Bug bounty hunting Workshop
2021-09-03, 15:00–18:00, Workshops

Bug bounty hunting is (probably) the most hype topic in the hacking subworld, some people read amazing stories of how a 18 years old won 1 million dollars only doing legal hacking. Many hit a wall when they realize that after two months they only won points, thanks or cheap swag. Where's the money?, they ask. What should I learn and how? How many books should I read? How many minutes of Youtube tutorials? What if I lose some weight? [always recommended] How can I be the next bug bounty millionare?

In this workshop I will show you a path to be a bug bounty hunter, from my experience starting by chance and from scratch. I will teach you how to use the tools I use everyday to find bugs, but most importantly how to see bug bounty hunting as a complex business process .

What to know before

    Basic idea of bugs (and bounty hunting)

    Basic Linux commands (sed, awk, grep)

    Shell scripting basics

    Have some practice doing recon

What you will learn

  How bug bounty programs/platforms work

  What tools hunters use and how do they work

  How to hunt for bugs (hopefully for profit)

  Automatization of your hunting process

How technical is the class

30% theory and concepts

70% Installing, configuring and using tools to find bugs. Send some reports if we are lucky.

What tools are we going to use

Scanners/automated tools: nuclei, axiom, bbrf, dalfox, Burp.

Recon tools (subfinder, amass, assetfinder, waybackurls, httpx and more)

What to read/watch in advance

Books

The Web Application Hacker's Handbook, 2nd Edition

Hands-On Bug Hunting for Penetration Testers (Joseph E. Marshall)

Web Hacking 101 (Peter Yaworski)

Videos
Live Recon and Distributed Recon Automation Using Axiom with @pry0cc (https://bit.ly/3gPsonz)

The Bug Hunter's Methodology Full 2-hour Training by Jason Haddix (https://bit.ly/2PzHUsr)

Finding Your First Bug: Choosing Your Target by InsiderPhD (https://bit.ly/3uiF3n7)

HOW TO GET STARTED IN BUG BOUNTY (9x PRO TIPS) by STÖK (https://bit.ly/3u81U4m)


This workshop is 80% technical, 10% theoretical and 10% motivational

Map road for a successful workshop:

VM configs, checking, last minute difficulties, defeating Murphy's Law. (15 mins)


Introduction (20 mins)

    Bugs

        What is bug bounty hunting?

        How did I start

        Bugs I've found

        How did I find bugs

        Rewards I have received

    Programs

        Types of programs

        Finding new programs

        Finding and reporting bugs outside programs

    Platforms

        HackerOne, BugCrowd, Intigriti

        The truth about OpenBugBounty

        Are triagers also people?


Automated vs manual scanning

    What's better?

    Should I use one or both?

    Tools of the trade (3 hours)

    Recon

         How much recon do I need?

         Let's test some tools: amass, subfinder, assetfinder

    BBRF

        Installation

        Usage, store your first program

        Maintenance tasks/scripts

        Continuous recon

    Nuclei

        How to use it

        What are templates?

        Creating your own template

    Dalfox

        Installation and usage

        Scanning the world for XSS

        Payload gathering

    Axiom (distributed BBH)

        Installation

        Examples of use

        Scaling your game

    Burp Suite

        Installation

        Community vs Professional edition

        How to perform simple tasks

            Setting the scope

            Repeater

            Intruder

        How to find bugs using Burp

        Live, passive and active scans

        Pump your Burp with plugins

            xssValidator (XSS)

            Logger++  (Debug)

            Authorize (IDORs)

            Collaborator Everywhere

            Upload Scanner

Reporting (15 mins)

    Writing decent reports

    Automated reports

    My fav reporting tool: StackEdit


Learning and become a millionaire (10 mins)

    My favourite sources of info

    Reports (Telegram, Twitter)

    #bugbountytips

    Intigriti emails

    Where to train

        h1 CTF

        Pentester labs

        HTB

Philippe Delteil is Computer Science Engineer from the University of Chile, he gave his first talk at Defcon 26 Skytalks, called "Macabre stories of a hacker in the public health sector", his country's government sent 3 officials to record the talk, they did. He's been reporting bugs for a year. He's an annoying github issue opener of some opensource tools like axiom, nuclei, dalfox and bbrf; also makes small contributions to 'Can I take Over XYZ?'