Scribd
Upload
625 views29 pages

Starting Your Bug Hunting Career Now

This document provides an overview of starting a career in bug hunting. It introduces bug bounty programs and crowdsourced security platforms like Bugcrowd that connect organizations to security researchers. The speaker is described as an application security engineer at Bugcrowd. Various bug hunting methodologies are discussed, along with resources for practicing skills and example issues like cross-site scripting and SQL injection that researchers can look for. The presentation encourages attendees to get involved in bug hunting now.

Uploaded by

tmpspace
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
625 views29 pages

Starting Your Bug Hunting Career Now

This document provides an overview of starting a career in bug hunting. It introduces bug bounty programs and crowdsourced security platforms like Bugcrowd that connect organizations to security researchers. The speaker is described as an application security engineer at Bugcrowd. Various bug hunting methodologies are discussed, along with resources for practicing skills and example issues like cross-site scripting and SQL injection that researchers can look for. The presentation encourages attendees to get involved in bug hunting now.

Uploaded by

tmpspace
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 29

STARTING YOUR BUG HUNTING

CAREER NOW

by Jay Turla
AGENDA
• Whoami

• What is a Bug Bounty or Bug Hunting?

• Some Companies with Bug Bounty Programs

• Bugcrowd Introduction and VRT

• Bug Hunter Methodology

• Sample Issues

• DEMO

2 2/25/17
WHOAMI
• Jay Turla a.k.a The Jetman

• Application Security Engineer @Bugcrowd

• Metasploit Contributor: Host Header Injection Detection, BisonWare BisonFTP Server Buffer
Overflow, Zemra Botnet CnC Web Panel Remote Code Execution, etc.

• Twitter : @shipcod3

• ROOTCON Goon

• Former Senior Security Consultant at HP Fortify on Demand

3 2/24/17
BOUNTY HUNTING?

4 2/24/17
WHAT IS A BUG BOUNTY? 

(THINK OF IT AS A COMPETITION)

Independent security 
 Vulnerabilities
 Rewards are



researchers from all 
 are found and
 exchanged for reporting

over the world are 
 reported vulnerabilities in

recruited company applications

5 2/24/17
SOME COMPANIES THAT HAVE BUG BOUNTY PROGRAMS <3

6 2/24/17


Crowdsourced security 

platforms like Bugcrowd 

connects organizations to 

a curated crowd of tens of 

thousands of researchers 

from around the world to 

identify vulnerabilities in their 

applications, devices, 

and code—before the 

bad guys do. 


Hack now at https://bugcrowd.com/programs

7 2/24/17
IS THIS A NEW SCAM? WAIT WHAT?

8 2/24/17
SHOW ME THE MONEY

9 2/24/17
WHO IS THIS GUY?

10 2/24/17
YOU CAN BE A HERO

11 2/24/17
12 2/25/17
BUG TYPE AND PRIORITY


In 2016, a critical issue was reported


every...

13 HRS
13
EASY
SIGNUP


14 2/24/17
BUG HUNTER METHODOLOGIES

15 2/25/17
METHODOLOGY FOR BUG HUNTING 

JASON HADDIX


• https://github.com/jhaddix/tbhm

• Video & Slides

• https://bugcrowd.com/resources/how-to-shot-web-by-jason-haddix

16 2/25/17
METHODOLOGY FOR BUG HUNTING ON NEW BOUNTIES 

BRETT BUERHAUS 


• Review the scope

• Perform reconnaissance to find valid targets

• Scan against discovered targets to gather additional information

• Review all of the services and applications

• Fuzz for errors and to expose vulnerabilities

• Attack vulnerabilities to build proof-of-concepts

17 2/25/17
OTHER GOOD RESOURCES

• Awesome Hacking: https://github.com/Hack-with-Github/Awesome-Hacking

• The Web Application Hacker’s Handbook

• OWASP: https://www.owasp.org/index.php/Main_Page

• HPE Security Fortify Taxonomy: https://vulncat.hpefod.com/en

• DEF CON Archives: https://defcon.org/html/links/dc-archives.html

• ROOTCON Archives: https://www.rootcon.org/xml/archives/events

• SecLists Project: https://github.com/danielmiessler/SecLists

18
PRACTICING YOUR SKILLS

19 2/25/17
VIRTUAL MACHINES AND VULNERABLE WEB APPS
- EASY TO SETUP

• vulnhub.com - materials (mostly VMs you can play with) that allows anyone to gain practical 'hands-on'
experience in digital security, computer software & network administration.

• Damn Vulnerable Web Application - http://www.dvwa.co.uk/

• OWASP Mutillidae - https://www.owasp.org/index.php/OWASP_Mutillidae_2_Project

• bWAPP - http://www.itsecgames.com/

• OWASP Broken Web Applications Project - https://www.owasp.org/index.php/


OWASP_Broken_Web_Applications_Project

20
ONLINE PLAYGROUND
-NO NEED TO SET IT UP

• http://flaws.cloud/ - series of levels you'll learn about common mistakes and gotchas when using
Amazon Web Services (AWS)

• n00bs CTF Labs - http://ctf.infosecinstitute.com/index.php

• Google XSS Challenge- https://xss-game.appspot.com/

• Zero Web App - http://zero.webappsecurity.com/

• CTF365 - https://ctf365.com/

• Demo Testfire - http://demo.testfire.net/

21
SOME ISSUES YOU CAN REPORT
NOW

things to ponder about security issues that are easy


to spot

22 2/25/17
SESSION NOT INVALIDATED AFTER LOGOUT, PASSWORD RESET, PASSWORD CHANGE

23 2/25/17
TELNET ENABLED (CREDENTIALS REQUIRED)

24 2/25/17
MISCONFIGURED S3 BUCKETS

25 2/25/17
XSS (CROSS-SITE SCRIPTING)

26 2/25/17
SQL INJECTION

27 2/25/17
LET’S HAVE SOME DEMO

28 2/25/17
QUESTIONS?

29 2/25/17

You might also like