SlideShare a Scribd company logo

Bug Bounty For Beginners

M
MehediHasanRemon

Beginner-friendly guide with latest resources

Education
1 of 14
Download to read offline
BUG BOUNTY FOR BEGINNERS CTFCOMMUNITYOFBANGLADESH PRESENTEDBYREMONSEC In the name of Allah
WHO AM I CSE STUDENT S.K Borhanuddin Post Graduate College BUG BOUNTY HUNTER @remonsec 21 YEARS OLD Dhaka, Jatrabari MEHEDI HASAN REMON Not Good With Computers
FLAGHUNT2020 CTF COMMUNITY OF BANGLADESH WHAT IS BUG BOUNTY Identification and reporting of bugs and vulns in a responsible way //1337 ALL DEPENDS ON INTEREST AND HARDWORK NOT ON DEGREE AGE BRANCH COLLEGE
1337 FLAGHUNT2020 WHAT TO STUDY Study Smart Work Hard 1. Internet, HTTP, TCP/IP 2. Networking 3. Command line 4. Linux 5. Web Technologies 6. Atleast 1 prog language (Python/GoLang/etc..)
1337 FLAGHUNT2020 CHOOSE YOUR PATH Learn all Basics, Master in One Topic 1. Web Pentesting 2. Mobile Pentesting 3. Desktop Apps
1337 FLAGHUNT2020 RESOURCES Dont relay on them 1. Web Hacking 101 2. Web Application Hacker Handbook 2 3. OWASP Testing Guide 4. Mobile Application Hacker Handbook BOOKS Use them as reference
1337 FLAGHUNT2020 RESOURCES Dont relay on them 1. STOK 2. NahamSec 3. Insider PHD 4. Hakluke 5. Codingo 6. TheHackerish 7. Bug Bounty Reports Explained YOUTUBE CHANNELS Dont just watch also try
1337 FLAGHUNT2020 RESOURCES Dont relay on them 1. Medium Infosec Writeups 2. HackerOne public report 3. PentesterLand 4. 0xPatrik 5. Intigriti Bug Byte 6. GitHub Bug Bounty Repo WRITEUPS, ARTICLES, BLOGS Turn reading into your daily habit
1337 FLAGHUNT2020 RESOURCES Dont relay on them 1. TryHackMe 2. PentesterLab 3. WebSecAcademy PRACTICE Just learn how it works from LAB then make hands dirty with your Target
1337 FLAGHUNT2020 START! Enough practice now shoot with real gun 1. HackerOne 2. BugCrowd 3. Intigriti 4. AntiHack 5. YesWeHack SELECT A PLATFORM BBP VDP RDP
1337 FLAGHUNT2020 START! Enough practice now shoot with real gun 1. Choose wisely (first not for bounty) 2. Select a bug for hunt 3. Deep Research 4. Not straightforward always TIPS FOR SELECT PROGRAM Keep on trying
1337 FLAGHUNT2020 REPORT Write like you own the company 1. Create a Descriptive report 2. Follow Responsible Disclosure 3. Create POC and step to reproduce
1337 FLAGHUNT2020 WORDS OF WISDOM Words are more powerful then bullet PATIENCE IS THE KEY, takes years to master, don't fall for overnight success Do not expect someone will spoon feed you everything. Confidence Not always for bounty Learn a Lot Won't find at the beginning, don't lose hope Stay focused Depend on yourself Stay updated with infosec world
1337 FLAGHUNT2020 THE END Allah Hafiz

Recommended

Burp Suite Starter
Burp Suite StarterBurp Suite Starter
Burp Suite Starter
Fadi Abdulwahab
 
Bug bounty recon.pdf
Bug bounty recon.pdfBug bounty recon.pdf
Bug bounty recon.pdf
EusebiuDanielBlindu
 
Api security-testing
Api security-testingApi security-testing
Api security-testing
n|u - The Open Security Community
 
Pentesting ReST API
Pentesting ReST APIPentesting ReST API
Pentesting ReST API
Nutan Kumar Panda
 
HTTP Request Smuggling via higher HTTP versions
HTTP Request Smuggling via higher HTTP versionsHTTP Request Smuggling via higher HTTP versions
HTTP Request Smuggling via higher HTTP versions
neexemil
 
Bug bounty
Bug bountyBug bounty
Bug bounty
n|u - The Open Security Community
 
97244898-Turbo-Assembler-Version-5-Users-Guide.pdf
97244898-Turbo-Assembler-Version-5-Users-Guide.pdf97244898-Turbo-Assembler-Version-5-Users-Guide.pdf
97244898-Turbo-Assembler-Version-5-Users-Guide.pdf
kalelboss
 
