties ISSA Dehradun ChapterSquashing bugs: Introduction to Bug Bounties ISSA Dehradun Chapter
Squashing bugs: Introduction to Bug Bounties ISSA Dehradun ChapterAvi Sharma
 
Basics of getting Into Bug Bounty Hunting
Basics of getting Into Bug Bounty HuntingBasics of getting Into Bug Bounty Hunting
Basics of getting Into Bug Bounty HuntingMuhammad Khizer Javed
 
How to Incorporate a Security-First Approach to Your Products by spiderSlik C...
How to Incorporate a Security-First Approach to Your Products by spiderSlik C...How to Incorporate a Security-First Approach to Your Products by spiderSlik C...
How to Incorporate a Security-First Approach to Your Products by spiderSlik C...Product School
 
Web Security - Introduction
Web Security - IntroductionWeb Security - Introduction
Web Security - IntroductionSQALab
 
Web Security - Introduction v.1.3
Web Security - Introduction v.1.3Web Security - Introduction v.1.3
Web Security - Introduction v.1.3Oles Seheda
 
Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...
Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...
Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...Mazin Ahmed
 
BugBounty Roadmap with Mohammed Adam
BugBounty Roadmap with Mohammed AdamBugBounty Roadmap with Mohammed Adam
BugBounty Roadmap with Mohammed AdamMohammed Adam
 
Web Application Security And Getting Into Bug Bounties
Web Application Security And Getting Into Bug BountiesWeb Application Security And Getting Into Bug Bounties
Web Application Security And Getting Into Bug Bountieskunwaratul hax0r
 
Pentesting Android Applications
Pentesting Android ApplicationsPentesting Android Applications
Pentesting Android ApplicationsCláudio André
 
Android reverse engineering - Analyzing skype
Android reverse engineering - Analyzing skypeAndroid reverse engineering - Analyzing skype
Android reverse engineering - Analyzing skypeMário Almeida
 
Cyber Security Workshop @SPIT- 3rd October 2015
Cyber Security Workshop @SPIT- 3rd October 2015Cyber Security Workshop @SPIT- 3rd October 2015
Cyber Security Workshop @SPIT- 3rd October 2015Nilesh Sapariya
 
Javascript Security - Three main methods of defending your MEAN stack
Javascript Security - Three main methods of defending your MEAN stackJavascript Security - Three main methods of defending your MEAN stack
Javascript Security - Three main methods of defending your MEAN stackRan Bar-Zik
 
Earn Money from bug bounty
Earn Money from bug bountyEarn Money from bug bounty
Earn Money from bug bountyJay Nagar
 
Jerod Brennen - What You Need to Know About OSINT
Jerod Brennen - What You Need to Know About OSINTJerod Brennen - What You Need to Know About OSINT
Jerod Brennen - What You Need to Know About OSINTcentralohioissa
 
Securing a Cloud Migration
Securing a Cloud MigrationSecuring a Cloud Migration
Securing a Cloud MigrationVMware Tanzu
 
Blue team reboot - HackFest
Blue team reboot - HackFest Blue team reboot - HackFest
Blue team reboot - HackFest Haydn Johnson
 

Ähnlich wie Bug Bounty #Defconlucknow2016 (20)

Android mobile app security offensive security workshop
Android mobile app security offensive security workshopAndroid mobile app security offensive security workshop
Android mobile app security offensive security workshop
 
Squashing bugs: Introduction to Bug Bounties ISSA Dehradun Chapter
Squashing bugs: Introduction to Bug Bounties ISSA Dehradun ChapterSquashing bugs: Introduction to Bug Bounties ISSA Dehradun Chapter
Squashing bugs: Introduction to Bug Bounties ISSA Dehradun Chapter
 
Basics of getting Into Bug Bounty Hunting
Basics of getting Into Bug Bounty HuntingBasics of getting Into Bug Bounty Hunting
Basics of getting Into Bug Bounty Hunting
 
Nbt con december-2014-slides
Nbt con december-2014-slidesNbt con december-2014-slides
Nbt con december-2014-slides
 
Nbt con december-2014-slides
Nbt con december-2014-slidesNbt con december-2014-slides
Nbt con december-2014-slides
 
How to Incorporate a Security-First Approach to Your Products by spiderSlik C...
How to Incorporate a Security-First Approach to Your Products by spiderSlik C...How to Incorporate a Security-First Approach to Your Products by spiderSlik C...
How to Incorporate a Security-First Approach to Your Products by spiderSlik C...
 
