![Page 1: on Steroids Bug Bounty Hunting - ROOTCON® Media Server 12/Talks/Bug Bounty...Learning from the dev side of the tech world @anshuman_bh @_devalias @mhmdiaa Scaling & Reliability Vertical](https://reader033.vdocuments.us/reader033/viewer/2022052502/609dbe5ff4aaf73eb265fb5b/html5/thumbnails/1.jpg)
@anshuman_bh @_devalias @mhmdiaa
Bug Bounty Hunting on Steroids
![Page 2: on Steroids Bug Bounty Hunting - ROOTCON® Media Server 12/Talks/Bug Bounty...Learning from the dev side of the tech world @anshuman_bh @_devalias @mhmdiaa Scaling & Reliability Vertical](https://reader033.vdocuments.us/reader033/viewer/2022052502/609dbe5ff4aaf73eb265fb5b/html5/thumbnails/2.jpg)
@anshuman_bh @_devalias @mhmdiaa
Mohammed Diaa
@mhmdiaa
Developer, Bug Hunter
Never send a human to do a machine’s job
Glenn ‘devalias’ Grant
@_devalias
Hacker, Polyglot Developer, Bounty Hunter,
#SecDevOpsInTheCloudCyber™ enthusiast...
Penetration Tester and Offensive Capability Development at TSS
The Team
Anshuman Bhartiya
@anshuman_bh
Security Engineer, Bug Bounty Hunter
Automate all the things!!
All things as code!!
2
![Page 3: on Steroids Bug Bounty Hunting - ROOTCON® Media Server 12/Talks/Bug Bounty...Learning from the dev side of the tech world @anshuman_bh @_devalias @mhmdiaa Scaling & Reliability Vertical](https://reader033.vdocuments.us/reader033/viewer/2022052502/609dbe5ff4aaf73eb265fb5b/html5/thumbnails/3.jpg)
@anshuman_bh @_devalias @mhmdiaa
Agenda
● Problem?
● Current Situation
● Target: Ellingson Mineral Corporation
● Introducing BountyMachine
● Lessons Learned
● Conclusion
3
![Page 4: on Steroids Bug Bounty Hunting - ROOTCON® Media Server 12/Talks/Bug Bounty...Learning from the dev side of the tech world @anshuman_bh @_devalias @mhmdiaa Scaling & Reliability Vertical](https://reader033.vdocuments.us/reader033/viewer/2022052502/609dbe5ff4aaf73eb265fb5b/html5/thumbnails/4.jpg)
@anshuman_bh @_devalias @mhmdiaa
Problem?
● Not all hacking is fun. A lot of manual repetitive work.
● Building everything from scratch is a bad idea..
● How do we scale across thousands of targets?
● Things change all the time, we need continuous monitoring
4
![Page 5: on Steroids Bug Bounty Hunting - ROOTCON® Media Server 12/Talks/Bug Bounty...Learning from the dev side of the tech world @anshuman_bh @_devalias @mhmdiaa Scaling & Reliability Vertical](https://reader033.vdocuments.us/reader033/viewer/2022052502/609dbe5ff4aaf73eb265fb5b/html5/thumbnails/5.jpg)
@anshuman_bh @_devalias @mhmdiaa
Current Situation
5
![Page 6: on Steroids Bug Bounty Hunting - ROOTCON® Media Server 12/Talks/Bug Bounty...Learning from the dev side of the tech world @anshuman_bh @_devalias @mhmdiaa Scaling & Reliability Vertical](https://reader033.vdocuments.us/reader033/viewer/2022052502/609dbe5ff4aaf73eb265fb5b/html5/thumbnails/6.jpg)
@anshuman_bh @_devalias @mhmdiaa
Redundancy Between Tools
Not invented here / anti unix philosophy is
prevalent
![Page 7: on Steroids Bug Bounty Hunting - ROOTCON® Media Server 12/Talks/Bug Bounty...Learning from the dev side of the tech world @anshuman_bh @_devalias @mhmdiaa Scaling & Reliability Vertical](https://reader033.vdocuments.us/reader033/viewer/2022052502/609dbe5ff4aaf73eb265fb5b/html5/thumbnails/7.jpg)
@anshuman_bh @_devalias @mhmdiaa
An unmaintained tool is born
7
https://xkcd.com/927/
ToolA released: does a few things
ToolB released: handles some missing bits, but fails in other areas
Maintainers (often a single point of failure) move on to something new..
