Overview
Discover the essentials of bug bounty hunting in this 36-minute conference talk from DefCamp 2021. Learn about the differences between regular jobs and bug bounty hunting, explore effective strategies for defining scope, and gain insights into research techniques. Delve into subdomain searching, autoscoping, and the use of tools like Nmap and Axiom. Understand the process of running scans, analyzing results, and creating proof of concepts. Get valuable tips on reporting findings, scoring, and essential tooling for successful bug bounty hunting. Perfect for beginners looking to enter the field of cybersecurity and information security.
Syllabus
Intro
Who am I
Why bug bounty hunting
Regular job vs bug bounty
My stats
My recycling
Defining scope
Research
Time
Scope
Overview
How to get started
My scope
Subdomain search
Autoscope
Nmap
Hashtags
Wrong incomplete
Resetting
Axiom
Search for Axiom
What is Axiom
How it works
Benefits
File
Nuclear
How to run
How powerful is it
Running a scan
Results
Proof of concept
Reporting
Score
Tooling
Other tools
QA
Taught by
DefCamp