Web Security - Introduction
Web Security - IntroductionWeb Security - Introduction
Web Security - Introduction
 
Web Security - Introduction v.1.3
Web Security - Introduction v.1.3Web Security - Introduction v.1.3
Web Security - Introduction v.1.3
 
Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...
Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...
Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...
 
BugBounty Roadmap with Mohammed Adam
BugBounty Roadmap with Mohammed AdamBugBounty Roadmap with Mohammed Adam
BugBounty Roadmap with Mohammed Adam
 
Web Application Security And Getting Into Bug Bounties
Web Application Security And Getting Into Bug BountiesWeb Application Security And Getting Into Bug Bounties
Web Application Security And Getting Into Bug Bounties
 
Pentesting Android Applications
Pentesting Android ApplicationsPentesting Android Applications
Pentesting Android Applications
 
Android reverse engineering - Analyzing skype
Android reverse engineering - Analyzing skypeAndroid reverse engineering - Analyzing skype
Android reverse engineering - Analyzing skype
 
Cyber Security Workshop @SPIT- 3rd October 2015
Cyber Security Workshop @SPIT- 3rd October 2015Cyber Security Workshop @SPIT- 3rd October 2015
Cyber Security Workshop @SPIT- 3rd October 2015
 
Javascript Security - Three main methods of defending your MEAN stack
Javascript Security - Three main methods of defending your MEAN stackJavascript Security - Three main methods of defending your MEAN stack
Javascript Security - Three main methods of defending your MEAN stack
 
Earn Money from bug bounty
Earn Money from bug bountyEarn Money from bug bounty
Earn Money from bug bounty
 
Jerod Brennen - What You Need to Know About OSINT
Jerod Brennen - What You Need to Know About OSINTJerod Brennen - What You Need to Know About OSINT
Jerod Brennen - What You Need to Know About OSINT
 
Securing a Cloud Migration
Securing a Cloud MigrationSecuring a Cloud Migration
Securing a Cloud Migration
 
Securing a Cloud Migration
Securing a Cloud MigrationSecuring a Cloud Migration
Securing a Cloud Migration
 
Blue team reboot - HackFest
Blue team reboot - HackFest Blue team reboot - HackFest
Blue team reboot - HackFest
 

Kürzlich hochgeladen

Company Snapshot Theme for Business by Slidesgo.pptx
Company Snapshot Theme for Business by Slidesgo.pptxCompany Snapshot Theme for Business by Slidesgo.pptx
Company Snapshot Theme for Business by Slidesgo.pptxMario
 
SCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is prediSCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is predieusebiomeyer
 
Unidad 4 – Redes de ordenadores (en inglés).pptx
Unidad 4 – Redes de ordenadores (en inglés).pptxUnidad 4 – Redes de ordenadores (en inglés).pptx
Unidad 4 – Redes de ordenadores (en inglés).pptxmibuzondetrabajo
 
ETHICAL HACKING dddddddddddddddfnandni.pptx
ETHICAL HACKING dddddddddddddddfnandni.pptxETHICAL HACKING dddddddddddddddfnandni.pptx
ETHICAL HACKING dddddddddddddddfnandni.pptxNIMMANAGANTI RAMAKRISHNA
 
IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119APNIC
 
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书zdzoqco
 
Top 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxTop 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxDyna Gilbert
 
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书rnrncn29
 
TRENDS Enabling and inhibiting dimensions.pptx
TRENDS Enabling and inhibiting dimensions.pptxTRENDS Enabling and inhibiting dimensions.pptx
TRENDS Enabling and inhibiting dimensions.pptxAndrieCagasanAkio
 
Film cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasaFilm cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasa494f574xmv
 
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书rnrncn29
 

Kürzlich hochgeladen (11)

