SlideShare une entreprise Scribd logo

Crypto Night at CSUS - Bug Bounties

Télécharger en tant que PPTX, PDF
Behrouz Sadeghipour
Behrouz Sadeghipour

Presented at California State University, Sacramento's Crypto night organized by ACM.

Technologie
1  sur  20
By Ben Sadeghipour Twtiter.com/NahamSec BenSadeghi@gmail.com http://nahamsec.com WHEN I GROW UP I WANT TO BE A (BUG) BOUNTY HUNTER
WHO AM I • STUDENT AT CSUS. • SECURITY ANALYST AT BUGCROWD . • FREELANCER AND INDEPENDENT REEARCHER SINCE 2014.
WHY BUG BOUNTIES? • As a Student: • Gives you a chance to work with great successful and new companies. • You can put your work on your resume. • Job offer(s). • Make money on your own schedule • As a company: • Less security breaches (hopefully) • More researchers from across the world. • More experience. • Unique bugs.
WHERE CAN I START? • Books: • The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws Paperback – September 27, 2011 ($35) • The Mobile Application Hacker's Handbook Paperback – February 24, 2015 ($54) • Android Hacker's Handbook ($30) • iOs Hacker's Handbook ($30) • Twitter – Great communication tool between researchers. • Online bug bounty communities: • Bugcrowd • HackerOne • CrowdCurity • Synack
TOOLS • Firefox Extensions: • Tamper Data is a Firefox Extension which gives you the power to view, record and even modify outgoing HTTP • Live http Headers • User agent switcher - To test mobile versions of sites • Hackbar: It helps us In SQL as well as XSS, also it encode & decode the string, ASCII conversion • Burp Suite • WHAT DOESN’T IT DO? • Conferences – Great networking tool • DefCon ~$150 (VEGAS) • BlackHat (VEGAS) • APPSEC (Varies)
BUGCROWD • Managed or unmanaged programs. • 16,000+ Researchers from all over the world. • ~160 Bounties. • 40,000+ Submissions. • Max Single Payout: $13,000. • Bugcrowd Forum • Lots of Private Programs (!)
HACKERONE • “Security Inbox”. • 1,374 Hackers thanked. • 84 Public programs. • $2.78M Bounties paid. • ~9,000 Bugs fixed • Internet bug bounty: • PHP • Ruby • Apache. • Etc. • Private Programs(!)
SYNACK • Who knows? • Ex-NSA • Everything is unknown • Don’t like to share
CROWDCURITY • CrowdCurity • Web application security • Main focus on bitcoin • ~1700 Researchers • No public data.
WHO HAS A BUG BOUNTY? WHO DOESN’T (obviously Sony!) • https://bugcrowd.com/list-of-bug-bounty-programs
POPULAR YOU SAY? • Why? • Yahoo pays a minimum of $50 and up to $15,000 • Google pays a minimum of $100 and up to $20,000 • Facebook pays a minimum of $500 and no max payout • Github Pays a minimum of $500
QUANTITY VS QUALITY? • Most programs have an accurate reputation system: • Google. • Yahoo. • BugCrowd (accuracy). • HackerOne (reputation). • Better reputation = more opportunities: • Private events. • Private Programs.
MAXIMIZING YOUR PAYOUT • Don’t doubt yourself. • You may still be the first to find it. • Check Everything! • Every parameter • Every POST request • User input validation • Forms • Profile pages. • Filters (Can you bypass it?) • Don’t go for the low hanging fruits: • Higher payout for critical vulnerabilities. • You may find some low severity bugs while looking for more critical ones • Less chances of duplicates.
METHODOLOGY • Pick a target. • Pick an application. • Pick a vulnerability type. • Google: • site:tw.*.yahoo.com -news -sports -knowledge - house -travel -money -fashion -dictionary -charity -autos -emarketing -maps -serviceplus -screen - tech -mail -talk -bid -uwant -stock -mall -buy - myblog -movies -games -safely -bigdeals - finance -info -mobile -help
PICK UP A PATTERN • Look for the same parameter, functionality, file type or file name in the same or other subdomains of the website. • 3 SQL Injection on Yahoo by using Google. • Site:hk.*.yahoo.com + inurl:”id” + filetype:html • Try the same vulnerability with other programs. • Profit!
PICKING UP A PATTERN? (Not my sponsors. Just vulnerable to the same bug)
MAKING A REPORT • Be very specific. • Provide step-by-step instructions. • Include all the details needed in order to reproduce the issue. • Provide an attack scenario. • Why is it a big deal? • Can you access major private data? • Are you targeting a single use? • Provide screenshots if needed. • If you create a video, make it accurate, quick, and professional. • Ask for permission before you decide to publish your findings.
ACHIEVEMENTS FROM BUG BOUNTIES • Connections. • Free services from different companies. • Job offer(s). • Some cash. • Lots of experience.
LEARN FROM YOUR PEERS! • Read on how others are approaching different vulnerabilities: • @NahamSec (http://nahamsec.com) • @Securatary (http://uzbey.com/bbp-funding) • @FransRosen (http://detectify.com) • @BitQuark (http://bitquark.co.uk) • @Fin1te (http://fin1te.net) • More awesome researchers: • http://Bugcrowd.com/leaderboard • https://www.crowdcurity.com/hall-of-fame • http://Hackerone.com/thanks
QUESTIONS? • Ben Sadeghipour (@NahamSec) • http://nahamsec.com

