Download - My Bug Hunting With Open Source
![Page 1: My Bug Hunting With Open Source](https://reader034.vdocuments.us/reader034/viewer/2022051707/58ec8d4c1a28ab4e788b45af/html5/thumbnails/1.jpg)
My Bug Hunting With Open Source
Madhu AkulaInformation Security Enthusiastic
![Page 2: My Bug Hunting With Open Source](https://reader034.vdocuments.us/reader034/viewer/2022051707/58ec8d4c1a28ab4e788b45af/html5/thumbnails/2.jpg)
root@localhost:~# whoami
in.linkedin.com/in/madhuakula fb.com/madhu.akula twitter.com/madhuakula
● Network Security Consultant @Payatu● Chapter lead at null● Cr3w Member at Nullcon ● Contributor @ Codevigilant● Bug Huner & Opensource Contributor● Never ending Learner !
![Page 3: My Bug Hunting With Open Source](https://reader034.vdocuments.us/reader034/viewer/2022051707/58ec8d4c1a28ab4e788b45af/html5/thumbnails/3.jpg)
Agenda
My journey so far in the world of
bug finding
This is all about how I have done and how you can also do
![Page 4: My Bug Hunting With Open Source](https://reader034.vdocuments.us/reader034/viewer/2022051707/58ec8d4c1a28ab4e788b45af/html5/thumbnails/4.jpg)
HistoryStarted hunting for bugs on several bug bounty programs for
![Page 5: My Bug Hunting With Open Source](https://reader034.vdocuments.us/reader034/viewer/2022051707/58ec8d4c1a28ab4e788b45af/html5/thumbnails/5.jpg)
History
Started with Duplicates...
![Page 6: My Bug Hunting With Open Source](https://reader034.vdocuments.us/reader034/viewer/2022051707/58ec8d4c1a28ab4e788b45af/html5/thumbnails/6.jpg)
Digging into deep
![Page 7: My Bug Hunting With Open Source](https://reader034.vdocuments.us/reader034/viewer/2022051707/58ec8d4c1a28ab4e788b45af/html5/thumbnails/7.jpg)
![Page 8: My Bug Hunting With Open Source](https://reader034.vdocuments.us/reader034/viewer/2022051707/58ec8d4c1a28ab4e788b45af/html5/thumbnails/8.jpg)
![Page 9: My Bug Hunting With Open Source](https://reader034.vdocuments.us/reader034/viewer/2022051707/58ec8d4c1a28ab4e788b45af/html5/thumbnails/9.jpg)
Realization
● It's enough● I'm wasting everyday 2hrs● Luck is the best kick● Started as noob and got some experience with
app security● Increased friends network
![Page 10: My Bug Hunting With Open Source](https://reader034.vdocuments.us/reader034/viewer/2022051707/58ec8d4c1a28ab4e788b45af/html5/thumbnails/10.jpg)
Then what's next ???
![Page 11: My Bug Hunting With Open Source](https://reader034.vdocuments.us/reader034/viewer/2022051707/58ec8d4c1a28ab4e788b45af/html5/thumbnails/11.jpg)
CVE-2014-4329
CVE-2014-4722
CVE-2014-4853
![Page 12: My Bug Hunting With Open Source](https://reader034.vdocuments.us/reader034/viewer/2022051707/58ec8d4c1a28ab4e788b45af/html5/thumbnails/12.jpg)
After some days...
● I am not the only person thinking this, Found something similar
![Page 13: My Bug Hunting With Open Source](https://reader034.vdocuments.us/reader034/viewer/2022051707/58ec8d4c1a28ab4e788b45af/html5/thumbnails/13.jpg)
What is Code Vigilnat
● A community collaboration effort to make opensource software’s secure.
● Finding bugs and responsibly disclosing them to respective author and preferable getting software updated.
● Responsible disclosure on website after sufficient interval.
