SlideShare une entreprise Scribd logo

Bug bounties - cén scéal?

Ciaran McNally
Ciaran McNally

Daggercon 20min Presentation

Technologie
1  sur  24
Bug Bounties Cén scéal?
Who am I? Ciarán McNally What do I do? • Freelance Security Consulting • Bug Bounties • Security Research • Recently signed as a contracted remote Application Security Engineer with Why Care? • Top 50 on two of the worlds largest Responsible Disclosure Platforms. ciaran@securit.ie www.securit.ie twitter.com/@ciaranmak
What are Bug Bounties? • Many organisations offer cash rewards to researchers for responsibly disclosing security issues or vulnerabilities. • There are well defined rules of engagement, known as “responsible disclosure policies” that outline what is acceptable. • In other words, READ THE SCOPE for each program.
Advantages of Bug Bounties For security consultants, students, hobbyists or enthusiasts… • Perfect to pad out your CV with real demonstrable experience. • It pays extremely well when your skill starts increasing. • There is an excellent global community to learn from. • Learn to distinguish and pursue the bugs that matter first. • They encourage you to think more like a blackhat which will make you a better whitehat
Advantages of Bug Bounties For organisations… • You can still choose who, how and where you want the testing performed. • You only pay for the vulnerabilities found. • It is more community driven and gives you more of a community presence. • A larger number of security experts are looking at your applications. • It’s an additional layer of security! (Who needs that right?)
Responsible Disclosure Platforms • Register as a researcher • Larger scoped programs means easier to find bugs. • Public disclosure of some issues that may help others learn. • “Internet bug bounty” • Vendor responses differ greatly • Higher reward ceiling! • Register as a researcher • Very researcher focused and encourage skill growth with good feedback. • Very large variety of programs: web app, mobile & desktop apps, flex (2 week – 1 Month). • Excellent private bounty programs. • Almost 20,000 researchers and an active community. • Encourages finding critical issues with additional rewards.
Advice for getting started • The older programs with smaller applications are likely to have less obvious issues, focus on the newer or larger programs until you get confident. • Review the public bugs for the program. Lookup blog posts. • Soon after you start building your score or reputation you will start being invited to private programs. Less people with access = more rewards for you.
Penetration Testing Methodology • Information Gathering, Network Reconnaissance & OSINT • Probing, Active Scanning, Vulnerability Scanning & Analysis • Exploitation, Leveraging Vulnerabilities & Verification • Reporting and Communication of issues
Penetration Testing Methodology • Information Gathering, Network Reconnaissance & OSINT • Probing, Active Scanning, Vulnerability Scanning & Analysis • Exploitation, Leveraging Vulnerabilities & Verification • Reporting and Communication of issues
Bug Bounty Information Gathering Regular Techniques: • Google Searches • Subdomain Brute Forcing • AXFR DNS Transfers • Scanning IP Range • Reverse DNS lookups • Web DNS tools • whois lookups Recommended Tools: • dig • subbrute • Recon-ng • gitrob • Resources:  scans.io  dnsdumpster.com
Bug Bounty Information Gathering • Bug Bounty Programs are often much wider in scope. • The scope is often defined by something like the following: *.twitter.com, *.yahoo.com …. • Many are “All company owned, branded or acquisition sites” • I want to demonstrate alternative approaches I have used to tackle this.
Recon Tips • Find as many of the organisation owned services or servers as you can. • Reconnaissance and information gathering is by far the most important step. • Companies often use subdomain formats. Find them.
Bug Bounty Information Gathering “Think Bigger” Attacker Techniques: • Lookup Organisation ASNs • Retrieve ALL their IP ranges.
Bug Bounty Information Gathering “Think Bigger” Attacker Techniques: • The couple of hundred target hosts you found before with regular techniques… Just became potentially a couple of hundred thousand.
Other Techniques: • scans.io data has scans of the whole internet, http/https, ssl certs and reverse DNS. • Import them into Elasticsearch with Kibana for Information Gathering or profiling your target. Bug Bounty Information Gathering
Bug Bounty Vulnerability Scanning Regular Techniques: • Scanning Tools • Custom Scripts Recommended Tools: • Nmap, Masscan, Zmap… • Nessus, OpenVAS… • Burp, Arachni, Appscan… • Curl • Dirs3arch & Dirb • SQLmap • THC-hydra • Metasploit
• 99.99% of bounty programs disallow heavy scanning. Learn how to effectively throttle your tools if you do opt for mass scanning. • Organisations running bounties are well capable of running their own scanners. DO NOT report “low” or “potential” rated scanner vulnerabilities. Bug Bounty Vulnerability Scanning
Bug Bounty Vulnerability Scanning “Think Bigger” Attacker Techniques • I developed my own threaded scanning tool dubbed “scantastic” in February. • https://github.com/maK-/scantastic-tool • It dumps masscan network scans and directory brute-forcing scans into elasticsearch. • Ideas contributed by @nnwakelam
Bug Bounty Vulnerability Scanning • This is a very powerful technique. • Once a vulnerability is identified, It can now be scanned for across all services. • You can also scan for common known vulnerable files and filter the results.
Bug Bounty Penetration Testing • I combined this scanning technique with a regular penetration testing methodology against Adobe’s Responsible Disclosure Program in recent Months. • Within 24 hours of testing I managed to report 66 Vulnerabilities. I am currently #1 on the Adobe program as a result.
Bug Bounty Penetration Testing
Password of “000000” Out of Scope!
Bug Bounty Penetration Testing More Tips: • You only get rewarded if you are first to find and report an issue. So report first, then update later if you escalate the vulnerability further. • Expect duplicates • Always go as far as you can with what you find. The reward could double. • Keep an eye on #bugbounty, #infosec or #bugcrowd regularly on Twitter, there is a large community always posting there. Plenty of excellent tips and blog posts.
Thank you! ciaran@securit.ie Twitter.com/@ciaranmak