Recommandé

Nbt con december-2014-slides
Nbt con december-2014-slidesNbt con december-2014-slides
Nbt con december-2014-slidesBehrouz Sadeghipour
 
Nbt con december-2014-slides
Nbt con december-2014-slidesNbt con december-2014-slides
Nbt con december-2014-slidesBehrouz Sadeghipour
 
Bug Bounty Hunter's Manifesto V1.0
Bug Bounty Hunter's Manifesto V1.0Bug Bounty Hunter's Manifesto V1.0
Bug Bounty Hunter's Manifesto V1.0Dinesh O Bareja
 
Open Source CMS : How secure are they?
Open Source CMS : How secure are they?Open Source CMS : How secure are they?
Open Source CMS : How secure are they?Yassine Aboukir
 
Bug Bounty Secrets
Bug Bounty Secrets Bug Bounty Secrets
Bug Bounty Secrets n|u - The Open Security Community
 
Bug bounty programs
Bug bounty programsBug bounty programs
Bug bounty programsYassine Aboukir
 
Bug Bounty - Hackers Job
Bug Bounty - Hackers JobBug Bounty - Hackers Job
Bug Bounty - Hackers JobArbin Godar
 
Bug Bounty #Defconlucknow2016
Bug Bounty #Defconlucknow2016Bug Bounty #Defconlucknow2016
Bug Bounty #Defconlucknow2016Shubham Gupta
 

Recommandé

Nbt con december-2014-slides
Nbt con december-2014-slidesNbt con december-2014-slides
Nbt con december-2014-slidesBehrouz Sadeghipour
 
Nbt con december-2014-slides
Nbt con december-2014-slidesNbt con december-2014-slides
Nbt con december-2014-slidesBehrouz Sadeghipour
 
Bug Bounty Hunter's Manifesto V1.0
Bug Bounty Hunter's Manifesto V1.0Bug Bounty Hunter's Manifesto V1.0
Bug Bounty Hunter's Manifesto V1.0Dinesh O Bareja
 
Open Source CMS : How secure are they?
Open Source CMS : How secure are they?Open Source CMS : How secure are they?
Open Source CMS : How secure are they?Yassine Aboukir
 
Bug Bounty Secrets
Bug Bounty Secrets Bug Bounty Secrets
Bug Bounty Secrets n|u - The Open Security Community
 
Bug bounty programs
Bug bounty programsBug bounty programs
Bug bounty programsYassine Aboukir
 
Bug Bounty - Hackers Job
Bug Bounty - Hackers JobBug Bounty - Hackers Job
Bug Bounty - Hackers JobArbin Godar
 
