DEF CON Forum Site Header Art

Announcement

Collapse
No announcement yet.

Bug bounty Hunting Workshop by Philippe Delteil at DEF CON 29

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Bug bounty Hunting Workshop by Philippe Delteil at DEF CON 29

    Bug bounty Hunting Workshop
    Philippe Delteil


    Abstract

    Bug bounty hunting is (probably) the most hype topic in the hacking subworld, some people read amazing stories of how a 18 years old won 1 million dollars only doing legal hacking. Many hit a wall when they realize that after two months they only won points, thanks or cheap swag. Where's the money?, they ask. What should I learn and how? How many books should I read? How many minutes of Youtube tutorials? What if I lose some weight? [always recommended] How can I be the next bug bounty millionare?

    In this workshop I will show you a path to be a bug bounty hunter, from my experience starting by chance and from scratch. I will teach you how to use the tools I use everyday to find bugs, but most importantly how to see bug bounty hunting as a complex business process .

    What to know before
    • Basic idea of bugs (and bounty hunting)
    • Basic Linux commands (sed, awk, grep)
    • Shell scripting basics
    • Have some practice doing recon

    What you will learn
    • How bug bounty programs/platforms work
    • What tools hunters use and how do they work
    • How to hunt for bugs (hopefully for profit)
    • Automatization of your hunting process
    How technical is the class
    • 30% theory and concepts
    • 70% Installing, configuring and using tools to find bugs. Send some reports if we are lucky.
    • What tools are we going to use
    • Scanners/automated tools: nuclei, axiom, bbrf, dalfox, Burp.
    Recon tools: (subfinder, amass, assetfinder, waybackurls, httpx and more)

    What to read/watch in advance
    Books
    • The Web Application Hacker's Handbook, 2nd Edition
    • Hands-On Bug Hunting for Penetration Testers (Joseph E. Marshall)
    • Web Hacking 101 (Peter Yaworski)
    VideosTrainer Bio(s):
    Philippe Delteil is Computer Science Engineer from the University of Chile, he gave his first talk at Defcon 26 Skytalks, called "Macabre stories of a hacker in the public health sector", his country's government sent 3 officials to record the talk, they did. He's been reporting bugs for a year. He's an annoying github issue opener of some opensource tools like axiom, nuclei, dalfox and bbrf; also makes small contributions to 'Can I take Over XYZ?'

    Rene Silva is an electrical engineer and part-time bug bounty hunter. He’s been a hacker for 2 years and bug hunter for only a year. He likes CTFs, web hacking and reverse engineering.
    Last edited by Dark Tangent; 6 days ago. Reason: Removed outline, it might change before the workshop
    PGP key: dtangent@defcon.org valid 2020 Jan 15, to 2024 Jan 01 Fingerprint: BC5B CD9A C609 1B6B CD81 9636 D7C6 E96C FE66 156A
Working...
X