Company Snapshot Theme for Business by Slidesgo.pptx
Company Snapshot Theme for Business by Slidesgo.pptxCompany Snapshot Theme for Business by Slidesgo.pptx
Company Snapshot Theme for Business by Slidesgo.pptx
 
SCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is prediSCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is predi
 
Unidad 4 – Redes de ordenadores (en inglés).pptx
Unidad 4 – Redes de ordenadores (en inglés).pptxUnidad 4 – Redes de ordenadores (en inglés).pptx
Unidad 4 – Redes de ordenadores (en inglés).pptx
 
ETHICAL HACKING dddddddddddddddfnandni.pptx
ETHICAL HACKING dddddddddddddddfnandni.pptxETHICAL HACKING dddddddddddddddfnandni.pptx
ETHICAL HACKING dddddddddddddddfnandni.pptx
 
IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119
 
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
 
Top 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxTop 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptx
 
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
 
TRENDS Enabling and inhibiting dimensions.pptx
TRENDS Enabling and inhibiting dimensions.pptxTRENDS Enabling and inhibiting dimensions.pptx
TRENDS Enabling and inhibiting dimensions.pptx
 
Film cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasaFilm cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasa
 
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
 

Bug Bounty #Defconlucknow2016

  • 1. Bug Bounty Shubham Gupta & Yash Pandya
  • 3. Shubham Gupta Just another random guy interested in security Web Application Hacker Security Consultant at Pyramid Cyber Security & Forensic I’ve been got acknowledgement by more than 100 companies like as Google, Microsoft, Twitter, Yahoo, Adobe. Among top 100 bug hunter in Hackerone. Penetration tester
  • 4. Yash Pandya  23 yr old Electronics and communication engineer from Gujarat .  i have experience in R&D on Embedded systems , networking, image processing, Robotics ,RTOS and Web application security.  Working as a Senior Security tester at IGATE GLOBAL Solutions.  I’ve been got acknowledgement by more than 100 companies like as Google, Microsoft, Yahoo, Apple, AT&T.  My primary goal is to give contribution towards open source technologies and make cyber space more secure and safer.
  • 5. Agenda Introduction Why bug hunting? How to do bug hunting? Quick Tips POC Pros and Cons of bug hunting. Q&A
  • 7. A Brief History of Bug Bounty Programs. - 1995 (Net Scape) - 2004 (FIREFOX) - 2005 - 2007 - 2010 - 2011 - 2012 - 2013 -2013 (Cobalt) - 2013 (Synack )
  • 8.  Now even a College dropout or even school boy can do that seating at home so BIG THANKS TO BUGBOUNTY PROGRAMME!!! :D  In 2015 few researchers set a great example for community by earning 5,00,000$/year without doing any job.  BYE BYE !!!!  2015 was really challenging year for BUGBOUNTY Hunters. Because “><img src=x onerror=prompt(1)> was not gonna work :P .
  • 9.  In 2015 bug hunters Proved that  Bug hunters going to do anything to earn more money in 2015 because of that they started thinking out of the box scenarios.  Some of the creative and impressive bugs reported in 2015 are as below: I. Svg File upload xss. II. CSV Injections III. EL Injections. IV. Sub domain takeover V. Same Origin bypass
  • 10. Bug bounty hunters dream hall of fame companies
  • 11. Why to invest time in hunting bugs rather then development?
  • 12. Why bug hunting?  Chances of finding bugs to put on your cv.  Possibility of getting job.  lots of money in very less time  Cool T-shirts, Hoodies, Mugs and many more swags  Recognition  Connections  Less security breaches  Enjoyment  Person will Learn to work hard because of Competition
  • 13. Types of bugs.  Web Vulnerabilities.  Software Products Vulnerabilities  Browser Vulnerabilities  Network Vulnerabilities  Mobile app Vulnerabilities.  Hardware Vulnerabilities.
  • 14. How to kickoff for hunting bugs?
