Bug Hunter Handbook
  • Introduction
  • Getting Started in InfoSec and Bug Bounties.
  • Presentations
  • Checklists / Guides
  • Useful Twitter Threads
  • List of Vulnerabilities
    • Recon and OSINT
      • Recon
      • Sensitive information using Github
      • Subdomain Enumeration
        • Resolvers
      • Javascript Enumeration
      • After Recon
      • Finding Information Using Public Resources
      • OSINT
      • Cloud
      • Wayback
      • Parameter / Content Discovery
      • Broken Link Highjacking
    • Host Header
    • Injection
      • Other Injection
    • DNS Rebinding
    • Cross Site Scripting (XSS)
      • Weaponizing XSS
      • WAF Bypass
    • Cross Origin Resource Sharing (CORS)
    • Local / Remote File Inclusion (LFI / RFI)
    • Server Side Request Forgery (SSRF)
    • Remote Code Execution (RCE)
    • XML Entity Injecton (XXE)
    • Price Manipulation
    • Directory / Path Traversal
    • Cross Site Request Forgery (CSRF)
      • JSON CSRF
    • Password Reset
    • Login Page Issues
    • Deserialization Attacks
    • File Upload
    • Account Takeover
    • Insecure Direct Object References (IDOR)
    • Open Redirect
    • Business Logic Flaws
    • Rate Limit Bypass / 2FA / OTP Bypass
    • Ruby on Rails
      • Mass Assginment
    • S3 Bucket
    • Race Condition
    • CRLF
    • SSTI
    • Prototype Pollution
  • Approach
  • API Security
  • Mobile Security
  • Fuzzing / Wordlists
  • BugBounty Short Write-ups
  • Burp Suite Tips and Tricks
  • HackerOne Reports
  • Response Manipulation
  • Client Vs Server Side Vulnerabilities
  • DevSecOps
  • Containers
    • Docker
    • Kubernetes
    • Containers
  • AWS
  • Azure
  • Others
    • Code Review
    • Web Sockets
    • Web Cache
    • HTTP Desync Attacks
    • Zone Transfer
    • CSP Bypass
    • Payment Bypasses
    • Http Parameter Pollution
    • Postmessage
    • Others
    • GraphQL
    • Unix / Linux
    • Email Related
    • Dependency confusion
    • Nginx Misconfigs
    • JIRA
    • OAUTH
  • Chaining of Bugs
  • Bug Bounty Automation
  • Mindmaps
  • Oneliner Collections
  • Red Teaming
  • Blue Teamining
  • Recon One Liners
  • Misc
  • Wordpress
  • Fuzzing / FuFF
  • OWASP ZAP
  • Bug List
  • Setting up burp collaborator
  • Admin Panel PwN
  • Credential Stuffing / Dump / HaveibeenPwned?
  • Tools Required
  • Nuclei Template
  • Other BugBounty Repos / Tips
  • Interview
  • Threat Modelling
  • AppSec
Powered by GitBook
On this page

Was this helpful?

Presentations

This Page contains various presentations delivered at various conferences.

Topic

Link

BUG BOUNTY FUNSHOP

Bug Hunting Methodology

It is little things - Nahamsec

Recon-1

All in one Recon

Automation for Bughunters

Passivish Recon

Automating Application Security Bug Hunting

BugBounty automation

Automating Web Application Bug Hunting (Jerry Gamblin • Jonathan Cran)