Back to square one!
![Page 8: on Steroids Bug Bounty Hunting - ROOTCON® Media Server 12/Talks/Bug Bounty...Learning from the dev side of the tech world @anshuman_bh @_devalias @mhmdiaa Scaling & Reliability Vertical](https://reader033.vdocuments.us/reader033/viewer/2022052502/609dbe5ff4aaf73eb265fb5b/html5/thumbnails/8.jpg)
@anshuman_bh @_devalias @mhmdiaa 8
You can’t build everything from scratch
shouldn’t
![Page 9: on Steroids Bug Bounty Hunting - ROOTCON® Media Server 12/Talks/Bug Bounty...Learning from the dev side of the tech world @anshuman_bh @_devalias @mhmdiaa Scaling & Reliability Vertical](https://reader033.vdocuments.us/reader033/viewer/2022052502/609dbe5ff4aaf73eb265fb5b/html5/thumbnails/9.jpg)
@anshuman_bh @_devalias @mhmdiaa
Lack of Reliable Tool Comparisons
You don’t know the right tool for the job unless
you try all of them.. and there are a lot...
![Page 10: on Steroids Bug Bounty Hunting - ROOTCON® Media Server 12/Talks/Bug Bounty...Learning from the dev side of the tech world @anshuman_bh @_devalias @mhmdiaa Scaling & Reliability Vertical](https://reader033.vdocuments.us/reader033/viewer/2022052502/609dbe5ff4aaf73eb265fb5b/html5/thumbnails/10.jpg)
@anshuman_bh @_devalias @mhmdiaa
The situation is improving!
The Bug Hunter’s Methodology by Jason Haddix (@jhaddix)
https://github.com/jhaddix/tbhm
Thanks, Jason! You’re awesome \m/
10
![Page 11: on Steroids Bug Bounty Hunting - ROOTCON® Media Server 12/Talks/Bug Bounty...Learning from the dev side of the tech world @anshuman_bh @_devalias @mhmdiaa Scaling & Reliability Vertical](https://reader033.vdocuments.us/reader033/viewer/2022052502/609dbe5ff4aaf73eb265fb5b/html5/thumbnails/11.jpg)
@anshuman_bh @_devalias @mhmdiaa 11
![Page 12: on Steroids Bug Bounty Hunting - ROOTCON® Media Server 12/Talks/Bug Bounty...Learning from the dev side of the tech world @anshuman_bh @_devalias @mhmdiaa Scaling & Reliability Vertical](https://reader033.vdocuments.us/reader033/viewer/2022052502/609dbe5ff4aaf73eb265fb5b/html5/thumbnails/12.jpg)
@anshuman_bh @_devalias @mhmdiaa
Poor Interoperability
Many tools just don’t play nicely with each other
![Page 13: on Steroids Bug Bounty Hunting - ROOTCON® Media Server 12/Talks/Bug Bounty...Learning from the dev side of the tech world @anshuman_bh @_devalias @mhmdiaa Scaling & Reliability Vertical](https://reader033.vdocuments.us/reader033/viewer/2022052502/609dbe5ff4aaf73eb265fb5b/html5/thumbnails/13.jpg)
@anshuman_bh @_devalias @mhmdiaa
● JSON-based recon tool data output standard
● Increase interoperability between tools
● Enable a unix-philosophy recon tooling digital utopia!
