2021-09-03, 15:00–18:00, Workshops
Bug bounty hunting is (probably) the most hype topic in the hacking subworld, some people read amazing stories of how a 18 years old won 1 million dollars only doing legal hacking. Many hit a wall when they realize that after two months they only won points, thanks or cheap swag. Where's the money?, they ask. What should I learn and how? How many books should I read? How many minutes of Youtube tutorials? What if I lose some weight? [always recommended] How can I be the next bug bounty millionare?
In this workshop I will show you a path to be a bug bounty hunter, from my experience starting by chance and from scratch. I will teach you how to use the tools I use everyday to find bugs, but most importantly how to see bug bounty hunting as a complex business process .
What to know before
Basic idea of bugs (and bounty hunting)
Basic Linux commands (sed, awk, grep)
Shell scripting basics
Have some practice doing recon
What you will learn
How bug bounty programs/platforms work
What tools hunters use and how do they work
How to hunt for bugs (hopefully for profit)
Automatization of your hunting process
How technical is the class
30% theory and concepts
70% Installing, configuring and using tools to find bugs. Send some reports if we are lucky.
What tools are we going to use
Scanners/automated tools: nuclei, axiom, bbrf, dalfox, Burp.
Recon tools (subfinder, amass, assetfinder, waybackurls, httpx and more)
What to read/watch in advance
Books
The Web Application Hacker's Handbook, 2nd Edition
Hands-On Bug Hunting for Penetration Testers (Joseph E. Marshall)
Web Hacking 101 (Peter Yaworski)
Videos
Live Recon and Distributed Recon Automation Using Axiom with @pry0cc (https://bit.ly/3gPsonz)
The Bug Hunter's Methodology Full 2-hour Training by Jason Haddix (https://bit.ly/2PzHUsr)
Finding Your First Bug: Choosing Your Target by InsiderPhD (https://bit.ly/3uiF3n7)
HOW TO GET STARTED IN BUG BOUNTY (9x PRO TIPS) by STÖK (https://bit.ly/3u81U4m)
This workshop is 80% technical, 10% theoretical and 10% motivational
Map road for a successful workshop:
VM configs, checking, last minute difficulties, defeating Murphy's Law. (15 mins)
Introduction (20 mins)
Bugs
What is bug bounty hunting?
How did I start
Bugs I've found
How did I find bugs
Rewards I have received
Programs
Types of programs
Finding new programs
Finding and reporting bugs outside programs
Platforms
HackerOne, BugCrowd, Intigriti
The truth about OpenBugBounty
Are triagers also people?
Automated vs manual scanning
What's better?
Should I use one or both?
Tools of the trade (3 hours)
Recon
How much recon do I need?
Let's test some tools: amass, subfinder, assetfinder
BBRF
Installation
Usage, store your first program
Maintenance tasks/scripts
Continuous recon
Nuclei
How to use it
What are templates?
Creating your own template
Dalfox
Installation and usage
Scanning the world for XSS
Payload gathering
Axiom (distributed BBH)
Installation
Examples of use
Scaling your game
Burp Suite
Installation
Community vs Professional edition
How to perform simple tasks
Setting the scope
Repeater
Intruder
How to find bugs using Burp
Live, passive and active scans
Pump your Burp with plugins
xssValidator (XSS)
Logger++ (Debug)
Authorize (IDORs)
Collaborator Everywhere
Upload Scanner
Reporting (15 mins)
Writing decent reports
Automated reports
My fav reporting tool: StackEdit
Learning and become a millionaire (10 mins)
My favourite sources of info
Reports (Telegram, Twitter)
#bugbountytips
Intigriti emails
Where to train
h1 CTF
Pentester labs
HTB
Philippe Delteil is Computer Science Engineer from the University of Chile, he gave his first talk at Defcon 26 Skytalks, called "Macabre stories of a hacker in the public health sector", his country's government sent 3 officials to record the talk, they did. He's been reporting bugs for a year. He's an annoying github issue opener of some opensource tools like axiom, nuclei, dalfox and bbrf; also makes small contributions to 'Can I take Over XYZ?'