fun & profit with bug bounties

Fun & Profit with Bug Bounties

- Madhu Akula

Null - DharamshalaNull - Dharamshala

About Me !

root@localhost :~# whoami

Madhu Akula

Information Security Enthusiastic

madhu.akula@hotmail.com

www.madhuakula.com

in.linkedin.com/in/madhuakula fb.com/madhu.akula twitter.com/madhuakula

Agenda

What and how to start

Bug Bounties

&

My experience with

bug bounties...

What is bug bounty ?

Vendor :

● Create a program

● Offer HOF (or) Swag (or) Reward (or) Duplicate

● Get the all vulnerabilities and Fix asap !

● Make products and applications secure

Researcher :

● Find the vulnerabilities in target

● Get mostly duplicates :P

● Other wise Hof, Swag (or) Reward !

● Share in Social Network

History...

https://blog.crowdcurity.com/the-history-of-bug-bounty-programs/

Who are eligible ?

● Are you able to p0p up

Where to find the list?

● Here you go...

How to start ???

● Learn how things will work

● Owasp is our home to learn Web Application Security

● Do home work with Broken Web Apps

● Then apply what you learn !

Start with your requests untill you will get the response :)

How to start ???

● Your main resource for bug bounties is gathering Proof Of Concepts (POC) !

● Checking blogs for write up

● Adding bug hunters into your friends list to get PoC's as well as new programs :p

● Checking for new vulnerabilities

site:hackerone.com/reports/

How to start ???

● Take one site from the list of sites

● Check your luck with new sites

● Then try to map the target with attack surface

● Check for OWASP Vulnerabilities as first priority

● Check other type of vulnerabilities also

● Then get hof, swags and $$$$

Common checks !

● Cross Site Scripting

● Cross Site Request Forgery

● Injections

● Authentication and Session Mechanism

● Remote Code Execution

● Other...

Resources

Mozilla and addon's

● Live HTTP Headers ● Tamper Data ● Wappalyzer ● Foxyproxy● Firebug ● Hack bar● User switcher ● Others...

writing custom scripts will give you more good and quick results

searchdns.netcraft.com, www.wolframalpha.com - For subdomains finding !

Keep ready made report templates to become you are the first person to find !

Finally use https://pentest-tools.com

Proxies

● Burp● Owasp ZAP● Any other

Search Engine Discovery

Google, Shodan, Bing, other

Open Source ● Ironwasp● Xenotix● Many more...

Bye bye to Scanners !

My Experiance with Bug Bounties !

Started with Duplicates...

Don't know what is bug hunting (n00b)

Digging into deep !

● only one target, find bugs untill you will be the first person to find !

● Once you are the first person if is there any reward try more untill you will be listed in Top members...

After...

Many More...Many More...

After...

Many More...Many More...

After...

Many More...Many More...

The End !

● It's enough

● Realised that I'm wasting everyday 2hrs

● Luck is the best kick for duplicates

● Started as noob and got some expriance with app security

● Good friends in Social Networks

● Then started contributing to Open Source and got some

CVE-2014-4329, CVE-2014-4722, CVE-2014-4853

Conclusion

Bug bounties are not only for rewards (or) fame. You will learn about new attacks and exploitation techniques by

playing with other applications.

Demo's & POC's

Walk Through !

Special Thanks !

http://null.co.infb.com/null0x00 twitter.com/null0x00