Join the discussion:
https://github.com/ReconJSON/ReconJSON
ReconJSON
13
![Page 14: on Steroids Bug Bounty Hunting - ROOTCON® Media Server 12/Talks/Bug Bounty...Learning from the dev side of the tech world @anshuman_bh @_devalias @mhmdiaa Scaling & Reliability Vertical](https://reader033.vdocuments.us/reader033/viewer/2022052502/609dbe5ff4aaf73eb265fb5b/html5/thumbnails/14.jpg)
@anshuman_bh @_devalias @mhmdiaa
Scaling & Reliability
Learning from the dev side of the tech world
![Page 15: on Steroids Bug Bounty Hunting - ROOTCON® Media Server 12/Talks/Bug Bounty...Learning from the dev side of the tech world @anshuman_bh @_devalias @mhmdiaa Scaling & Reliability Vertical](https://reader033.vdocuments.us/reader033/viewer/2022052502/609dbe5ff4aaf73eb265fb5b/html5/thumbnails/15.jpg)
@anshuman_bh @_devalias @mhmdiaa
Scaling & Reliability
● Vertical scaling○ More server, more money, more problems
● Horizontal scaling○ Flexible, fault tolerant, cheaper
● Learn from the tech giants○ Great architectures and tools to leverage
15
![Page 16: on Steroids Bug Bounty Hunting - ROOTCON® Media Server 12/Talks/Bug Bounty...Learning from the dev side of the tech world @anshuman_bh @_devalias @mhmdiaa Scaling & Reliability Vertical](https://reader033.vdocuments.us/reader033/viewer/2022052502/609dbe5ff4aaf73eb265fb5b/html5/thumbnails/16.jpg)
@anshuman_bh @_devalias @mhmdiaa
Practical Research Environment
There are tons of assets that you can hack legally
![Page 17: on Steroids Bug Bounty Hunting - ROOTCON® Media Server 12/Talks/Bug Bounty...Learning from the dev side of the tech world @anshuman_bh @_devalias @mhmdiaa Scaling & Reliability Vertical](https://reader033.vdocuments.us/reader033/viewer/2022052502/609dbe5ff4aaf73eb265fb5b/html5/thumbnails/17.jpg)
@anshuman_bh @_devalias @mhmdiaa
I just want to hack things...
Wouldn’t it be nice to have:
● An organized database with all the assets that are legal to hack
○ Stick to the scope
● A supporting platform that collects data about these assets
○ Fast feedback loop
● A way to easily explore the asset data
○ Locate targets and #HackAllTheThings™
17
![Page 18: on Steroids Bug Bounty Hunting - ROOTCON® Media Server 12/Talks/Bug Bounty...Learning from the dev side of the tech world @anshuman_bh @_devalias @mhmdiaa Scaling & Reliability Vertical](https://reader033.vdocuments.us/reader033/viewer/2022052502/609dbe5ff4aaf73eb265fb5b/html5/thumbnails/18.jpg)
@anshuman_bh @_devalias @mhmdiaa
It’s all about identifying assets
What you don’t know about, you can’t protect
![Page 19: on Steroids Bug Bounty Hunting - ROOTCON® Media Server 12/Talks/Bug Bounty...Learning from the dev side of the tech world @anshuman_bh @_devalias @mhmdiaa Scaling & Reliability Vertical](https://reader033.vdocuments.us/reader033/viewer/2022052502/609dbe5ff4aaf73eb265fb5b/html5/thumbnails/19.jpg)
@anshuman_bh @_devalias @mhmdiaa
Unmaintained assets cause breaches
19
https://snyk.io/blog/owasp-top-10-breaches
![Page 20: on Steroids Bug Bounty Hunting - ROOTCON® Media Server 12/Talks/Bug Bounty...Learning from the dev side of the tech world @anshuman_bh @_devalias @mhmdiaa Scaling & Reliability Vertical](https://reader033.vdocuments.us/reader033/viewer/2022052502/609dbe5ff4aaf73eb265fb5b/html5/thumbnails/20.jpg)
@anshuman_bh @_devalias @mhmdiaa
Unmaintained assets cause breaches
A9-Using Components with Known Vulnerabilities
12/50 breaches 24%
A5-Security Misconfiguration 10/50 breaches 20%
20
![Page 21: on Steroids Bug Bounty Hunting - ROOTCON® Media Server 12/Talks/Bug Bounty...Learning from the dev side of the tech world @anshuman_bh @_devalias @mhmdiaa Scaling & Reliability Vertical](https://reader033.vdocuments.us/reader033/viewer/2022052502/609dbe5ff4aaf73eb265fb5b/html5/thumbnails/21.jpg)
@anshuman_bh @_devalias @mhmdiaa
Real-time inventory of target assets
Ephemeral assets, they said.
It will be fine, they said.