Recommandé

Bug Bounty Hunter Methodology - Nullcon 2016
Bug Bounty Hunter Methodology - Nullcon 2016Bug Bounty Hunter Methodology - Nullcon 2016
Bug Bounty Hunter Methodology - Nullcon 2016bugcrowd
 
Logical Attacks(Vulnerability Research)
Logical Attacks(Vulnerability Research)Logical Attacks(Vulnerability Research)
Logical Attacks(Vulnerability Research)Ajay Negi
 
How to Shot Web - Jason Haddix at DEFCON 23 - See it Live: Details in Descrip...
How to Shot Web - Jason Haddix at DEFCON 23 - See it Live: Details in Descrip...How to Shot Web - Jason Haddix at DEFCON 23 - See it Live: Details in Descrip...
How to Shot Web - Jason Haddix at DEFCON 23 - See it Live: Details in Descrip...bugcrowd
 
Ekoparty 2017 - The Bug Hunter's Methodology
Ekoparty 2017 - The Bug Hunter's MethodologyEkoparty 2017 - The Bug Hunter's Methodology
Ekoparty 2017 - The Bug Hunter's Methodologybugcrowd
 
Bug Bounty for - Beginners
Bug Bounty for - BeginnersBug Bounty for - Beginners
Bug Bounty for - BeginnersHimanshu Kumar Das
 
Bug bounty
Bug bountyBug bounty
Bug bountyn|u - The Open Security Community
 
Smart Sheriff, Dumb Idea, the wild west of government assisted parenting
Smart Sheriff, Dumb Idea, the wild west of government assisted parentingSmart Sheriff, Dumb Idea, the wild west of government assisted parenting
Smart Sheriff, Dumb Idea, the wild west of government assisted parentingAbraham Aranguren
 
Bug Bounty #Defconlucknow2016
Bug Bounty #Defconlucknow2016Bug Bounty #Defconlucknow2016
Bug Bounty #Defconlucknow2016Shubham Gupta
 

Recommandé

Bug Bounty Hunter Methodology - Nullcon 2016
Bug Bounty Hunter Methodology - Nullcon 2016Bug Bounty Hunter Methodology - Nullcon 2016
Bug Bounty Hunter Methodology - Nullcon 2016bugcrowd
 
Logical Attacks(Vulnerability Research)
Logical Attacks(Vulnerability Research)Logical Attacks(Vulnerability Research)
Logical Attacks(Vulnerability Research)Ajay Negi
 
How to Shot Web - Jason Haddix at DEFCON 23 - See it Live: Details in Descrip...
How to Shot Web - Jason Haddix at DEFCON 23 - See it Live: Details in Descrip...How to Shot Web - Jason Haddix at DEFCON 23 - See it Live: Details in Descrip...
How to Shot Web - Jason Haddix at DEFCON 23 - See it Live: Details in Descrip...bugcrowd
 
Ekoparty 2017 - The Bug Hunter's Methodology
Ekoparty 2017 - The Bug Hunter's MethodologyEkoparty 2017 - The Bug Hunter's Methodology
Ekoparty 2017 - The Bug Hunter's Methodologybugcrowd
 
Bug Bounty for - Beginners
Bug Bounty for - BeginnersBug Bounty for - Beginners
Bug Bounty for - BeginnersHimanshu Kumar Das
 
Bug bounty
Bug bountyBug bounty
Bug bountyn|u - The Open Security Community
 
Smart Sheriff, Dumb Idea, the wild west of government assisted parenting
Smart Sheriff, Dumb Idea, the wild west of government assisted parentingSmart Sheriff, Dumb Idea, the wild west of government assisted parenting
Smart Sheriff, Dumb Idea, the wild west of government assisted parentingAbraham Aranguren
 
Bug Bounty #Defconlucknow2016
Bug Bounty #Defconlucknow2016Bug Bounty #Defconlucknow2016
Bug Bounty #Defconlucknow2016Shubham Gupta
 
Bsides-Philly-2016-Finding-A-Companys-BreakPoint
Bsides-Philly-2016-Finding-A-Companys-BreakPointBsides-Philly-2016-Finding-A-Companys-BreakPoint
Bsides-Philly-2016-Finding-A-Companys-BreakPointZack Meyers
 
