Submit Search
Upload
Bug Bounty Hunter's Confession
•
0 likes
•
72 views
A
AMol NAik
Follow
Slides from nullcon 2013 first edition night talks
Read less
Read more
Software
Report
Share
Report
Share
1 of 23
Download now
Download to read offline
Recommended
Hackfest presentation.pptx
Hackfest presentation.pptx
Peter Yaworski
Common hacking practices
Common hacking practices
Marian Marinov
Crypto Night at CSUS - Bug Bounties
Crypto Night at CSUS - Bug Bounties
Behrouz Sadeghipour
Nbt con december-2014-slides
Nbt con december-2014-slides
Behrouz Sadeghipour
Make CSRF Again
Make CSRF Again
Netsparker
Bug bounty cash for hack
Bug bounty cash for hack
Atul Shedage
MI Social Media & Prevention: Getting Started
MI Social Media & Prevention: Getting Started
LaDonna Coy
Malicious url detection using machine learning
Malicious url detection using machine learning
Cysinfo Cyber Security Community
Recommended
Hackfest presentation.pptx
Hackfest presentation.pptx
Peter Yaworski
Common hacking practices
Common hacking practices
Marian Marinov
Crypto Night at CSUS - Bug Bounties
Crypto Night at CSUS - Bug Bounties
Behrouz Sadeghipour
Nbt con december-2014-slides
Nbt con december-2014-slides
Behrouz Sadeghipour
Make CSRF Again
Make CSRF Again
Netsparker
Bug bounty cash for hack
Bug bounty cash for hack
Atul Shedage
MI Social Media & Prevention: Getting Started
MI Social Media & Prevention: Getting Started
LaDonna Coy
Malicious url detection using machine learning
Malicious url detection using machine learning
Cysinfo Cyber Security Community
Malicious Url Detection Using Machine Learning
Malicious Url Detection Using Machine Learning
securityxploded
Clickfraud bot signatures2_wordy
Clickfraud bot signatures2_wordy
bkitts
Bug Bounty - Play For Money
Bug Bounty - Play For Money
Shubham Gupta
Bug Bounty 101
Bug Bounty 101
Shahee Mirza
7 Deadly WPDev Sins @ CodeStock
7 Deadly WPDev Sins @ CodeStock
Sam Basu
Discovery Is The New Cocaine - Going Beyond Engagement
Discovery Is The New Cocaine - Going Beyond Engagement
Ming
What is hacking
What is hacking
MuhammadUmer411
Uninstall searchpassage.com – searchpassage.com removal guide
Uninstall searchpassage.com – searchpassage.com removal guide
coseanonans
Internet security
Internet security
Nishant Pahad
Bug Bounty #Defconlucknow2016
Bug Bounty #Defconlucknow2016
Shubham Gupta
Utilizing social media to build your program
Utilizing social media to build your program
Sarah K Miller
Amazing hiring tech sourcing course 4 twitter and facebook the lokenbergs
Amazing hiring tech sourcing course 4 twitter and facebook the lokenbergs
Gordon Lokenberg
Travel 3.0
Travel 3.0
Laurel Papworth
Web Application Security And Getting Into Bug Bounties
Web Application Security And Getting Into Bug Bounties
kunwaratul hax0r
Content Marketing World Lunch & Learn (Andy and Tori)
Content Marketing World Lunch & Learn (Andy and Tori)
Orbit Media Studios
Louisian SHRM Social Media Information
Louisian SHRM Social Media Information
Zach Hubbell
Powerful sourcing tips
Powerful sourcing tips
Samirul Mallick✔️
Ethical hacking
Ethical hacking
Manish Mudhliyar
Diving Into Facebook And Twitter
Diving Into Facebook And Twitter
Paulette Bennett
Shameless Self Promotion: Social Media for Women Faculty
Shameless Self Promotion: Social Media for Women Faculty
Jillmz
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Delhi Whatsup 9873940964 Enjoy Unlimited Pleasure
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
shikhaohhpro
More Related Content
Similar to Bug Bounty Hunter's Confession
Malicious Url Detection Using Machine Learning
Malicious Url Detection Using Machine Learning
securityxploded
Clickfraud bot signatures2_wordy
Clickfraud bot signatures2_wordy
bkitts
Bug Bounty - Play For Money
Bug Bounty - Play For Money
Shubham Gupta
Bug Bounty 101
Bug Bounty 101
Shahee Mirza
7 Deadly WPDev Sins @ CodeStock
7 Deadly WPDev Sins @ CodeStock
Sam Basu
Discovery Is The New Cocaine - Going Beyond Engagement
Discovery Is The New Cocaine - Going Beyond Engagement
Ming
What is hacking
What is hacking
MuhammadUmer411
Uninstall searchpassage.com – searchpassage.com removal guide
Uninstall searchpassage.com – searchpassage.com removal guide
coseanonans
Internet security
Internet security
Nishant Pahad
Bug Bounty #Defconlucknow2016
Bug Bounty #Defconlucknow2016
Shubham Gupta
Utilizing social media to build your program
Utilizing social media to build your program
Sarah K Miller
Amazing hiring tech sourcing course 4 twitter and facebook the lokenbergs
Amazing hiring tech sourcing course 4 twitter and facebook the lokenbergs
Gordon Lokenberg
Travel 3.0
Travel 3.0
Laurel Papworth
Web Application Security And Getting Into Bug Bounties
Web Application Security And Getting Into Bug Bounties
kunwaratul hax0r
Content Marketing World Lunch & Learn (Andy and Tori)
Content Marketing World Lunch & Learn (Andy and Tori)
Orbit Media Studios
Louisian SHRM Social Media Information
Louisian SHRM Social Media Information
Zach Hubbell
Powerful sourcing tips
Powerful sourcing tips
Samirul Mallick✔️
Ethical hacking
Ethical hacking
Manish Mudhliyar
Diving Into Facebook And Twitter
Diving Into Facebook And Twitter
Paulette Bennett
Shameless Self Promotion: Social Media for Women Faculty