![Page 22: on Steroids Bug Bounty Hunting - ROOTCON® Media Server 12/Talks/Bug Bounty...Learning from the dev side of the tech world @anshuman_bh @_devalias @mhmdiaa Scaling & Reliability Vertical](https://reader033.vdocuments.us/reader033/viewer/2022052502/609dbe5ff4aaf73eb265fb5b/html5/thumbnails/22.jpg)
@anshuman_bh @_devalias @mhmdiaa
Attack surface is always evolving
Code changes
Bugs/regressions
New code
Backups
New assets
Hosts
Cloud services
Subdomains
22
![Page 23: on Steroids Bug Bounty Hunting - ROOTCON® Media Server 12/Talks/Bug Bounty...Learning from the dev side of the tech world @anshuman_bh @_devalias @mhmdiaa Scaling & Reliability Vertical](https://reader033.vdocuments.us/reader033/viewer/2022052502/609dbe5ff4aaf73eb265fb5b/html5/thumbnails/23.jpg)
@anshuman_bh @_devalias @mhmdiaa
Target
23
![Page 24: on Steroids Bug Bounty Hunting - ROOTCON® Media Server 12/Talks/Bug Bounty...Learning from the dev side of the tech world @anshuman_bh @_devalias @mhmdiaa Scaling & Reliability Vertical](https://reader033.vdocuments.us/reader033/viewer/2022052502/609dbe5ff4aaf73eb265fb5b/html5/thumbnails/24.jpg)
@anshuman_bh @_devalias @mhmdiaa 24
![Page 25: on Steroids Bug Bounty Hunting - ROOTCON® Media Server 12/Talks/Bug Bounty...Learning from the dev side of the tech world @anshuman_bh @_devalias @mhmdiaa Scaling & Reliability Vertical](https://reader033.vdocuments.us/reader033/viewer/2022052502/609dbe5ff4aaf73eb265fb5b/html5/thumbnails/25.jpg)
@anshuman_bh @_devalias @mhmdiaa
What we know...
25
![Page 26: on Steroids Bug Bounty Hunting - ROOTCON® Media Server 12/Talks/Bug Bounty...Learning from the dev side of the tech world @anshuman_bh @_devalias @mhmdiaa Scaling & Reliability Vertical](https://reader033.vdocuments.us/reader033/viewer/2022052502/609dbe5ff4aaf73eb265fb5b/html5/thumbnails/26.jpg)
@anshuman_bh @_devalias @mhmdiaa 26
Let’s start the demo...
![Page 27: on Steroids Bug Bounty Hunting - ROOTCON® Media Server 12/Talks/Bug Bounty...Learning from the dev side of the tech world @anshuman_bh @_devalias @mhmdiaa Scaling & Reliability Vertical](https://reader033.vdocuments.us/reader033/viewer/2022052502/609dbe5ff4aaf73eb265fb5b/html5/thumbnails/27.jpg)
@anshuman_bh @_devalias @mhmdiaa
Introducing BountyMachine
27
![Page 28: on Steroids Bug Bounty Hunting - ROOTCON® Media Server 12/Talks/Bug Bounty...Learning from the dev side of the tech world @anshuman_bh @_devalias @mhmdiaa Scaling & Reliability Vertical](https://reader033.vdocuments.us/reader033/viewer/2022052502/609dbe5ff4aaf73eb265fb5b/html5/thumbnails/28.jpg)
@anshuman_bh @_devalias @mhmdiaa 28
Technologies
![Page 32: on Steroids Bug Bounty Hunting - ROOTCON® Media Server 12/Talks/Bug Bounty...Learning from the dev side of the tech world @anshuman_bh @_devalias @mhmdiaa Scaling & Reliability Vertical](https://reader033.vdocuments.us/reader033/viewer/2022052502/609dbe5ff4aaf73eb265fb5b/html5/thumbnails/32.jpg)
@anshuman_bh @_devalias @mhmdiaa
Argo
32
https://argoproj.github.io/argo