Bounty Craft: Bug bounty reports how do they work, @sushihack presents at Nu...
Bounty Craft: Bug bounty reports how do they work, @sushihack presents at Nu...Bounty Craft: Bug bounty reports how do they work, @sushihack presents at Nu...
Bounty Craft: Bug bounty reports how do they work, @sushihack presents at Nu...HackerOne
 
Make profit with UI-Redressing attacks.
Make profit with UI-Redressing attacks.Make profit with UI-Redressing attacks.
Make profit with UI-Redressing attacks.n|u - The Open Security Community
 
BSidesOK_You_CAN_detect_PowerShell_attacks_v1.1
BSidesOK_You_CAN_detect_PowerShell_attacks_v1.1BSidesOK_You_CAN_detect_PowerShell_attacks_v1.1
BSidesOK_You_CAN_detect_PowerShell_attacks_v1.1Michael Gough
 
Bug Bounty 101
Bug Bounty 101Bug Bounty 101
Bug Bounty 101Shahee Mirza
 
Windows IR made easier and faster v1.0
Windows IR made easier and faster v1.0Windows IR made easier and faster v1.0
Windows IR made easier and faster v1.0Michael Gough
 
Vulnerability Assessments:Burp Suite
Vulnerability Assessments:Burp SuiteVulnerability Assessments:Burp Suite
Vulnerability Assessments:Burp Suitesportblonde1589
 
Silent web app testing by example - BerlinSides 2011
Silent web app testing by example - BerlinSides 2011Silent web app testing by example - BerlinSides 2011
Silent web app testing by example - BerlinSides 2011Abraham Aranguren
 
You can detect PowerShell attacks
You can detect PowerShell attacksYou can detect PowerShell attacks
You can detect PowerShell attacksMichael Gough
 
You need a PROcess to catch running processes and their modules_v2.0
You need a PROcess to catch running processes and their modules_v2.0You need a PROcess to catch running processes and their modules_v2.0
You need a PROcess to catch running processes and their modules_v2.0Michael Gough
 
HackFest 2015 - Rasp vs waf
HackFest 2015 - Rasp vs wafHackFest 2015 - Rasp vs waf
HackFest 2015 - Rasp vs wafIMMUNIO
 
[CB16] Invoke-Obfuscation: PowerShell obFUsk8tion Techniques & How To (Try To...
[CB16] Invoke-Obfuscation: PowerShell obFUsk8tion Techniques & How To (Try To...[CB16] Invoke-Obfuscation: PowerShell obFUsk8tion Techniques & How To (Try To...
[CB16] Invoke-Obfuscation: PowerShell obFUsk8tion Techniques & How To (Try To...CODE BLUE
 
Logging for hackers SAINTCON
Logging for hackers SAINTCONLogging for hackers SAINTCON
Logging for hackers SAINTCONMichael Gough
 
Pwning mobile apps without root or jailbreak
Pwning mobile apps without root or jailbreakPwning mobile apps without root or jailbreak
Pwning mobile apps without root or jailbreakAbraham Aranguren
 
DIR ISF - Email keeps getting us pwned v1.1
DIR ISF - Email keeps getting us pwned v1.1DIR ISF - Email keeps getting us pwned v1.1
DIR ISF - Email keeps getting us pwned v1.1Michael Gough
 
Zap vs burp
Zap vs burpZap vs burp
Zap vs burpTomasz Fajks
 
Logging for Hackers v1.0
Logging for Hackers v1.0Logging for Hackers v1.0
Logging for Hackers v1.0Michael Gough
 
Mw arch mac_tips and tricks v1.0
Mw arch mac_tips and tricks v1.0Mw arch mac_tips and tricks v1.0
Mw arch mac_tips and tricks v1.0Michael Gough
 
Case Study of Django: Web Frameworks that are Secure by Default
Case Study of Django: Web Frameworks that are Secure by DefaultCase Study of Django: Web Frameworks that are Secure by Default
Case Study of Django: Web Frameworks that are Secure by DefaultMohammed ALDOUB
 
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2Chris Gates
 
Questionnaire results
Questionnaire resultsQuestionnaire results
Questionnaire resultsollieweaver2404
 
[Webinar] Instagram Ads: Everything you need to know
[Webinar] Instagram Ads: Everything you need to know [Webinar] Instagram Ads: Everything you need to know
[Webinar] Instagram Ads: Everything you need to know Point It, Inc
 

Contenu connexe

Tendances

Bsides-Philly-2016-Finding-A-Companys-BreakPoint
Bsides-Philly-2016-Finding-A-Companys-BreakPointBsides-Philly-2016-Finding-A-Companys-BreakPoint
Bsides-Philly-2016-Finding-A-Companys-BreakPointZack Meyers
 