Bug Bounty #Defconlucknow2016
Bug Bounty #Defconlucknow2016Bug Bounty #Defconlucknow2016
Bug Bounty #Defconlucknow2016Shubham Gupta
 
Writing vuln reports that maximize payouts - Nullcon 2016
Writing vuln reports that maximize payouts - Nullcon 2016Writing vuln reports that maximize payouts - Nullcon 2016
Writing vuln reports that maximize payouts - Nullcon 2016bugcrowd
 
Android mobile app security offensive security workshop
Android mobile app security offensive security workshopAndroid mobile app security offensive security workshop
Android mobile app security offensive security workshopAbhinav Sejpal
 
Bug Bounty 101
Bug Bounty 101Bug Bounty 101
Bug Bounty 101Shahee Mirza
 
Owasp2013 johannesullrich
Owasp2013 johannesullrichOwasp2013 johannesullrich
Owasp2013 johannesullrichdrewz lin
 
XSS (Cross Site Scripting)
XSS (Cross Site Scripting)XSS (Cross Site Scripting)
XSS (Cross Site Scripting)Shubham Gupta
 
Edinburgh
EdinburghEdinburgh
EdinburghColin McLean
 
Bug bounty
Bug bountyBug bounty
Bug bountyn|u - The Open Security Community
 
3. backup file artifacts - mazin ahmed
3. backup file artifacts - mazin ahmed3. backup file artifacts - mazin ahmed
3. backup file artifacts - mazin ahmedRashid Khatmey
 
Owasp top 10 web application security hazards - Part 1
Owasp top 10 web application security hazards - Part 1Owasp top 10 web application security hazards - Part 1
Owasp top 10 web application security hazards - Part 1Abhinav Sejpal
 
Owasp advanced mobile-application-code-review-techniques-v0.2
Owasp advanced mobile-application-code-review-techniques-v0.2Owasp advanced mobile-application-code-review-techniques-v0.2
Owasp advanced mobile-application-code-review-techniques-v0.2drewz lin
 
Behind the scene of malware operators. Insights and countermeasures. CONFiden...
Behind the scene of malware operators. Insights and countermeasures. CONFiden...Behind the scene of malware operators. Insights and countermeasures. CONFiden...
Behind the scene of malware operators. Insights and countermeasures. CONFiden...Marco Balduzzi
 
OWASP A7 and A8
OWASP A7 and A8OWASP A7 and A8
OWASP A7 and A8Pavan M
 
Quantified Self On A Budget
Quantified Self On A BudgetQuantified Self On A Budget
Quantified Self On A BudgetErnesto Ramirez
 
Maturation of the Twitter Ecosystem
Maturation of the Twitter EcosystemMaturation of the Twitter Ecosystem
Maturation of the Twitter EcosystemKevin Makice
 
Formal, Executable Semantics of Web Languages: JavaScript and PHP
Formal, Executable Semantics of Web Languages: JavaScript and PHPFormal, Executable Semantics of Web Languages: JavaScript and PHP
Formal, Executable Semantics of Web Languages: JavaScript and PHPFACE
 
Bounty Craft: Bug bounty reports how do they work, @sushihack presents at Nu...
Bounty Craft: Bug bounty reports how do they work, @sushihack presents at Nu...Bounty Craft: Bug bounty reports how do they work, @sushihack presents at Nu...
Bounty Craft: Bug bounty reports how do they work, @sushihack presents at Nu...HackerOne
 
GoSec 2015 - Protecting the web from within
GoSec 2015 - Protecting the web from withinGoSec 2015 - Protecting the web from within
GoSec 2015 - Protecting the web from withinIMMUNIO
 
Bug bounty or beg bounty?
Bug bounty or beg bounty?Bug bounty or beg bounty?
Bug bounty or beg bounty?Casey Ellis
 
A7 Missing Function Level Access Control
A7 Missing Function Level Access ControlA7 Missing Function Level Access Control
A7 Missing Function Level Access Controlstevil1224
 