![Page 33: on Steroids Bug Bounty Hunting - ROOTCON® Media Server 12/Talks/Bug Bounty...Learning from the dev side of the tech world @anshuman_bh @_devalias @mhmdiaa Scaling & Reliability Vertical](https://reader033.vdocuments.us/reader033/viewer/2022052502/609dbe5ff4aaf73eb265fb5b/html5/thumbnails/33.jpg)
@anshuman_bh @_devalias @mhmdiaa
Architecture
33
![Page 34: on Steroids Bug Bounty Hunting - ROOTCON® Media Server 12/Talks/Bug Bounty...Learning from the dev side of the tech world @anshuman_bh @_devalias @mhmdiaa Scaling & Reliability Vertical](https://reader033.vdocuments.us/reader033/viewer/2022052502/609dbe5ff4aaf73eb265fb5b/html5/thumbnails/34.jpg)
@anshuman_bh @_devalias @mhmdiaa
It starts with a target
34
![Page 35: on Steroids Bug Bounty Hunting - ROOTCON® Media Server 12/Talks/Bug Bounty...Learning from the dev side of the tech world @anshuman_bh @_devalias @mhmdiaa Scaling & Reliability Vertical](https://reader033.vdocuments.us/reader033/viewer/2022052502/609dbe5ff4aaf73eb265fb5b/html5/thumbnails/35.jpg)
@anshuman_bh @_devalias @mhmdiaa
Everything is managed by queues
35
![Page 36: on Steroids Bug Bounty Hunting - ROOTCON® Media Server 12/Talks/Bug Bounty...Learning from the dev side of the tech world @anshuman_bh @_devalias @mhmdiaa Scaling & Reliability Vertical](https://reader033.vdocuments.us/reader033/viewer/2022052502/609dbe5ff4aaf73eb265fb5b/html5/thumbnails/36.jpg)
@anshuman_bh @_devalias @mhmdiaa
The output of a workflow can be passed to another
36
![Page 37: on Steroids Bug Bounty Hunting - ROOTCON® Media Server 12/Talks/Bug Bounty...Learning from the dev side of the tech world @anshuman_bh @_devalias @mhmdiaa Scaling & Reliability Vertical](https://reader033.vdocuments.us/reader033/viewer/2022052502/609dbe5ff4aaf73eb265fb5b/html5/thumbnails/37.jpg)
@anshuman_bh @_devalias @mhmdiaa
New results are identified by a diff worker
37
![Page 38: on Steroids Bug Bounty Hunting - ROOTCON® Media Server 12/Talks/Bug Bounty...Learning from the dev side of the tech world @anshuman_bh @_devalias @mhmdiaa Scaling & Reliability Vertical](https://reader033.vdocuments.us/reader033/viewer/2022052502/609dbe5ff4aaf73eb265fb5b/html5/thumbnails/38.jpg)
@anshuman_bh @_devalias @mhmdiaa
Notifications only include new results
38
![Page 39: on Steroids Bug Bounty Hunting - ROOTCON® Media Server 12/Talks/Bug Bounty...Learning from the dev side of the tech world @anshuman_bh @_devalias @mhmdiaa Scaling & Reliability Vertical](https://reader033.vdocuments.us/reader033/viewer/2022052502/609dbe5ff4aaf73eb265fb5b/html5/thumbnails/39.jpg)
@anshuman_bh @_devalias @mhmdiaa
The monitoring worker re-checks things as scheduled
39
![Page 40: on Steroids Bug Bounty Hunting - ROOTCON® Media Server 12/Talks/Bug Bounty...Learning from the dev side of the tech world @anshuman_bh @_devalias @mhmdiaa Scaling & Reliability Vertical](https://reader033.vdocuments.us/reader033/viewer/2022052502/609dbe5ff4aaf73eb265fb5b/html5/thumbnails/40.jpg)
@anshuman_bh @_devalias @mhmdiaa 40
To sum up...