Bounty Craft: Bug bounty reports how do they work, @sushihack presents at Nu...
Bounty Craft: Bug bounty reports how do they work, @sushihack presents at Nu...Bounty Craft: Bug bounty reports how do they work, @sushihack presents at Nu...
Bounty Craft: Bug bounty reports how do they work, @sushihack presents at Nu...HackerOne
 
BSidesOK_You_CAN_detect_PowerShell_attacks_v1.1
BSidesOK_You_CAN_detect_PowerShell_attacks_v1.1BSidesOK_You_CAN_detect_PowerShell_attacks_v1.1
BSidesOK_You_CAN_detect_PowerShell_attacks_v1.1Michael Gough
 
Windows IR made easier and faster v1.0
Windows IR made easier and faster v1.0Windows IR made easier and faster v1.0
Windows IR made easier and faster v1.0Michael Gough
 
Vulnerability Assessments:Burp Suite
Vulnerability Assessments:Burp SuiteVulnerability Assessments:Burp Suite
Vulnerability Assessments:Burp Suitesportblonde1589
 
Silent web app testing by example - BerlinSides 2011
Silent web app testing by example - BerlinSides 2011Silent web app testing by example - BerlinSides 2011
Silent web app testing by example - BerlinSides 2011Abraham Aranguren
 
You can detect PowerShell attacks
You can detect PowerShell attacksYou can detect PowerShell attacks
You can detect PowerShell attacksMichael Gough
 
You need a PROcess to catch running processes and their modules_v2.0
You need a PROcess to catch running processes and their modules_v2.0You need a PROcess to catch running processes and their modules_v2.0
You need a PROcess to catch running processes and their modules_v2.0Michael Gough
 
HackFest 2015 - Rasp vs waf
HackFest 2015 - Rasp vs wafHackFest 2015 - Rasp vs waf
HackFest 2015 - Rasp vs wafIMMUNIO
 
[CB16] Invoke-Obfuscation: PowerShell obFUsk8tion Techniques & How To (Try To...
[CB16] Invoke-Obfuscation: PowerShell obFUsk8tion Techniques & How To (Try To...[CB16] Invoke-Obfuscation: PowerShell obFUsk8tion Techniques & How To (Try To...
[CB16] Invoke-Obfuscation: PowerShell obFUsk8tion Techniques & How To (Try To...CODE BLUE
 
Logging for hackers SAINTCON
Logging for hackers SAINTCONLogging for hackers SAINTCON
Logging for hackers SAINTCONMichael Gough
 
Pwning mobile apps without root or jailbreak
Pwning mobile apps without root or jailbreakPwning mobile apps without root or jailbreak
Pwning mobile apps without root or jailbreakAbraham Aranguren
 
DIR ISF - Email keeps getting us pwned v1.1
DIR ISF - Email keeps getting us pwned v1.1DIR ISF - Email keeps getting us pwned v1.1
DIR ISF - Email keeps getting us pwned v1.1Michael Gough
 
Logging for Hackers v1.0
Logging for Hackers v1.0Logging for Hackers v1.0
Logging for Hackers v1.0Michael Gough
 
Mw arch mac_tips and tricks v1.0
Mw arch mac_tips and tricks v1.0Mw arch mac_tips and tricks v1.0
Mw arch mac_tips and tricks v1.0Michael Gough
 
Case Study of Django: Web Frameworks that are Secure by Default
Case Study of Django: Web Frameworks that are Secure by DefaultCase Study of Django: Web Frameworks that are Secure by Default
Case Study of Django: Web Frameworks that are Secure by DefaultMohammed ALDOUB
 
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2Chris Gates
 

Tendances (20)

Bsides-Philly-2016-Finding-A-Companys-BreakPoint
Bsides-Philly-2016-Finding-A-Companys-BreakPointBsides-Philly-2016-Finding-A-Companys-BreakPoint
Bsides-Philly-2016-Finding-A-Companys-BreakPoint
 
Bounty Craft: Bug bounty reports how do they work, @sushihack presents at Nu...
Bounty Craft: Bug bounty reports how do they work, @sushihack presents at Nu...Bounty Craft: Bug bounty reports how do they work, @sushihack presents at Nu...
Bounty Craft: Bug bounty reports how do they work, @sushihack presents at Nu...
 
Make profit with UI-Redressing attacks.
Make profit with UI-Redressing attacks.Make profit with UI-Redressing attacks.
Make profit with UI-Redressing attacks.
 