Click it - Webová analytika chytře s Google Analytics - workshop 23. 4. 2015
Click it - Webová analytika chytře s Google Analytics - workshop 23. 4. 2015Click it - Webová analytika chytře s Google Analytics - workshop 23. 4. 2015
Click it - Webová analytika chytře s Google Analytics - workshop 23. 4. 2015
Sun Marketing
 

Recommended

Burp Suite Starter
Burp Suite StarterBurp Suite Starter
Burp Suite Starter
Fadi Abdulwahab
 
Bug bounty recon.pdf
Bug bounty recon.pdfBug bounty recon.pdf
Bug bounty recon.pdf
EusebiuDanielBlindu
 
Api security-testing
Api security-testingApi security-testing
Api security-testing
n|u - The Open Security Community
 
Pentesting ReST API
Pentesting ReST APIPentesting ReST API
Pentesting ReST API
Nutan Kumar Panda
 
HTTP Request Smuggling via higher HTTP versions
HTTP Request Smuggling via higher HTTP versionsHTTP Request Smuggling via higher HTTP versions
HTTP Request Smuggling via higher HTTP versions
neexemil
 
Bug bounty
Bug bountyBug bounty
Bug bounty
n|u - The Open Security Community
 
97244898-Turbo-Assembler-Version-5-Users-Guide.pdf
97244898-Turbo-Assembler-Version-5-Users-Guide.pdf97244898-Turbo-Assembler-Version-5-Users-Guide.pdf
97244898-Turbo-Assembler-Version-5-Users-Guide.pdf
kalelboss
 
Click it - Webová analytika chytře s Google Analytics - workshop 23. 4. 2015
Click it - Webová analytika chytře s Google Analytics - workshop 23. 4. 2015Click it - Webová analytika chytře s Google Analytics - workshop 23. 4. 2015
Click it - Webová analytika chytře s Google Analytics - workshop 23. 4. 2015
Sun Marketing
 
Exploring the Portable Executable format
Exploring the Portable Executable formatExploring the Portable Executable format
Exploring the Portable Executable format
Ange Albertini
 
Bug Bounty 101
Bug Bounty 101Bug Bounty 101
Bug Bounty 101
Shahee Mirza
 
Bug Bounty for - Beginners
Bug Bounty for - BeginnersBug Bounty for - Beginners
Bug Bounty for - Beginners
Himanshu Kumar Das
 
Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)
Amit Tyagi
 
Bug Bounty Basics
Bug Bounty BasicsBug Bounty Basics
Bug Bounty Basics
HackerOne
 
Pentesting Using Burp Suite
Pentesting Using Burp SuitePentesting Using Burp Suite
Pentesting Using Burp Suite
jasonhaddix
 
Ethical hacking with Python tools
Ethical hacking with Python toolsEthical hacking with Python tools
Ethical hacking with Python tools
Jose Manuel Ortega Candel
 
powershell-is-dead-epic-learnings-london
powershell-is-dead-epic-learnings-londonpowershell-is-dead-epic-learnings-london
powershell-is-dead-epic-learnings-london
nettitude_labs
 
Metasploit For Beginners
Metasploit For BeginnersMetasploit For Beginners
Metasploit For Beginners
Ramnath Shenoy
 
Google Dorks
Google DorksGoogle Dorks
Google Dorks
Adhoura Academy
 
Ettercap
EttercapEttercap
Ettercap
Prem Thakkar
 
Introduction to Chatbots
Introduction to ChatbotsIntroduction to Chatbots
Introduction to Chatbots
Daden Limited
 
Introduction to MERN Stack
Introduction to MERN StackIntroduction to MERN Stack
Introduction to MERN Stack
Surya937648
 
Burp suite
Burp suiteBurp suite
Burp suite
SOURABH DESHMUKH
 
Web Development
Web DevelopmentWeb Development
Web Development
Lena Petsenchuk
 
The innerHTML Apocalypse
The innerHTML ApocalypseThe innerHTML Apocalypse
The innerHTML Apocalypse
Mario Heiderich
 
Dive in burpsuite
Dive in burpsuiteDive in burpsuite
Dive in burpsuite
Nadim Kadiwala
 
Burp Suite v1.1 Introduction
Burp Suite v1.1 IntroductionBurp Suite v1.1 Introduction
Burp Suite v1.1 Introduction
Ashraf Bashir
 