![Page 41: on Steroids Bug Bounty Hunting - ROOTCON® Media Server 12/Talks/Bug Bounty...Learning from the dev side of the tech world @anshuman_bh @_devalias @mhmdiaa Scaling & Reliability Vertical](https://reader033.vdocuments.us/reader033/viewer/2022052502/609dbe5ff4aaf73eb265fb5b/html5/thumbnails/41.jpg)
@anshuman_bh @_devalias @mhmdiaa 41
Lessons Learned
![Page 42: on Steroids Bug Bounty Hunting - ROOTCON® Media Server 12/Talks/Bug Bounty...Learning from the dev side of the tech world @anshuman_bh @_devalias @mhmdiaa Scaling & Reliability Vertical](https://reader033.vdocuments.us/reader033/viewer/2022052502/609dbe5ff4aaf73eb265fb5b/html5/thumbnails/42.jpg)
@anshuman_bh @_devalias @mhmdiaa
Geographic Limitations
42
![Page 43: on Steroids Bug Bounty Hunting - ROOTCON® Media Server 12/Talks/Bug Bounty...Learning from the dev side of the tech world @anshuman_bh @_devalias @mhmdiaa Scaling & Reliability Vertical](https://reader033.vdocuments.us/reader033/viewer/2022052502/609dbe5ff4aaf73eb265fb5b/html5/thumbnails/43.jpg)
@anshuman_bh @_devalias @mhmdiaa
World Domination Headquarters
43
GMT+2GMT-7
GMT+10
![Page 44: on Steroids Bug Bounty Hunting - ROOTCON® Media Server 12/Talks/Bug Bounty...Learning from the dev side of the tech world @anshuman_bh @_devalias @mhmdiaa Scaling & Reliability Vertical](https://reader033.vdocuments.us/reader033/viewer/2022052502/609dbe5ff4aaf73eb265fb5b/html5/thumbnails/44.jpg)
@anshuman_bh @_devalias @mhmdiaa
Communication
44
![Page 45: on Steroids Bug Bounty Hunting - ROOTCON® Media Server 12/Talks/Bug Bounty...Learning from the dev side of the tech world @anshuman_bh @_devalias @mhmdiaa Scaling & Reliability Vertical](https://reader033.vdocuments.us/reader033/viewer/2022052502/609dbe5ff4aaf73eb265fb5b/html5/thumbnails/45.jpg)
@anshuman_bh @_devalias @mhmdiaa
Dealing with conflicts
45
● Check your ego
● Communicate openly, honestly and thoroughly!
● Stay open to new suggestions
● Delegate responsibilities
● Be flexible
● Code/data trumps assumptions
![Page 46: on Steroids Bug Bounty Hunting - ROOTCON® Media Server 12/Talks/Bug Bounty...Learning from the dev side of the tech world @anshuman_bh @_devalias @mhmdiaa Scaling & Reliability Vertical](https://reader033.vdocuments.us/reader033/viewer/2022052502/609dbe5ff4aaf73eb265fb5b/html5/thumbnails/46.jpg)
@anshuman_bh @_devalias @mhmdiaa
Technology
46
![Page 47: on Steroids Bug Bounty Hunting - ROOTCON® Media Server 12/Talks/Bug Bounty...Learning from the dev side of the tech world @anshuman_bh @_devalias @mhmdiaa Scaling & Reliability Vertical](https://reader033.vdocuments.us/reader033/viewer/2022052502/609dbe5ff4aaf73eb265fb5b/html5/thumbnails/47.jpg)
@anshuman_bh @_devalias @mhmdiaa
Technology
47
● Keep an open mind
● Explore what is out there
● Dig deep, understand how the underlying tech works
● Sometimes what you want doesn’t quite exist yet.. and that’s ok
● ‘Simple’ problems sometimes take a while to solve well
![Page 48: on Steroids Bug Bounty Hunting - ROOTCON® Media Server 12/Talks/Bug Bounty...Learning from the dev side of the tech world @anshuman_bh @_devalias @mhmdiaa Scaling & Reliability Vertical](https://reader033.vdocuments.us/reader033/viewer/2022052502/609dbe5ff4aaf73eb265fb5b/html5/thumbnails/48.jpg)
@anshuman_bh @_devalias @mhmdiaa
MVP? JIT!
48
![Page 49: on Steroids Bug Bounty Hunting - ROOTCON® Media Server 12/Talks/Bug Bounty...Learning from the dev side of the tech world @anshuman_bh @_devalias @mhmdiaa Scaling & Reliability Vertical](https://reader033.vdocuments.us/reader033/viewer/2022052502/609dbe5ff4aaf73eb265fb5b/html5/thumbnails/49.jpg)
@anshuman_bh @_devalias @mhmdiaa
MVP? JIT!