Shameless Self Promotion: Social Media for Women Faculty
Jillmz
Similar to Bug Bounty Hunter's Confession
(20)
Malicious Url Detection Using Machine Learning
Malicious Url Detection Using Machine Learning
Clickfraud bot signatures2_wordy
Clickfraud bot signatures2_wordy
Bug Bounty - Play For Money
Bug Bounty - Play For Money
Bug Bounty 101
Bug Bounty 101
7 Deadly WPDev Sins @ CodeStock
7 Deadly WPDev Sins @ CodeStock
Discovery Is The New Cocaine - Going Beyond Engagement
Discovery Is The New Cocaine - Going Beyond Engagement
What is hacking
What is hacking
Uninstall searchpassage.com – searchpassage.com removal guide
Uninstall searchpassage.com – searchpassage.com removal guide
Internet security
Internet security
Bug Bounty #Defconlucknow2016
Bug Bounty #Defconlucknow2016
Utilizing social media to build your program
Utilizing social media to build your program
Amazing hiring tech sourcing course 4 twitter and facebook the lokenbergs
Amazing hiring tech sourcing course 4 twitter and facebook the lokenbergs
Travel 3.0
Travel 3.0
Web Application Security And Getting Into Bug Bounties
Web Application Security And Getting Into Bug Bounties
Content Marketing World Lunch & Learn (Andy and Tori)
Content Marketing World Lunch & Learn (Andy and Tori)
Louisian SHRM Social Media Information
Louisian SHRM Social Media Information
Powerful sourcing tips
Powerful sourcing tips
Ethical hacking
Ethical hacking
Diving Into Facebook And Twitter
Diving Into Facebook And Twitter
Shameless Self Promotion: Social Media for Women Faculty
Shameless Self Promotion: Social Media for Women Faculty
Recently uploaded
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Delhi Whatsup 9873940964 Enjoy Unlimited Pleasure
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
shikhaohhpro
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
harshavardhanraghave
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
MyIntelliSource, Inc.
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial Goals
Jhone kinadey
Clustering techniques data mining book ....
Clustering techniques data mining book ....
ShaimaaMohamedGalal
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
ICS
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽❤️🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽❤️🧑🏻 89...
gurkirankumar98700
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with Precision
SolGuruz
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
9953056974 Low Rate Call Girls In Saket, Delhi NCR
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docx
ComplianceQuest1
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
kalichargn70th171
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
anilsa9823
Active Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdf
Cionsystems
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Steffen Staab
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
ABDERRAOUF MEHENNI
Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdf
Willy Marroquin (WillyDevNET)
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
Delhi Call girls
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
panagenda
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
ThousandEyes
Recently uploaded
(20)
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial Goals
Clustering techniques data mining book ....
Clustering techniques data mining book ....
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽❤️🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽❤️🧑🏻 89...
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with Precision
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docx
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
Active Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdf
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdf
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
Bug Bounty Hunter's Confession
1.
Bug Bounty Hunter's Confession
2.
About Me Web App
Guy Google, Facebook, Twitter Member of garage4hackers.com HackIM CTF Team member @amolnaik4
3.
Dream Hall of Fame
4.
Inspiration
5.
Plan I know XSS Payloads
available Target sub-domains, example codes
6.
Bug
7.
What was it
? XHR call No GET/POST payload Victim types XSS payload Self-XSSSelf-XSS
8.
Solution Use UI Redressing HTML5
Drag-Drop Thanks to @Lavakumar
9.
PoC
10.
What Next ?
11.
Clickjacking Source: Imperva.com
12.
Why Clickjacking ? No
one found it in Bounty program Easy to find & exploit – Look for iFramable Pages – And interesting Action HTML5 Drag-Drop
13.
Bugs Remove Google Books
14.
More... Remove Google Health,
Orkut
15.
And More... Facebook ClickJacking
16.
17.
CSRF Source: @johnwilander
18.
CSRF in Bounty
Programs Actions with NO CSRF Token – Simple Actions with CSRF Token – Remove token – Garbage token
19.
20.
Suggestions Participate in Bounty
program – To learn – To earn – Fame Not only XSS Use manual testing
21.
Resources Bounty Programs – List
of active bug bounty programs: – http://blog.bugcrowd.com/list-of-active-bug-bounty-programs/ Read the scope !! Tools – Firefox – Tamper Data – Live HTTP Headers – And many more ...
22.
And... Have a Dream
23.
Questions AMol NAik http://amolnaik4.blogspot.com @amolnaik4
Download now