Catch Me If You Can - Ephemeral Vulnerabilities in Bug Bounties

Explore the concept of ephemeral vulnerabilities in bug bounty programs through this informative conference talk from 44CON 2018. Discover how the rapidly changing internet landscape, driven by cloud computing, creates brief windows of vulnerability in networks and applications. Learn about critical security flaws that exist only for short periods and how to identify and exploit them. Gain insights into continuous security assessment techniques, understand the root causes and impact of ephemeral vulnerabilities, and examine real-world examples from companies like Uber and Slack. Acquire knowledge on how to avoid these fleeting security risks and adapt to the shifting paradigm of cybersecurity in the modern digital era.

Intro
What Are Ephemeral Vulnerabilities?
Bug Bounties
Bounties Are Not Pen Tests
Getting Paid
Shifting To Continuous Security Assessment
Continuous Assessment
Root Causes of Ephemeral Vulnerabilities
Impact of Ephemeral Vulnerabilities
Evaluating AMPScript on Uber
Breaking Into "e-Commerce Company's" CI
Exposed Git Repository on Slack leading to Source Code and Secrets
Some More Examples
Avoiding Ephemeral Vulnerabilities