  • 15. How to do bug hunting?  Bug hunting is all about Exploring Weaknesses and Experimentation.  It requires 30% programming knowledge and 70% logical out of box thinking.  Try each and every Combination to exploit bug .  Dig dipper.  Try more to find logical bugs it will increase your chance for higher payouts and reduce chances for Duplicates.
  • 16.  OWASP Testing Guide / Web Application Hackers handbook.  Public reports and papers from . https://packetstormsecurity.com/ http://h1.nobbd.de/ https://www.facebook.com/notes/phwd/facebook-bug- bounties/707217202701640 Tools  Burp/ZAP/Fiddeler.  Ironowasp.  Appwatch  Appie
  • 18. Quick Tips  Don’t use scanner.  Use Google Dorks. I. EX: inurl: src|path|link|url II. filetype:asp|aspx|jsp|jspa|php  Make your own.  Create Google alerts for recent changes in Bug bounty programmes or for any other security related blogs.
  • 19.  Look out for information disclosure which are quick to find: I. https://www.site.com/.htaccess if you are lucky then you will get access of .htaccess. Now go and report this bug and earn some $$ . II. Go to https://www.site.com/server-status III. GO to https://www.site.com/.svn/entries .  Try for Directory traversal using python script and using it try to find RCE .  IDOR by changing id parameters in request .  Unauthorized access of Data. Ex: Try to access pics or conversations or files which is deleted using api.
  • 20.  Try to Complete CTF, online hacking Challenges.  Attend Webinars, Security Conferences.  Make Good relations with other security researchers and try to learn something from them.  Try to report Exploitable bugs .Don’t waste your and other’s time by reporting Non-Exploitable issues.  Try to test each platform IOS, ANDROID, SOFTWARE , Web Applications.  Read as much as you can.
  • 21. POC
  • 22. Svg XSS  One of the most unique bug of 2015 and easy to find.  Most of the web based projects include svg for a clear and interactive user experience.
  • 23.  To verify this answer I created an svg file with an XSS vector below and started testing the websites that allow images .
  • 24.
  • 27. 5 IDOR in GOOGLE’S ACQUISITION Title: IDOR : DELTE any user's Pagerduty services from stack driver. URL: https://app.stackdriver.com/settings/notifications/pagerduty/ Steps to reproduce: 1. go to https://app.stackdriver.com/settings/notifications/pagerduty/ 2. Add service 3. click on delete service 4. capture the request using burp suite 5. From Captured request change notification_method_id=any value 6. Remove x-CsrfToken value from request. 7. submit the request you can successfully delete pagerduty service of any user.
  • 28. Request: GET /api/settings/policies-by-notification- method?notification_method_id=821&amp;notification_method_type=pagerduty HTTP/1.1Host: app.stackdriver.com User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0Accept: application/json, text/plain, */*Accept-Language: en- US,en;q=0.5Accept-Encoding: gzip, deflate X-CSRFToken: sNLQRp560GcTsDf228EWmzhoAfRt3XMg Referer: https://app.stackdriver.com/settings/notifications/pagerduty/ Cookie: __utma=25593471.1715845722.1411286450.1444643859.1445864251.5; csrftoken=sNLQRp560GcTsDf228EWmzhoAfRt3XMg;
  • 29. Some time you can be lucky
  • 30. Subdomain Takeover in Avant Parth thanks for writing that code 
  • 31.
  • 34. Do’s and Don’ts  When don’t “pay” don’t invest much time.  Don’t be a script kiddie always dig dipper.  Play by your own rules  Learn about the most common eligible vulnerabilities, how to find them, and how to increase your chances of receiving rewards.  Become an effective hunter and start reporting bugs for cash in no time.
  • 36. What to do with bug bounties?

Hinweis der Redaktion

  1. 1
  2. 2
  3. 3
  4. 4
  5. 5
  6. 6
  7. 7
  8. 8
  9. 9
  10. 10
  11. 11
  12. 12
  13. 13
  14. 14
  15. 15
  16. 16
  17. 17
  18. 18
  19. 19
  20. 20
  21. 21
  22. 22
  23. 23
  24. 24
  25. 25
  26. 26
  27. 27
  28. 28
  29. 29
  30. 30
  31. 31
  32. 32
  33. 33
  34. 34
  35. 35
  36. 36
  37. 37
  38. 38
  39. 39
  40. 40