Looking at how Scratch and Python compare
Looking at how Scratch and Python compareLooking at how Scratch and Python compare
Looking at how Scratch and Python compare
Emily de la Pena
 
Ekoparty 2017 - The Bug Hunter's Methodology
Ekoparty 2017 - The Bug Hunter's MethodologyEkoparty 2017 - The Bug Hunter's Methodology
Ekoparty 2017 - The Bug Hunter's Methodology
bugcrowd
 
A Technical Driven Seminar
A Technical Driven SeminarA Technical Driven Seminar
A Technical Driven Seminar
Deepak Chawla
 
TxJS 2011
TxJS 2011TxJS 2011
TxJS 2011
Brian LeRoux
 

More Related Content

What's hot

The innerHTML Apocalypse
The innerHTML ApocalypseThe innerHTML Apocalypse
The innerHTML Apocalypse
Mario Heiderich
 

What's hot (20)

Exploring the Portable Executable format
Exploring the Portable Executable formatExploring the Portable Executable format
Exploring the Portable Executable format
 
Bug Bounty 101
Bug Bounty 101Bug Bounty 101
Bug Bounty 101
 
Bug Bounty for - Beginners
Bug Bounty for - BeginnersBug Bounty for - Beginners
Bug Bounty for - Beginners
 
Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)
 
Bug Bounty Basics
Bug Bounty BasicsBug Bounty Basics
Bug Bounty Basics
 
Pentesting Using Burp Suite
Pentesting Using Burp SuitePentesting Using Burp Suite
Pentesting Using Burp Suite
 
Ethical hacking with Python tools
Ethical hacking with Python toolsEthical hacking with Python tools
Ethical hacking with Python tools
 
powershell-is-dead-epic-learnings-london
powershell-is-dead-epic-learnings-londonpowershell-is-dead-epic-learnings-london
powershell-is-dead-epic-learnings-london
 
Metasploit For Beginners
Metasploit For BeginnersMetasploit For Beginners
Metasploit For Beginners
 
Google Dorks
Google DorksGoogle Dorks
Google Dorks
 
Ettercap
EttercapEttercap
Ettercap
 
Introduction to Chatbots
Introduction to ChatbotsIntroduction to Chatbots
Introduction to Chatbots
 
Introduction to MERN Stack
Introduction to MERN StackIntroduction to MERN Stack
Introduction to MERN Stack
 
Burp suite
Burp suiteBurp suite
Burp suite
 
Web Development
Web DevelopmentWeb Development
Web Development
 
The innerHTML Apocalypse
The innerHTML ApocalypseThe innerHTML Apocalypse
The innerHTML Apocalypse
 
Dive in burpsuite
Dive in burpsuiteDive in burpsuite
Dive in burpsuite
 
Burp Suite v1.1 Introduction
Burp Suite v1.1 IntroductionBurp Suite v1.1 Introduction
Burp Suite v1.1 Introduction
 
Looking at how Scratch and Python compare
Looking at how Scratch and Python compareLooking at how Scratch and Python compare
Looking at how Scratch and Python compare
 
Ekoparty 2017 - The Bug Hunter's Methodology
Ekoparty 2017 - The Bug Hunter's MethodologyEkoparty 2017 - The Bug Hunter's Methodology
Ekoparty 2017 - The Bug Hunter's Methodology
 

Similar to Bug Bounty For Beginners

iPads and SMART Boards - Making the Most of Both
iPads and SMART Boards - Making the Most of BothiPads and SMART Boards - Making the Most of Both
iPads and SMART Boards - Making the Most of Both
karlaholt
 
Linux Commands, C, C++, Java and Python Exercises For Beginners
Linux Commands, C, C++, Java and Python Exercises For BeginnersLinux Commands, C, C++, Java and Python Exercises For Beginners
Linux Commands, C, C++, Java and Python Exercises For Beginners
Manjunath.R -
 
Cf objective2014 software-craftsmanship
Cf objective2014 software-craftsmanshipCf objective2014 software-craftsmanship
Cf objective2014 software-craftsmanship
ColdFusionConference
 
C, C++, Java, Python, PHP, JavaScript and Linux For Beginners
C, C++, Java, Python, PHP, JavaScript and Linux For BeginnersC, C++, Java, Python, PHP, JavaScript and Linux For Beginners
C, C++, Java, Python, PHP, JavaScript and Linux For Beginners
Manjunath.R -
 

Similar to Bug Bounty For Beginners (20)

A Technical Driven Seminar
A Technical Driven SeminarA Technical Driven Seminar
A Technical Driven Seminar
 
TxJS 2011
TxJS 2011TxJS 2011
TxJS 2011
 
iPads and SMART Boards - Making the Most of Both
iPads and SMART Boards - Making the Most of BothiPads and SMART Boards - Making the Most of Both
iPads and SMART Boards - Making the Most of Both
 
Advice for Computer Science freshers!
Advice for Computer Science freshers!Advice for Computer Science freshers!
Advice for Computer Science freshers!
 