BSidesOK_You_CAN_detect_PowerShell_attacks_v1.1
BSidesOK_You_CAN_detect_PowerShell_attacks_v1.1BSidesOK_You_CAN_detect_PowerShell_attacks_v1.1
BSidesOK_You_CAN_detect_PowerShell_attacks_v1.1
 
Bug Bounty 101
Bug Bounty 101Bug Bounty 101
Bug Bounty 101
 
Windows IR made easier and faster v1.0
Windows IR made easier and faster v1.0Windows IR made easier and faster v1.0
Windows IR made easier and faster v1.0
 
Vulnerability Assessments:Burp Suite
Vulnerability Assessments:Burp SuiteVulnerability Assessments:Burp Suite
Vulnerability Assessments:Burp Suite
 
Silent web app testing by example - BerlinSides 2011
Silent web app testing by example - BerlinSides 2011Silent web app testing by example - BerlinSides 2011
Silent web app testing by example - BerlinSides 2011
 
You can detect PowerShell attacks
You can detect PowerShell attacksYou can detect PowerShell attacks
You can detect PowerShell attacks
 
You need a PROcess to catch running processes and their modules_v2.0
You need a PROcess to catch running processes and their modules_v2.0You need a PROcess to catch running processes and their modules_v2.0
You need a PROcess to catch running processes and their modules_v2.0
 
HackFest 2015 - Rasp vs waf
HackFest 2015 - Rasp vs wafHackFest 2015 - Rasp vs waf
HackFest 2015 - Rasp vs waf
 
[CB16] Invoke-Obfuscation: PowerShell obFUsk8tion Techniques & How To (Try To...
[CB16] Invoke-Obfuscation: PowerShell obFUsk8tion Techniques & How To (Try To...[CB16] Invoke-Obfuscation: PowerShell obFUsk8tion Techniques & How To (Try To...
[CB16] Invoke-Obfuscation: PowerShell obFUsk8tion Techniques & How To (Try To...
 
Logging for hackers SAINTCON
Logging for hackers SAINTCONLogging for hackers SAINTCON
Logging for hackers SAINTCON
 
Pwning mobile apps without root or jailbreak
Pwning mobile apps without root or jailbreakPwning mobile apps without root or jailbreak
Pwning mobile apps without root or jailbreak
 
DIR ISF - Email keeps getting us pwned v1.1
DIR ISF - Email keeps getting us pwned v1.1DIR ISF - Email keeps getting us pwned v1.1
DIR ISF - Email keeps getting us pwned v1.1
 
Zap vs burp
Zap vs burpZap vs burp
Zap vs burp
 
Logging for Hackers v1.0
Logging for Hackers v1.0Logging for Hackers v1.0
Logging for Hackers v1.0
 
Mw arch mac_tips and tricks v1.0
Mw arch mac_tips and tricks v1.0Mw arch mac_tips and tricks v1.0
Mw arch mac_tips and tricks v1.0
 
Case Study of Django: Web Frameworks that are Secure by Default
Case Study of Django: Web Frameworks that are Secure by DefaultCase Study of Django: Web Frameworks that are Secure by Default
Case Study of Django: Web Frameworks that are Secure by Default
 
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2
 

En vedette

[Webinar] Instagram Ads: Everything you need to know
[Webinar] Instagram Ads: Everything you need to know [Webinar] Instagram Ads: Everything you need to know
[Webinar] Instagram Ads: Everything you need to know Point It, Inc
 
RFID Application
RFID ApplicationRFID Application
RFID Applicationcodykong
 
Fingerprint technology in our lives
Fingerprint technology in our livesFingerprint technology in our lives
Fingerprint technology in our livescodykong
 
Student Affairs Final 1 Paper
Student Affairs Final 1 PaperStudent Affairs Final 1 Paper
Student Affairs Final 1 PaperGwen Knight
 
[Webinar] Going Global: Expanding into International PPC
[Webinar] Going Global: Expanding into International PPC[Webinar] Going Global: Expanding into International PPC
[Webinar] Going Global: Expanding into International PPCPoint It, Inc
 
Meta par adigma_10
Meta par adigma_10Meta par adigma_10
Meta par adigma_10ikonnik
 

En vedette (17)

Questionnaire results
Questionnaire resultsQuestionnaire results
Questionnaire results
 
[Webinar] Instagram Ads: Everything you need to know
[Webinar] Instagram Ads: Everything you need to know [Webinar] Instagram Ads: Everything you need to know
[Webinar] Instagram Ads: Everything you need to know
 
RFID Application
RFID ApplicationRFID Application
RFID Application
 
Fingerprint technology in our lives
Fingerprint technology in our livesFingerprint technology in our lives
Fingerprint technology in our lives
 
How to get more visitors to your website
How to get more visitors to your websiteHow to get more visitors to your website
How to get more visitors to your website
 
Rapidoo
RapidooRapidoo
Rapidoo
 
Research task
Research taskResearch task
Research task
 
Hackett ITResume SEPT01[2]
Hackett ITResume SEPT01[2]Hackett ITResume SEPT01[2]
Hackett ITResume SEPT01[2]
 
Student Affairs Final 1 Paper
Student Affairs Final 1 PaperStudent Affairs Final 1 Paper
Student Affairs Final 1 Paper
 
Resume updated 2015
Resume updated 2015Resume updated 2015
Resume updated 2015
 
[Webinar] Going Global: Expanding into International PPC
[Webinar] Going Global: Expanding into International PPC[Webinar] Going Global: Expanding into International PPC
[Webinar] Going Global: Expanding into International PPC
 
Nikita cv
Nikita cvNikita cv
Nikita cv
 
State and economics
State and economicsState and economics
State and economics
 
Pptexamples
PptexamplesPptexamples
Pptexamples
 
Meta par adigma_10
Meta par adigma_10Meta par adigma_10
Meta par adigma_10
 
Kakhuri
KakhuriKakhuri
Kakhuri
 
Conversation lecture 1
Conversation lecture 1Conversation lecture 1
Conversation lecture 1
 

Similaire à Bug bounties - cén scéal?