A10 - Unvalidated Redirects and Forwards
A10 - Unvalidated Redirects and ForwardsA10 - Unvalidated Redirects and Forwards
A10 - Unvalidated Redirects and ForwardsShane Stanley
 
Bug bounty cash for hack
Bug bounty cash for hackBug bounty cash for hack
Bug bounty cash for hackAtul Shedage
 
Testers, get into security bug bounties!
Testers, get into security bug bounties!Testers, get into security bug bounties!
Testers, get into security bug bounties!eusebiu daniel blindu
 

Contenu connexe

Tendances

Writing vuln reports that maximize payouts - Nullcon 2016
Writing vuln reports that maximize payouts - Nullcon 2016Writing vuln reports that maximize payouts - Nullcon 2016
Writing vuln reports that maximize payouts - Nullcon 2016bugcrowd
 
Android mobile app security offensive security workshop
Android mobile app security offensive security workshopAndroid mobile app security offensive security workshop
Android mobile app security offensive security workshopAbhinav Sejpal
 
Owasp2013 johannesullrich
Owasp2013 johannesullrichOwasp2013 johannesullrich
Owasp2013 johannesullrichdrewz lin
 
XSS (Cross Site Scripting)
XSS (Cross Site Scripting)XSS (Cross Site Scripting)
XSS (Cross Site Scripting)Shubham Gupta
 
3. backup file artifacts - mazin ahmed
3. backup file artifacts - mazin ahmed3. backup file artifacts - mazin ahmed
3. backup file artifacts - mazin ahmedRashid Khatmey
 
Owasp top 10 web application security hazards - Part 1
Owasp top 10 web application security hazards - Part 1Owasp top 10 web application security hazards - Part 1
Owasp top 10 web application security hazards - Part 1Abhinav Sejpal
 
Owasp advanced mobile-application-code-review-techniques-v0.2
Owasp advanced mobile-application-code-review-techniques-v0.2Owasp advanced mobile-application-code-review-techniques-v0.2
Owasp advanced mobile-application-code-review-techniques-v0.2drewz lin
 
Behind the scene of malware operators. Insights and countermeasures. CONFiden...
Behind the scene of malware operators. Insights and countermeasures. CONFiden...Behind the scene of malware operators. Insights and countermeasures. CONFiden...
Behind the scene of malware operators. Insights and countermeasures. CONFiden...Marco Balduzzi
 
OWASP A7 and A8
OWASP A7 and A8OWASP A7 and A8
OWASP A7 and A8Pavan M
 
Quantified Self On A Budget
Quantified Self On A BudgetQuantified Self On A Budget
Quantified Self On A BudgetErnesto Ramirez
 
Maturation of the Twitter Ecosystem
Maturation of the Twitter EcosystemMaturation of the Twitter Ecosystem
Maturation of the Twitter EcosystemKevin Makice
 
Formal, Executable Semantics of Web Languages: JavaScript and PHP
Formal, Executable Semantics of Web Languages: JavaScript and PHPFormal, Executable Semantics of Web Languages: JavaScript and PHP
Formal, Executable Semantics of Web Languages: JavaScript and PHPFACE
 
Bounty Craft: Bug bounty reports how do they work, @sushihack presents at Nu...
Bounty Craft: Bug bounty reports how do they work, @sushihack presents at Nu...Bounty Craft: Bug bounty reports how do they work, @sushihack presents at Nu...
Bounty Craft: Bug bounty reports how do they work, @sushihack presents at Nu...HackerOne
 
GoSec 2015 - Protecting the web from within
GoSec 2015 - Protecting the web from withinGoSec 2015 - Protecting the web from within
GoSec 2015 - Protecting the web from withinIMMUNIO
 
Bug bounty or beg bounty?
Bug bounty or beg bounty?Bug bounty or beg bounty?
Bug bounty or beg bounty?Casey Ellis
 
A7 Missing Function Level Access Control
A7 Missing Function Level Access ControlA7 Missing Function Level Access Control
A7 Missing Function Level Access Controlstevil1224
 