How to start developing iOS apps
How to start developing iOS appsHow to start developing iOS apps
How to start developing iOS apps
 
10 tips to save you time and frustration while programming
10 tips to save you time and frustration while programming10 tips to save you time and frustration while programming
10 tips to save you time and frustration while programming
 
Is Python still production ready ? Ludovic Gasc
Is Python still production ready ? Ludovic GascIs Python still production ready ? Ludovic Gasc
Is Python still production ready ? Ludovic Gasc
 
Getting started with python
Getting started with pythonGetting started with python
Getting started with python
 
Strategie di testing: Spring Boot loves Kotlin
Strategie di testing: Spring Boot loves KotlinStrategie di testing: Spring Boot loves Kotlin
Strategie di testing: Spring Boot loves Kotlin
 
Dev Nexus 2017 - TDD with React - Josh Quintana & Tom Gamble
Dev Nexus 2017 - TDD with React - Josh Quintana & Tom GambleDev Nexus 2017 - TDD with React - Josh Quintana & Tom Gamble
Dev Nexus 2017 - TDD with React - Josh Quintana & Tom Gamble
 
Unleashing the power of Unit Testing - Franck Ninsabira.pdf
Unleashing the power of Unit Testing - Franck Ninsabira.pdfUnleashing the power of Unit Testing - Franck Ninsabira.pdf
Unleashing the power of Unit Testing - Franck Ninsabira.pdf
 
python training.docx
python training.docxpython training.docx
python training.docx
 
Linux Commands, C, C++, Java and Python Exercises For Beginners
Linux Commands, C, C++, Java and Python Exercises For BeginnersLinux Commands, C, C++, Java and Python Exercises For Beginners
Linux Commands, C, C++, Java and Python Exercises For Beginners
 
Cf objective2014 software-craftsmanship
Cf objective2014 software-craftsmanshipCf objective2014 software-craftsmanship
Cf objective2014 software-craftsmanship
 
Cf objective2014 software-craftsmanship
Cf objective2014 software-craftsmanshipCf objective2014 software-craftsmanship
Cf objective2014 software-craftsmanship
 
Chat GPT english Tutorial.pdf
Chat GPT english Tutorial.pdfChat GPT english Tutorial.pdf
Chat GPT english Tutorial.pdf
 
C, C++, Java, Python, PHP, JavaScript and Linux For Beginners
C, C++, Java, Python, PHP, JavaScript and Linux For BeginnersC, C++, Java, Python, PHP, JavaScript and Linux For Beginners
C, C++, Java, Python, PHP, JavaScript and Linux For Beginners
 
Javascript Clean Code
Javascript Clean CodeJavascript Clean Code
Javascript Clean Code
 
Testing as a Chat
Testing as a Chat Testing as a Chat
Testing as a Chat
 
Workshop: Prototyping and User testing
Workshop: Prototyping and User testingWorkshop: Prototyping and User testing
Workshop: Prototyping and User testing
 

Recently uploaded

Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
ZurliaSoop
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
heathfieldcps1
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
ciinovamais
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
QucHHunhnh
 

Recently uploaded (20)

Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptx
 
Towards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptxTowards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptx
 
FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024
 
Graduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - EnglishGraduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - English
 
Python Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxPython Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docx
 
Dyslexia AI Workshop for Slideshare.pptx
Dyslexia AI Workshop for Slideshare.pptxDyslexia AI Workshop for Slideshare.pptx
Dyslexia AI Workshop for Slideshare.pptx
 
Unit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptxUnit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptx
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptxSKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The Basics
 
Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.ppt
 
Spatium Project Simulation student brief
Spatium Project Simulation student briefSpatium Project Simulation student brief
Spatium Project Simulation student brief
 
Single or Multiple melodic lines structure
Single or Multiple melodic lines structureSingle or Multiple melodic lines structure
Single or Multiple melodic lines structure
 
Google Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptxGoogle Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptx
 
How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
 

Bug Bounty For Beginners