Web Application Security And Getting Into Bug Bounties
Web Application Security And Getting Into Bug BountiesWeb Application Security And Getting Into Bug Bounties
Web Application Security And Getting Into Bug Bountieskunwaratul hax0r
 
7 Bug Bounty Myths, BUSTED
7 Bug Bounty Myths, BUSTED7 Bug Bounty Myths, BUSTED
7 Bug Bounty Myths, BUSTEDbugcrowd
 
Crowdsourcing Cyber Security
Crowdsourcing Cyber SecurityCrowdsourcing Cyber Security
Crowdsourcing Cyber SecurityToe Khaing
 
CrikeyCon 2017 - Rumours of our Demise Have Been Greatly Exaggerated
CrikeyCon 2017 - Rumours of our Demise Have Been Greatly ExaggeratedCrikeyCon 2017 - Rumours of our Demise Have Been Greatly Exaggerated
CrikeyCon 2017 - Rumours of our Demise Have Been Greatly Exaggeratedeightbit
 
Crypto Night at CSUS - Bug Bounties
Crypto Night at CSUS - Bug Bounties Crypto Night at CSUS - Bug Bounties
Crypto Night at CSUS - Bug Bounties Behrouz Sadeghipour
 
Malware Classification and Analysis
Malware Classification and AnalysisMalware Classification and Analysis
Malware Classification and AnalysisPrashant Chopra
 
Testers, get into security bug bounties!
Testers, get into security bug bounties!Testers, get into security bug bounties!
Testers, get into security bug bounties!eusebiu daniel blindu
 
Top Security Challenges Facing Credit Unions Today
Top Security Challenges Facing Credit Unions TodayTop Security Challenges Facing Credit Unions Today
Top Security Challenges Facing Credit Unions TodayChris Gates
 
Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...
Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...
Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...Mazin Ahmed
 
Modernizing, Migrating & Mitigating - Moving to Modern Cloud & API Web Apps W...
Modernizing, Migrating & Mitigating - Moving to Modern Cloud & API Web Apps W...Modernizing, Migrating & Mitigating - Moving to Modern Cloud & API Web Apps W...
Modernizing, Migrating & Mitigating - Moving to Modern Cloud & API Web Apps W...Security Innovation
 
Powerpoint dropbox
Powerpoint dropboxPowerpoint dropbox
Powerpoint dropboxxristou
 
Dropbox: Building Business Through Lean Startup Principles
Dropbox: Building Business Through Lean Startup PrinciplesDropbox: Building Business Through Lean Startup Principles
Dropbox: Building Business Through Lean Startup PrinciplesVishal Kumar
 
CyberSecurity Series Malware slides
CyberSecurity Series Malware slidesCyberSecurity Series Malware slides
CyberSecurity Series Malware slidesJim Kaplan CIA CFE
 
Building an Excellent Web Startup
Building an Excellent Web StartupBuilding an Excellent Web Startup
Building an Excellent Web Startupmatthewhyatt
 
User Interfaces and Algorithms for Fighting Phishing, at Google Tech Talk Jan...
User Interfaces and Algorithms for Fighting Phishing, at Google Tech Talk Jan...User Interfaces and Algorithms for Fighting Phishing, at Google Tech Talk Jan...
User Interfaces and Algorithms for Fighting Phishing, at Google Tech Talk Jan...Jason Hong
 
High time to add machine learning to your information security stack
High time to add machine learning to your information security stackHigh time to add machine learning to your information security stack
High time to add machine learning to your information security stackMinhaz A V
 
HI THIS IS URGENT PLZ FIX ASAP: Critical Vunlerabilities and Bug Bounty Programs
HI THIS IS URGENT PLZ FIX ASAP: Critical Vunlerabilities and Bug Bounty ProgramsHI THIS IS URGENT PLZ FIX ASAP: Critical Vunlerabilities and Bug Bounty Programs
HI THIS IS URGENT PLZ FIX ASAP: Critical Vunlerabilities and Bug Bounty Programsbugcrowd
 
There’s an OpenBullet Attack Config for Your Site – What Should You Do?
There’s an OpenBullet Attack Config for Your Site – What Should You Do?There’s an OpenBullet Attack Config for Your Site – What Should You Do?
There’s an OpenBullet Attack Config for Your Site – What Should You Do?DevOps.com
 
Pentesting Tips: Beyond Automated Testing
Pentesting Tips: Beyond Automated TestingPentesting Tips: Beyond Automated Testing
Pentesting Tips: Beyond Automated TestingAndrew McNicol
 

Similaire à Bug bounties - cén scéal? (20)