A10 - Unvalidated Redirects and Forwards
A10 - Unvalidated Redirects and ForwardsA10 - Unvalidated Redirects and Forwards
A10 - Unvalidated Redirects and ForwardsShane Stanley
 

Tendances (20)

Writing vuln reports that maximize payouts - Nullcon 2016
Writing vuln reports that maximize payouts - Nullcon 2016Writing vuln reports that maximize payouts - Nullcon 2016
Writing vuln reports that maximize payouts - Nullcon 2016
 
Android mobile app security offensive security workshop
Android mobile app security offensive security workshopAndroid mobile app security offensive security workshop
Android mobile app security offensive security workshop
 
Bug Bounty 101
Bug Bounty 101Bug Bounty 101
Bug Bounty 101
 
Owasp2013 johannesullrich
Owasp2013 johannesullrichOwasp2013 johannesullrich
Owasp2013 johannesullrich
 
XSS (Cross Site Scripting)
XSS (Cross Site Scripting)XSS (Cross Site Scripting)
XSS (Cross Site Scripting)
 
Edinburgh
EdinburghEdinburgh
Edinburgh
 
Bug bounty
Bug bountyBug bounty
Bug bounty
 
3. backup file artifacts - mazin ahmed
3. backup file artifacts - mazin ahmed3. backup file artifacts - mazin ahmed
3. backup file artifacts - mazin ahmed
 
Owasp top 10 web application security hazards - Part 1
Owasp top 10 web application security hazards - Part 1Owasp top 10 web application security hazards - Part 1
Owasp top 10 web application security hazards - Part 1
 
Owasp advanced mobile-application-code-review-techniques-v0.2
Owasp advanced mobile-application-code-review-techniques-v0.2Owasp advanced mobile-application-code-review-techniques-v0.2
Owasp advanced mobile-application-code-review-techniques-v0.2
 
Behind the scene of malware operators. Insights and countermeasures. CONFiden...
Behind the scene of malware operators. Insights and countermeasures. CONFiden...Behind the scene of malware operators. Insights and countermeasures. CONFiden...
Behind the scene of malware operators. Insights and countermeasures. CONFiden...
 
OWASP A7 and A8
OWASP A7 and A8OWASP A7 and A8
OWASP A7 and A8
 
Quantified Self On A Budget
Quantified Self On A BudgetQuantified Self On A Budget
Quantified Self On A Budget
 
Maturation of the Twitter Ecosystem
Maturation of the Twitter EcosystemMaturation of the Twitter Ecosystem
Maturation of the Twitter Ecosystem
 
Formal, Executable Semantics of Web Languages: JavaScript and PHP
Formal, Executable Semantics of Web Languages: JavaScript and PHPFormal, Executable Semantics of Web Languages: JavaScript and PHP
Formal, Executable Semantics of Web Languages: JavaScript and PHP
 
Bounty Craft: Bug bounty reports how do they work, @sushihack presents at Nu...
Bounty Craft: Bug bounty reports how do they work, @sushihack presents at Nu...Bounty Craft: Bug bounty reports how do they work, @sushihack presents at Nu...
Bounty Craft: Bug bounty reports how do they work, @sushihack presents at Nu...
 
GoSec 2015 - Protecting the web from within
GoSec 2015 - Protecting the web from withinGoSec 2015 - Protecting the web from within
GoSec 2015 - Protecting the web from within
 
Bug bounty or beg bounty?
Bug bounty or beg bounty?Bug bounty or beg bounty?
Bug bounty or beg bounty?
 