Work Smarter, Not Harder

Automating-the-recon-process

Scrutiny on the bug bounty

Bug Bounties With Bash

ekoparty-2017-the-bug-hunters-methodology

  • BugBounty Methodology by Jason Haddix

    Version 1

    Version 2.0

    Version 2.1

    Version 3

    Version 4

    Version 4 Recon

    TBHM Video

VirSecCon Slides:

https://docs.google.com/presentation/d/1Xfxr_zzwzczu0aKpxgYG8MzcT8zFlAmf7U_2C73NR1M/edit#slide=id.p16

https://tomnomnom.com/talks/bug-bounties-with-bash-virsec.pdf

https://docs.google.com/presentation/d/1DAQ47VjIaQZ88Ly00eGPQupq79hAF9AAZstV7OVCY_8/edit

https://docs.google.com/presentation/d/1f7yHnskJIl3O9GoZ4u_PHAnISRVaKoDb4V0CMRtNVRI/edit#slide=id.phttps://github.com/erbbysam/virseccon2020_presentation/blob/master/Trials,%20Tribulations%20&%20VHost%20Misconfigurations.pdf

https://www.ethicalhacker.net/wp-content/uploads/columns/editor/virseccon2020/Donzal-VirSecCon-2020-IoT-Hacking-Basics.pdf

https://docs.google.com/presentation/d/1-Qt4X5MNpDZSnbb1EWtKt7D26Plo--PL_nfMZKphY7w/edit#slide=id.p1

https://docs.google.com/presentation/d/e/2PACX-1vQXFAlzQctBpdeclp-rMCkflh-sNeVezktNqlwOoRMQxdAWNNlRsBUtlVHIIPDqu3hazL_UxDhShhEW/pub?slide=id.g742e3e7cd_1_16

Nahamcon:

PreviousGetting Started in InfoSec and Bug Bounties.NextChecklists / Guides

Last updated 6 months ago

Was this helpful?

​

https://docs.google.com/presentation/d/1cpcxEBEb0dyXwRqSWQ6bknJS-PQO_e242Dioy9SU2Io/edit#slide=id.g4715c86259_0_583
https://blog.usejournal.com/bug-hunting-methodology-part-1-91295b2d2066
https://docs.google.com/presentation/d/1xgvEScGZ_ukNY0rmfKz1JN0sn-CgZY_rTp2B_SZvijk/edit#slide=id.g4052c4692d_0_1786
https://bugbountytuts.files.wordpress.com/2019/01/dirty-recon-1.pdf
https://drive.google.com/file/d/1uBTra6_jwhLnZALJVp9hmHaty2pBBUH2/view
https://speakerdeck.com/mhmdiaa/automation-for-bug-hunters?slide=9
https://tomnomnom.com/talks/passiveish.pdf
https://static.sched.com/hosted_files/bsidessf2019/65/Automating%20Application%20Security%20Bug%20Hunting.pdf
https://2018.zeronights.ru/wp-content/uploads/materials/4%20ZN2018%20WV%20-%20BugBounty%20automation.pdf
https://www.youtube.com/watch?v=12gtkYbMGd4
https://vavkamil.cz/wp-content/uploads/2019/05/ctjb_2019_bugbounty.pdf
https://null.community/event_sessions/2618-automating-the-recon-process
https://docs.google.com/presentation/d/1PCnjzCeklOeGMoWiE2IUzlRGOBxNp8K5hLQuvBNzrFY/edit#slide=id.p
https://tomnomnom.com/talks/bash-bug-bounty.pdf
https://www.slideshare.net/bugcrowd/ekoparty-2017-the-bug-hunters-methodology
https://github.com/jhaddix/tbhm/blob/master/How%20Do%20I%20shot%20Web-.pdf
https://docs.google.com/presentation/d/1p8QiqbGndcEx1gm4_d3ne2fqeTqCTurTC77Lxe82zLY/edit#slide=id.p
https://nullcon.net/website/archives/pdf/goa-2018/jason-tbhm2.pdf
https://docs.google.com/presentation/d/1R-3eqlt31sL7_rj2f1_vGEqqb7hcx4vxX_L7E23lJVo/edit#slide=id.p
https://drive.google.com/file/d/1aG_qqRvNW-s5_8vvPk5rJiMSMeNL2uY9/view
https://docs.google.com/presentation/d/1MWWXXRvvesWL8V-GiwGssvg4iDM58_RMeI_SZ65VXwQ/edit#slide=id.g89b65a088d_5_88
https://www.youtube.com/watch?v=gIz_yn0Uvb8