Overview
Learn how to successfully participate in Microsoft's Azure Bug Bounty program from Senior Security Software Engineer Michael Hendrickx in this 40-minute conference talk from NullCon 2017. Explore the Azure attack surface, understand the bounty timeline and payout structure, and examine real-world examples of vulnerabilities discovered in Azure services. Gain insights into the types of bugs that are in and out of scope, learn about rewards, and discover how to get started with bug hunting. Understand the rules of engagement and active bounty opportunities while getting an overview of Azure's incident response process.
Syllabus
Intro
Agenda
Azure Attack Surface
Azure Bug Bounty
Bounty Timeline
Double Bounty
Past Payouts
Azure Virtual Network Gateway
Redirect URL Bug
Crosssite Script Bug
HTTPS Bug
Authentication Bug
Domain Bug
Out Of Scope
Rewards
How To Start
Rules Of The Game
Active Bug Bounty
Recap
Azure Incident Response
Taught by
nullcon