A7 Missing Function Level Access Control
A7 Missing Function Level Access ControlA7 Missing Function Level Access Control
A7 Missing Function Level Access Control
 
A10 - Unvalidated Redirects and Forwards
A10 - Unvalidated Redirects and ForwardsA10 - Unvalidated Redirects and Forwards
A10 - Unvalidated Redirects and Forwards
 

Similaire à Crypto Night at CSUS - Bug Bounties

Bug bounty cash for hack
Bug bounty cash for hackBug bounty cash for hack
Bug bounty cash for hackAtul Shedage
 
Testers, get into security bug bounties!
Testers, get into security bug bounties!Testers, get into security bug bounties!
Testers, get into security bug bounties!eusebiu daniel blindu
 
Bug bounties - cén scéal?
Bug bounties - cén scéal?Bug bounties - cén scéal?
Bug bounties - cén scéal?Ciaran McNally
 
Social Zombies II: Your Friends Need More Brains
Social Zombies II: Your Friends Need More BrainsSocial Zombies II: Your Friends Need More Brains
Social Zombies II: Your Friends Need More BrainsTom Eston
 
Enterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence GatheringEnterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence GatheringTom Eston
 
Keith J. Jones, Ph.D. - Crash Course malware analysis
Keith J. Jones, Ph.D. - Crash Course malware analysisKeith J. Jones, Ph.D. - Crash Course malware analysis
Keith J. Jones, Ph.D. - Crash Course malware analysisKeith Jones, PhD
 
Bug Bounty Career.pdf
Bug Bounty Career.pdfBug Bounty Career.pdf
Bug Bounty Career.pdfVishal318796
 
Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...
Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...
Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...Mazin Ahmed
 
Crowdsourcing Cyber Security
Crowdsourcing Cyber SecurityCrowdsourcing Cyber Security
Crowdsourcing Cyber SecurityToe Khaing
 
There’s an OpenBullet Attack Config for Your Site – What Should You Do?
There’s an OpenBullet Attack Config for Your Site – What Should You Do?There’s an OpenBullet Attack Config for Your Site – What Should You Do?
There’s an OpenBullet Attack Config for Your Site – What Should You Do?DevOps.com
 
OSINT for Attack and Defense
OSINT for Attack and DefenseOSINT for Attack and Defense
OSINT for Attack and DefenseAndrew McNicol
 
Web Application Security And Getting Into Bug Bounties
Web Application Security And Getting Into Bug BountiesWeb Application Security And Getting Into Bug Bounties
Web Application Security And Getting Into Bug Bountieskunwaratul hax0r
 
The Web Application Hackers Toolchain
The Web Application Hackers ToolchainThe Web Application Hackers Toolchain
The Web Application Hackers Toolchainjasonhaddix
 
Pentesting Tips: Beyond Automated Testing
Pentesting Tips: Beyond Automated TestingPentesting Tips: Beyond Automated Testing
Pentesting Tips: Beyond Automated TestingAndrew McNicol
 
Phishing: It’s Not Just for Pentesters Using Phishing to Build a Successful ...
Phishing: It’s Not Just for Pentesters Using Phishing to Build a Successful ...Phishing: It’s Not Just for Pentesters Using Phishing to Build a Successful ...
Phishing: It’s Not Just for Pentesters Using Phishing to Build a Successful ...EC-Council
 
Basics of getting Into Bug Bounty Hunting
Basics of getting Into Bug Bounty HuntingBasics of getting Into Bug Bounty Hunting
Basics of getting Into Bug Bounty HuntingMuhammad Khizer Javed
 

Similaire à Crypto Night at CSUS - Bug Bounties (20)

Bug bounty cash for hack
Bug bounty cash for hackBug bounty cash for hack
Bug bounty cash for hack
 
Testers, get into security bug bounties!
Testers, get into security bug bounties!Testers, get into security bug bounties!
Testers, get into security bug bounties!
 
Bug bounties - cén scéal?
Bug bounties - cén scéal?Bug bounties - cén scéal?
Bug bounties - cén scéal?
 
