Hacking on Bug Bounties for Five Years

Explore the world of bug bounty hunting in this 46-minute talk by an experienced hacker. Gain insights into the evolution of skills, reporting techniques, and payouts over five years of submitting vulnerabilities to companies across various industries. Discover step-by-step explanations of favorite bug discoveries, debunk the myth of a secret formula for success, and learn valuable lessons for replicating achievements in bug bounty programs. Delve into topics such as writing high-quality reports, focusing on effective techniques, and leveraging multiple steps to achieve victories. Understand the importance of expanding scope, targeting country-specific assets, and utilizing debug endpoints. Gain knowledge about third-party platforms, dangling IP subdomain takeovers, and the systemic problem of Insecure Direct Object References (IDORs). Learn about the significance of reconnaissance and automation in bug hunting. Whether you're a beginner or an experienced hacker, this presentation offers valuable insights to enhance your bug bounty hunting skills and success rate.

Intro
Working at Hungry Jacks
PayPal's Bug Bounty
The First Critical Bug (SSRF)
My Background
How I got started
My First Unrated bug
Before You Start Hunting
Writing High Quality Reports
Getting Into Bounties
Exposed HAProxy Statistics ($500)
Open Administration Interface owned by Scompany (Ansible Tower) ($500)
Trying To Be Cheeky
Low Risk Bugs
N/A Bugs
Full Time vs Part Time
Focus on Techniques
Multiple Steps To Victory
Second Order Takeovers
Expanding The Scope
Targeting Country Specific Assets
Dirty box...
Testing Scripts
Debug Endpoints
Transport.Co Dox'd
Third Party Platforms
Dangling IP Subdomain Takeover
Defining Recon
Performing Recon
IDORS: A Systemic Problem
Automation
Retrospective
Further Reading