49
● Plan at the macro level
● Handle intricate details Just In Time (JIT)
● Backlog anything not needed now
● Move fast and (hopefully don’t) break (too many) things
● Done is better than perfect
![Page 50: on Steroids Bug Bounty Hunting - ROOTCON® Media Server 12/Talks/Bug Bounty...Learning from the dev side of the tech world @anshuman_bh @_devalias @mhmdiaa Scaling & Reliability Vertical](https://reader033.vdocuments.us/reader033/viewer/2022052502/609dbe5ff4aaf73eb265fb5b/html5/thumbnails/50.jpg)
@anshuman_bh @_devalias @mhmdiaa
About that demo...
Remember Ellingson Mineral Corp?
50
![Page 51: on Steroids Bug Bounty Hunting - ROOTCON® Media Server 12/Talks/Bug Bounty...Learning from the dev side of the tech world @anshuman_bh @_devalias @mhmdiaa Scaling & Reliability Vertical](https://reader033.vdocuments.us/reader033/viewer/2022052502/609dbe5ff4aaf73eb265fb5b/html5/thumbnails/51.jpg)
@anshuman_bh @_devalias @mhmdiaa
We started with...
51
![Page 52: on Steroids Bug Bounty Hunting - ROOTCON® Media Server 12/Talks/Bug Bounty...Learning from the dev side of the tech world @anshuman_bh @_devalias @mhmdiaa Scaling & Reliability Vertical](https://reader033.vdocuments.us/reader033/viewer/2022052502/609dbe5ff4aaf73eb265fb5b/html5/thumbnails/52.jpg)
@anshuman_bh @_devalias @mhmdiaa
BountyMachine’s Bounty
52
![Page 53: on Steroids Bug Bounty Hunting - ROOTCON® Media Server 12/Talks/Bug Bounty...Learning from the dev side of the tech world @anshuman_bh @_devalias @mhmdiaa Scaling & Reliability Vertical](https://reader033.vdocuments.us/reader033/viewer/2022052502/609dbe5ff4aaf73eb265fb5b/html5/thumbnails/53.jpg)
@anshuman_bh @_devalias @mhmdiaa
GitHub
53
![Page 54: on Steroids Bug Bounty Hunting - ROOTCON® Media Server 12/Talks/Bug Bounty...Learning from the dev side of the tech world @anshuman_bh @_devalias @mhmdiaa Scaling & Reliability Vertical](https://reader033.vdocuments.us/reader033/viewer/2022052502/609dbe5ff4aaf73eb265fb5b/html5/thumbnails/54.jpg)
@anshuman_bh @_devalias @mhmdiaa
S3
54
![Page 55: on Steroids Bug Bounty Hunting - ROOTCON® Media Server 12/Talks/Bug Bounty...Learning from the dev side of the tech world @anshuman_bh @_devalias @mhmdiaa Scaling & Reliability Vertical](https://reader033.vdocuments.us/reader033/viewer/2022052502/609dbe5ff4aaf73eb265fb5b/html5/thumbnails/55.jpg)
@anshuman_bh @_devalias @mhmdiaa
DNS
55
![Page 56: on Steroids Bug Bounty Hunting - ROOTCON® Media Server 12/Talks/Bug Bounty...Learning from the dev side of the tech world @anshuman_bh @_devalias @mhmdiaa Scaling & Reliability Vertical](https://reader033.vdocuments.us/reader033/viewer/2022052502/609dbe5ff4aaf73eb265fb5b/html5/thumbnails/56.jpg)
@anshuman_bh @_devalias @mhmdiaa
www.ellingsoncorp.com
56
![Page 57: on Steroids Bug Bounty Hunting - ROOTCON® Media Server 12/Talks/Bug Bounty...Learning from the dev side of the tech world @anshuman_bh @_devalias @mhmdiaa Scaling & Reliability Vertical](https://reader033.vdocuments.us/reader033/viewer/2022052502/609dbe5ff4aaf73eb265fb5b/html5/thumbnails/57.jpg)
@anshuman_bh @_devalias @mhmdiaa
press.ellingsoncorp.com
57
![Page 58: on Steroids Bug Bounty Hunting - ROOTCON® Media Server 12/Talks/Bug Bounty...Learning from the dev side of the tech world @anshuman_bh @_devalias @mhmdiaa Scaling & Reliability Vertical](https://reader033.vdocuments.us/reader033/viewer/2022052502/609dbe5ff4aaf73eb265fb5b/html5/thumbnails/58.jpg)