From OSINT to Phishing presentation
From OSINT to Phishing presentationFrom OSINT to Phishing presentation
From OSINT to Phishing presentation
 
Social Zombies II: Your Friends Need More Brains
Social Zombies II: Your Friends Need More BrainsSocial Zombies II: Your Friends Need More Brains
Social Zombies II: Your Friends Need More Brains
 
Enterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence GatheringEnterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence Gathering
 
Bug bounty
Bug bountyBug bounty
Bug bounty
 
Keith J. Jones, Ph.D. - Crash Course malware analysis
Keith J. Jones, Ph.D. - Crash Course malware analysisKeith J. Jones, Ph.D. - Crash Course malware analysis
Keith J. Jones, Ph.D. - Crash Course malware analysis
 
Bug Bounty Career.pdf
Bug Bounty Career.pdfBug Bounty Career.pdf
Bug Bounty Career.pdf
 
DECEPTICONv2
DECEPTICONv2DECEPTICONv2
DECEPTICONv2
 
Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...
Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...
Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...
 
Crowdsourcing Cyber Security
Crowdsourcing Cyber SecurityCrowdsourcing Cyber Security
Crowdsourcing Cyber Security
 
There’s an OpenBullet Attack Config for Your Site – What Should You Do?
There’s an OpenBullet Attack Config for Your Site – What Should You Do?There’s an OpenBullet Attack Config for Your Site – What Should You Do?
There’s an OpenBullet Attack Config for Your Site – What Should You Do?
 
Google Hacking 101
Google Hacking 101Google Hacking 101
Google Hacking 101
 
OSINT for Attack and Defense
OSINT for Attack and DefenseOSINT for Attack and Defense
OSINT for Attack and Defense
 
Web Application Security And Getting Into Bug Bounties
Web Application Security And Getting Into Bug BountiesWeb Application Security And Getting Into Bug Bounties
Web Application Security And Getting Into Bug Bounties
 
The Web Application Hackers Toolchain
The Web Application Hackers ToolchainThe Web Application Hackers Toolchain
The Web Application Hackers Toolchain
 
Pentesting Tips: Beyond Automated Testing
Pentesting Tips: Beyond Automated TestingPentesting Tips: Beyond Automated Testing
Pentesting Tips: Beyond Automated Testing
 
Phishing: It’s Not Just for Pentesters Using Phishing to Build a Successful ...
Phishing: It’s Not Just for Pentesters Using Phishing to Build a Successful ...Phishing: It’s Not Just for Pentesters Using Phishing to Build a Successful ...
Phishing: It’s Not Just for Pentesters Using Phishing to Build a Successful ...
 
Basics of getting Into Bug Bounty Hunting
Basics of getting Into Bug Bounty HuntingBasics of getting Into Bug Bounty Hunting
Basics of getting Into Bug Bounty Hunting
 

Dernier

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelDeepika Singh
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfOrbitshub
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Bhuvaneswari Subramani
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistandanishmna97
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...apidays
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Zilliz
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamUiPathCommunity
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Victor Rentea
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityWSO2
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Victor Rentea
 

Dernier (20)