Web Application Security And Getting Into Bug Bounties
Web Application Security And Getting Into Bug BountiesWeb Application Security And Getting Into Bug Bounties
Web Application Security And Getting Into Bug Bounties
 
Owasp LA
Owasp LAOwasp LA
Owasp LA
 
7 Bug Bounty Myths, BUSTED
7 Bug Bounty Myths, BUSTED7 Bug Bounty Myths, BUSTED
7 Bug Bounty Myths, BUSTED
 
Crowdsourcing Cyber Security
Crowdsourcing Cyber SecurityCrowdsourcing Cyber Security
Crowdsourcing Cyber Security
 
CrikeyCon 2017 - Rumours of our Demise Have Been Greatly Exaggerated
CrikeyCon 2017 - Rumours of our Demise Have Been Greatly ExaggeratedCrikeyCon 2017 - Rumours of our Demise Have Been Greatly Exaggerated
CrikeyCon 2017 - Rumours of our Demise Have Been Greatly Exaggerated
 
Crypto Night at CSUS - Bug Bounties
Crypto Night at CSUS - Bug Bounties Crypto Night at CSUS - Bug Bounties
Crypto Night at CSUS - Bug Bounties
 
Malware Classification and Analysis
Malware Classification and AnalysisMalware Classification and Analysis
Malware Classification and Analysis
 
Testers, get into security bug bounties!
Testers, get into security bug bounties!Testers, get into security bug bounties!
Testers, get into security bug bounties!
 
Top Security Challenges Facing Credit Unions Today
Top Security Challenges Facing Credit Unions TodayTop Security Challenges Facing Credit Unions Today
Top Security Challenges Facing Credit Unions Today
 
Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...
Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...
Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...
 
Modernizing, Migrating & Mitigating - Moving to Modern Cloud & API Web Apps W...
Modernizing, Migrating & Mitigating - Moving to Modern Cloud & API Web Apps W...Modernizing, Migrating & Mitigating - Moving to Modern Cloud & API Web Apps W...
Modernizing, Migrating & Mitigating - Moving to Modern Cloud & API Web Apps W...
 
Powerpoint dropbox
Powerpoint dropboxPowerpoint dropbox
Powerpoint dropbox
 
Dropbox: Building Business Through Lean Startup Principles
Dropbox: Building Business Through Lean Startup PrinciplesDropbox: Building Business Through Lean Startup Principles
Dropbox: Building Business Through Lean Startup Principles
 
CyberSecurity Series Malware slides
CyberSecurity Series Malware slidesCyberSecurity Series Malware slides
CyberSecurity Series Malware slides
 
Building an Excellent Web Startup
Building an Excellent Web StartupBuilding an Excellent Web Startup
Building an Excellent Web Startup
 
User Interfaces and Algorithms for Fighting Phishing, at Google Tech Talk Jan...
User Interfaces and Algorithms for Fighting Phishing, at Google Tech Talk Jan...User Interfaces and Algorithms for Fighting Phishing, at Google Tech Talk Jan...
User Interfaces and Algorithms for Fighting Phishing, at Google Tech Talk Jan...
 
High time to add machine learning to your information security stack
High time to add machine learning to your information security stackHigh time to add machine learning to your information security stack
High time to add machine learning to your information security stack
 
HI THIS IS URGENT PLZ FIX ASAP: Critical Vunlerabilities and Bug Bounty Programs
HI THIS IS URGENT PLZ FIX ASAP: Critical Vunlerabilities and Bug Bounty ProgramsHI THIS IS URGENT PLZ FIX ASAP: Critical Vunlerabilities and Bug Bounty Programs
HI THIS IS URGENT PLZ FIX ASAP: Critical Vunlerabilities and Bug Bounty Programs
 
There’s an OpenBullet Attack Config for Your Site – What Should You Do?
There’s an OpenBullet Attack Config for Your Site – What Should You Do?There’s an OpenBullet Attack Config for Your Site – What Should You Do?
There’s an OpenBullet Attack Config for Your Site – What Should You Do?
 
Pentesting Tips: Beyond Automated Testing
Pentesting Tips: Beyond Automated TestingPentesting Tips: Beyond Automated Testing
Pentesting Tips: Beyond Automated Testing
 

Dernier

Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 

Dernier (20)

Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 

Bug bounties - cén scéal?