@anshuman_bh @_devalias @mhmdiaa
support.ellingsoncorp.com
58
![Page 59: on Steroids Bug Bounty Hunting - ROOTCON® Media Server 12/Talks/Bug Bounty...Learning from the dev side of the tech world @anshuman_bh @_devalias @mhmdiaa Scaling & Reliability Vertical](https://reader033.vdocuments.us/reader033/viewer/2022052502/609dbe5ff4aaf73eb265fb5b/html5/thumbnails/59.jpg)
@anshuman_bh @_devalias @mhmdiaa
blog.ellingsoncorp.com
59
![Page 60: on Steroids Bug Bounty Hunting - ROOTCON® Media Server 12/Talks/Bug Bounty...Learning from the dev side of the tech world @anshuman_bh @_devalias @mhmdiaa Scaling & Reliability Vertical](https://reader033.vdocuments.us/reader033/viewer/2022052502/609dbe5ff4aaf73eb265fb5b/html5/thumbnails/60.jpg)
@anshuman_bh @_devalias @mhmdiaa
help.ellingsoncorp.com
60
![Page 61: on Steroids Bug Bounty Hunting - ROOTCON® Media Server 12/Talks/Bug Bounty...Learning from the dev side of the tech world @anshuman_bh @_devalias @mhmdiaa Scaling & Reliability Vertical](https://reader033.vdocuments.us/reader033/viewer/2022052502/609dbe5ff4aaf73eb265fb5b/html5/thumbnails/61.jpg)
@anshuman_bh @_devalias @mhmdiaa
gibson.ellingsoncorp.com
61
![Page 62: on Steroids Bug Bounty Hunting - ROOTCON® Media Server 12/Talks/Bug Bounty...Learning from the dev side of the tech world @anshuman_bh @_devalias @mhmdiaa Scaling & Reliability Vertical](https://reader033.vdocuments.us/reader033/viewer/2022052502/609dbe5ff4aaf73eb265fb5b/html5/thumbnails/62.jpg)
@anshuman_bh @_devalias @mhmdiaa
Conclusion
62
![Page 63: on Steroids Bug Bounty Hunting - ROOTCON® Media Server 12/Talks/Bug Bounty...Learning from the dev side of the tech world @anshuman_bh @_devalias @mhmdiaa Scaling & Reliability Vertical](https://reader033.vdocuments.us/reader033/viewer/2022052502/609dbe5ff4aaf73eb265fb5b/html5/thumbnails/63.jpg)
@anshuman_bh @_devalias @mhmdiaa
Conclusion
63
● We can’t automate everything, but there is a lot we can
● Less wasted time means more fun hacks!
● Explore new tech, don’t be afraid to innovate
● Keep tooling simple and consumable (unix philosophy)
● Improve existing tools, don’t reinvent the wheel!
● Check your ego, collaborate, learn, share, and keep an open mind
![Page 64: on Steroids Bug Bounty Hunting - ROOTCON® Media Server 12/Talks/Bug Bounty...Learning from the dev side of the tech world @anshuman_bh @_devalias @mhmdiaa Scaling & Reliability Vertical](https://reader033.vdocuments.us/reader033/viewer/2022052502/609dbe5ff4aaf73eb265fb5b/html5/thumbnails/64.jpg)
@anshuman_bh @_devalias @mhmdiaa
Special Thanks
Thanks to the people who write open source tools.
Those who understand that “Sharing is Caring”.
For in the end, “None of us is good as all of us.”
64
![Page 65: on Steroids Bug Bounty Hunting - ROOTCON® Media Server 12/Talks/Bug Bounty...Learning from the dev side of the tech world @anshuman_bh @_devalias @mhmdiaa Scaling & Reliability Vertical](https://reader033.vdocuments.us/reader033/viewer/2022052502/609dbe5ff4aaf73eb265fb5b/html5/thumbnails/65.jpg)
@anshuman_bh @_devalias @mhmdiaa 65
Thanks!Any questions? Reach out to us!
@anshuman_bh @_devalias @mhmdiaa