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 

Crypto Night at CSUS - Bug Bounties

  • 2. WHO AM I • STUDENT AT CSUS. • SECURITY ANALYST AT BUGCROWD . • FREELANCER AND INDEPENDENT REEARCHER SINCE 2014.
  • 3. WHY BUG BOUNTIES? • As a Student: • Gives you a chance to work with great successful and new companies. • You can put your work on your resume. • Job offer(s). • Make money on your own schedule • As a company: • Less security breaches (hopefully) • More researchers from across the world. • More experience. • Unique bugs.
  • 4. WHERE CAN I START? • Books: • The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws Paperback – September 27, 2011 ($35) • The Mobile Application Hacker's Handbook Paperback – February 24, 2015 ($54) • Android Hacker's Handbook ($30) • iOs Hacker's Handbook ($30) • Twitter – Great communication tool between researchers. • Online bug bounty communities: • Bugcrowd • HackerOne • CrowdCurity • Synack
  • 5. TOOLS • Firefox Extensions: • Tamper Data is a Firefox Extension which gives you the power to view, record and even modify outgoing HTTP • Live http Headers • User agent switcher - To test mobile versions of sites • Hackbar: It helps us In SQL as well as XSS, also it encode & decode the string, ASCII conversion • Burp Suite • WHAT DOESN’T IT DO? • Conferences – Great networking tool • DefCon ~$150 (VEGAS) • BlackHat (VEGAS) • APPSEC (Varies)
  • 6. BUGCROWD • Managed or unmanaged programs. • 16,000+ Researchers from all over the world. • ~160 Bounties. • 40,000+ Submissions. • Max Single Payout: $13,000. • Bugcrowd Forum • Lots of Private Programs (!)
  • 7. HACKERONE • “Security Inbox”. • 1,374 Hackers thanked. • 84 Public programs. • $2.78M Bounties paid. • ~9,000 Bugs fixed • Internet bug bounty: • PHP • Ruby • Apache. • Etc. • Private Programs(!)
  • 8. SYNACK • Who knows? • Ex-NSA • Everything is unknown • Don’t like to share
  • 9. CROWDCURITY • CrowdCurity • Web application security • Main focus on bitcoin • ~1700 Researchers • No public data.
  • 10. WHO HAS A BUG BOUNTY? WHO DOESN’T (obviously Sony!) • https://bugcrowd.com/list-of-bug-bounty-programs
  • 11. POPULAR YOU SAY? • Why? • Yahoo pays a minimum of $50 and up to $15,000 • Google pays a minimum of $100 and up to $20,000 • Facebook pays a minimum of $500 and no max payout • Github Pays a minimum of $500
  • 12. QUANTITY VS QUALITY? • Most programs have an accurate reputation system: • Google. • Yahoo. • BugCrowd (accuracy). • HackerOne (reputation). • Better reputation = more opportunities: • Private events. • Private Programs.
  • 13. MAXIMIZING YOUR PAYOUT • Don’t doubt yourself. • You may still be the first to find it. • Check Everything! • Every parameter • Every POST request • User input validation • Forms • Profile pages. • Filters (Can you bypass it?) • Don’t go for the low hanging fruits: • Higher payout for critical vulnerabilities. • You may find some low severity bugs while looking for more critical ones • Less chances of duplicates.
  • 14. METHODOLOGY • Pick a target. • Pick an application. • Pick a vulnerability type. • Google: • site:tw.*.yahoo.com -news -sports -knowledge - house -travel -money -fashion -dictionary -charity -autos -emarketing -maps -serviceplus -screen - tech -mail -talk -bid -uwant -stock -mall -buy - myblog -movies -games -safely -bigdeals - finance -info -mobile -help
  • 15. PICK UP A PATTERN • Look for the same parameter, functionality, file type or file name in the same or other subdomains of the website. • 3 SQL Injection on Yahoo by using Google. • Site:hk.*.yahoo.com + inurl:”id” + filetype:html • Try the same vulnerability with other programs. • Profit!
  • 16. PICKING UP A PATTERN? (Not my sponsors. Just vulnerable to the same bug)
  • 17. MAKING A REPORT • Be very specific. • Provide step-by-step instructions. • Include all the details needed in order to reproduce the issue. • Provide an attack scenario. • Why is it a big deal? • Can you access major private data? • Are you targeting a single use? • Provide screenshots if needed. • If you create a video, make it accurate, quick, and professional. • Ask for permission before you decide to publish your findings.
  • 18. ACHIEVEMENTS FROM BUG BOUNTIES • Connections. • Free services from different companies. • Job offer(s). • Some cash. • Lots of experience.
  • 19. LEARN FROM YOUR PEERS! • Read on how others are approaching different vulnerabilities: • @NahamSec (http://nahamsec.com) • @Securatary (http://uzbey.com/bbp-funding) • @FransRosen (http://detectify.com) • @BitQuark (http://bitquark.co.uk) • @Fin1te (http://fin1te.net) • More awesome researchers: • http://Bugcrowd.com/leaderboard • https://www.crowdcurity.com/hall-of-fame • http://Hackerone.com/thanks
  • 20. QUESTIONS? • Ben Sadeghipour (@NahamSec) • http://nahamsec.com