![Page 14: My Bug Hunting With Open Source](https://reader034.vdocuments.us/reader034/viewer/2022051707/58ec8d4c1a28ab4e788b45af/html5/thumbnails/14.jpg)
About Code Vigilant
Anant Shrivastava Prajal Kulkarni
Chaitu Madhu Akula
![Page 15: My Bug Hunting With Open Source](https://reader034.vdocuments.us/reader034/viewer/2022051707/58ec8d4c1a28ab4e788b45af/html5/thumbnails/15.jpg)
Target A EcoSystem
● We Picked WordPress Ecosystem which meant
– WordPress Plugins (current focus)
– WordPress Themes (current Focus)
– WordPress Core (future check)
● Pick an ecosystem which you think is near and dear to you and the language which you can easily understand.
![Page 16: My Bug Hunting With Open Source](https://reader034.vdocuments.us/reader034/viewer/2022051707/58ec8d4c1a28ab4e788b45af/html5/thumbnails/16.jpg)
Why
● 60 million websites world wide● Current stable release 4.0
![Page 17: My Bug Hunting With Open Source](https://reader034.vdocuments.us/reader034/viewer/2022051707/58ec8d4c1a28ab4e788b45af/html5/thumbnails/17.jpg)
Why Wordpress ?
![Page 18: My Bug Hunting With Open Source](https://reader034.vdocuments.us/reader034/viewer/2022051707/58ec8d4c1a28ab4e788b45af/html5/thumbnails/18.jpg)
Let's Find Zero Days
![Page 19: My Bug Hunting With Open Source](https://reader034.vdocuments.us/reader034/viewer/2022051707/58ec8d4c1a28ab4e788b45af/html5/thumbnails/19.jpg)
Feedback
![Page 20: My Bug Hunting With Open Source](https://reader034.vdocuments.us/reader034/viewer/2022051707/58ec8d4c1a28ab4e788b45af/html5/thumbnails/20.jpg)
Let's Automate
![Page 21: My Bug Hunting With Open Source](https://reader034.vdocuments.us/reader034/viewer/2022051707/58ec8d4c1a28ab4e788b45af/html5/thumbnails/21.jpg)
Result
More than 50 CVE's in 1 Week
![Page 22: My Bug Hunting With Open Source](https://reader034.vdocuments.us/reader034/viewer/2022051707/58ec8d4c1a28ab4e788b45af/html5/thumbnails/22.jpg)
Expectation
We are seeking for more volunteers to come forward and help us make opensource
softwares a more secure plateform.
![Page 23: My Bug Hunting With Open Source](https://reader034.vdocuments.us/reader034/viewer/2022051707/58ec8d4c1a28ab4e788b45af/html5/thumbnails/23.jpg)
For 'U'
● Appeal to use codevigilant plateform● You find flaws
– Either join our team and do continuous contribution• You get an author’s page at codevigilant
• If you get any bounty for the bug you keep it.
– Send Details as one off cases of finding● We will do co-ordination with third party● We will try to get it patched or remove it from internet if not patched.● We will publish advisory on website with yours and co-ordinator’s
name in advisory.
![Page 24: My Bug Hunting With Open Source](https://reader034.vdocuments.us/reader034/viewer/2022051707/58ec8d4c1a28ab4e788b45af/html5/thumbnails/24.jpg)
For 'U'
● If you want a open source product tested contact us and we will see what we can do about it.
● If you want quick test’s you can think about donating to the project.
![Page 25: My Bug Hunting With Open Source](https://reader034.vdocuments.us/reader034/viewer/2022051707/58ec8d4c1a28ab4e788b45af/html5/thumbnails/25.jpg)
Code Vigilant
● http://www.codevigilant.com● https://github.com/Codevigilant● https://facebook.com/Codevigilant● https://twitter.com/Codevigilant
![Page 26: My Bug Hunting With Open Source](https://reader034.vdocuments.us/reader034/viewer/2022051707/58ec8d4c1a28ab4e788b45af/html5/thumbnails/26.jpg)
Thanks