Fun & Profit with Bug Bounties
- Madhu Akula
Null - DharamshalaNull - Dharamshala
About Me !
root@localhost :~# whoami
Madhu Akula
Information Security Enthusiastic
www.madhuakula.com
in.linkedin.com/in/madhuakula fb.com/madhu.akula twitter.com/madhuakula
Agenda
What and how to start
Bug Bounties
&
My experience with
bug bounties...
What is bug bounty ?
Vendor :
● Create a program
● Offer HOF (or) Swag (or) Reward (or) Duplicate
● Get the all vulnerabilities and Fix asap !
● Make products and applications secure
Researcher :
● Find the vulnerabilities in target
● Get mostly duplicates :P
● Other wise Hof, Swag (or) Reward !
● Share in Social Network
History...
https://blog.crowdcurity.com/the-history-of-bug-bounty-programs/
Who are eligible ?
● Are you able to p0p up
Where to find the list?
● Here you go...
How to start ???
● Learn how things will work
● Owasp is our home to learn Web Application Security
● Do home work with Broken Web Apps
● Then apply what you learn !
Start with your requests untill you will get the response :)
How to start ???
● Your main resource for bug bounties is gathering Proof Of Concepts (POC) !
● Checking blogs for write up
● Adding bug hunters into your friends list to get PoC's as well as new programs :p
● Checking for new vulnerabilities
site:hackerone.com/reports/
How to start ???
● Take one site from the list of sites
● Check your luck with new sites
● Then try to map the target with attack surface
● Check for OWASP Vulnerabilities as first priority
● Check other type of vulnerabilities also
● Then get hof, swags and $$$$
Common checks !
● Cross Site Scripting
● Cross Site Request Forgery
● Injections
● Authentication and Session Mechanism
● Remote Code Execution
● Other...
Resources
Mozilla and addon's
● Live HTTP Headers ● Tamper Data ● Wappalyzer ● Foxyproxy● Firebug ● Hack bar● User switcher ● Others...
writing custom scripts will give you more good and quick results
searchdns.netcraft.com, www.wolframalpha.com - For subdomains finding !
Keep ready made report templates to become you are the first person to find !
Finally use https://pentest-tools.com
Proxies
● Burp● Owasp ZAP● Any other
Search Engine Discovery
Google, Shodan, Bing, other
Open Source ● Ironwasp● Xenotix● Many more...
Bye bye to Scanners !
My Experiance with Bug Bounties !
Started with Duplicates...
Don't know what is bug hunting (n00b)
Digging into deep !
● only one target, find bugs untill you will be the first person to find !
● Once you are the first person if is there any reward try more untill you will be listed in Top members...
After...
Many More...Many More...
After...
Many More...Many More...
After...
Many More...Many More...
The End !
● It's enough
● Realised that I'm wasting everyday 2hrs
● Luck is the best kick for duplicates
● Started as noob and got some expriance with app security
● Good friends in Social Networks
● Then started contributing to Open Source and got some
CVE-2014-4329, CVE-2014-4722, CVE-2014-4853
Conclusion
Bug bounties are not only for rewards (or) fame. You will learn about new attacks and exploitation techniques by
playing with other applications.
Demo's & POC's
Walk Through !
Special Thanks !
http://null.co.infb.com/null0x00 twitter.com/null0x00