  • 2. Who am I? Ciarán McNally What do I do? • Freelance Security Consulting • Bug Bounties • Security Research • Recently signed as a contracted remote Application Security Engineer with Why Care? • Top 50 on two of the worlds largest Responsible Disclosure Platforms. ciaran@securit.ie www.securit.ie twitter.com/@ciaranmak
  • 3. What are Bug Bounties? • Many organisations offer cash rewards to researchers for responsibly disclosing security issues or vulnerabilities. • There are well defined rules of engagement, known as “responsible disclosure policies” that outline what is acceptable. • In other words, READ THE SCOPE for each program.
  • 4. Advantages of Bug Bounties For security consultants, students, hobbyists or enthusiasts… • Perfect to pad out your CV with real demonstrable experience. • It pays extremely well when your skill starts increasing. • There is an excellent global community to learn from. • Learn to distinguish and pursue the bugs that matter first. • They encourage you to think more like a blackhat which will make you a better whitehat
  • 5. Advantages of Bug Bounties For organisations… • You can still choose who, how and where you want the testing performed. • You only pay for the vulnerabilities found. • It is more community driven and gives you more of a community presence. • A larger number of security experts are looking at your applications. • It’s an additional layer of security! (Who needs that right?)
  • 6. Responsible Disclosure Platforms • Register as a researcher • Larger scoped programs means easier to find bugs. • Public disclosure of some issues that may help others learn. • “Internet bug bounty” • Vendor responses differ greatly • Higher reward ceiling! • Register as a researcher • Very researcher focused and encourage skill growth with good feedback. • Very large variety of programs: web app, mobile & desktop apps, flex (2 week – 1 Month). • Excellent private bounty programs. • Almost 20,000 researchers and an active community. • Encourages finding critical issues with additional rewards.
  • 7. Advice for getting started • The older programs with smaller applications are likely to have less obvious issues, focus on the newer or larger programs until you get confident. • Review the public bugs for the program. Lookup blog posts. • Soon after you start building your score or reputation you will start being invited to private programs. Less people with access = more rewards for you.
  • 8. Penetration Testing Methodology • Information Gathering, Network Reconnaissance & OSINT • Probing, Active Scanning, Vulnerability Scanning & Analysis • Exploitation, Leveraging Vulnerabilities & Verification • Reporting and Communication of issues
  • 9. Penetration Testing Methodology • Information Gathering, Network Reconnaissance & OSINT • Probing, Active Scanning, Vulnerability Scanning & Analysis • Exploitation, Leveraging Vulnerabilities & Verification • Reporting and Communication of issues
  • 10. Bug Bounty Information Gathering Regular Techniques: • Google Searches • Subdomain Brute Forcing • AXFR DNS Transfers • Scanning IP Range • Reverse DNS lookups • Web DNS tools • whois lookups Recommended Tools: • dig • subbrute • Recon-ng • gitrob • Resources:  scans.io  dnsdumpster.com
  • 11. Bug Bounty Information Gathering • Bug Bounty Programs are often much wider in scope. • The scope is often defined by something like the following: *.twitter.com, *.yahoo.com …. • Many are “All company owned, branded or acquisition sites” • I want to demonstrate alternative approaches I have used to tackle this.
  • 12. Recon Tips • Find as many of the organisation owned services or servers as you can. • Reconnaissance and information gathering is by far the most important step. • Companies often use subdomain formats. Find them.
  • 13. Bug Bounty Information Gathering “Think Bigger” Attacker Techniques: • Lookup Organisation ASNs • Retrieve ALL their IP ranges.
  • 14. Bug Bounty Information Gathering “Think Bigger” Attacker Techniques: • The couple of hundred target hosts you found before with regular techniques… Just became potentially a couple of hundred thousand.
  • 15. Other Techniques: • scans.io data has scans of the whole internet, http/https, ssl certs and reverse DNS. • Import them into Elasticsearch with Kibana for Information Gathering or profiling your target. Bug Bounty Information Gathering
  • 16. Bug Bounty Vulnerability Scanning Regular Techniques: • Scanning Tools • Custom Scripts Recommended Tools: • Nmap, Masscan, Zmap… • Nessus, OpenVAS… • Burp, Arachni, Appscan… • Curl • Dirs3arch & Dirb • SQLmap • THC-hydra • Metasploit
  • 17. • 99.99% of bounty programs disallow heavy scanning. Learn how to effectively throttle your tools if you do opt for mass scanning. • Organisations running bounties are well capable of running their own scanners. DO NOT report “low” or “potential” rated scanner vulnerabilities. Bug Bounty Vulnerability Scanning
  • 18. Bug Bounty Vulnerability Scanning “Think Bigger” Attacker Techniques • I developed my own threaded scanning tool dubbed “scantastic” in February. • https://github.com/maK-/scantastic-tool • It dumps masscan network scans and directory brute-forcing scans into elasticsearch. • Ideas contributed by @nnwakelam
  • 19. Bug Bounty Vulnerability Scanning • This is a very powerful technique. • Once a vulnerability is identified, It can now be scanned for across all services. • You can also scan for common known vulnerable files and filter the results.
  • 20. Bug Bounty Penetration Testing • I combined this scanning technique with a regular penetration testing methodology against Adobe’s Responsible Disclosure Program in recent Months. • Within 24 hours of testing I managed to report 66 Vulnerabilities. I am currently #1 on the Adobe program as a result.
  • 23. Bug Bounty Penetration Testing More Tips: • You only get rewarded if you are first to find and report an issue. So report first, then update later if you escalate the vulnerability further. • Expect duplicates • Always go as far as you can with what you find. The reward could double. • Keep an eye on #bugbounty, #infosec or #bugcrowd regularly on Twitter, there is a large community always posting there. Plenty of excellent tips and blog posts.