Himanshu MehtaSenior Threat Analysis Engineer
✓ Security Intelligence Team @ Symantec
✓ Mentor @ NITI Aayog
✓ Bug Hunter | Penetration Tester | Security Researcher
✓ Speaker at National Cyber Security Conference, Hakon, Hack
In The Box & Hack In Paris
✓ Advisory Board Member @EC-Council & Convetit
✓ Program Committee Member of Dubai International
Conferences - Data Mining & Knowledge Management, and
Fuzzy Logic Systems
@LionHeartRoxx
Sachin Wagh
Threat Analysis Engineer
✓ Security Intelligence Team @ Symantec
✓ Speaker at HAKON, Infosecurity Europe and Hack In
Paris
✓ Bug Hunter | Penetration Tester | Security
Researcher
✓ Reviewer of “Hands-On Bug Bounty for Penetration
Testers” and “Burp Suite Cookbook”
@tiger_tigerboy
❑ Companies: Receive vulnerability reports from bug hunters.
❑ Vulnerability: A security flaw or weakness found in software or in an operating system (OS) that can lead to security concerns.
❑ Bug Hunters: Receive awards for valid submissions.
❖ Bounty: 10$ - 100,000$
❖ Swag: T-shirt, Hoodie, Mug etc.
❑ Open For Signup
➢ Hackerone
➢ Bugcrowd
➢ BountyFactory
➢ Bugbountyjp
➢ Intigriti
➢ Open Bug Bounty
➢ Yogosha
➢ P1 - Critical: Vulnerabilities that cause a privilege escalation from unprivileged to admin or allow for remote code execution, financial theft, etc.
➢ P2 - High: Vulnerabilities that affect the security of the software and impact the processes it supports.
➢ P3 - Medium: Vulnerabilities that affect multiple users and require little or no user interaction to trigger.
➢ P4 - Low: Vulnerabilities that affect singular users and require interaction or significant prerequisites to trigger (MitM) to trigger.
➢ P5 - Informational: Non-exploitable vulnerabilities in functionality. Vulnerabilities that are by design or are deemed acceptable business risk to the customer.
inurl:"bug bounty" and intext:"€" and inurl:/security
intext:bounty inurl:/security
intext:"Bug Bounty" and intext:"BTC" and intext:"reward“
intext:"Bug Bounty" and inurl:"/bounty" and intext:"reward“
https://www.virustotal.com/#/domain/google.com
https://searchdns.netcraft.com/
1. Create two account for testing. In my case [email protected] [email protected]
2. Now login with [email protected] in one browser. After login, open another browser and request for reset password for [email protected].
3. After entering email id and captcha, you will get the link for resetting password.
4. Just copy the link and paste into the first browser where you already login for [email protected] account.
E.g https://www.tesla.com/user/reset/98389498/1472248302/4ujwKW8mbcCottRZYCayKKRAjT_0LweAxjFRRMfz-1E
where 98389498 is userid.
5. Just increase it with 1 and it will discloses the email id of another user.
DLL Highjacking is a process by which malicious code is
injected into an application via a maliciousDLL with the
same name as a DLL used by the application.
Look for access denied, Require authentication error
GET http://www.example.com - 200
GET http://www.example.com/backlog/ - 404
GET http://www.example.com/admin/ - 401 hmm.. ok
GET http://www.example.com/admin/[bruteforce here now]
❑ Tools/OS
➢ Kali Linux OS
➢ Burp Suite
➢ Browser Plugins
❑ Methodologies
➢ OWASP Top 10
➢ SANS Top 25
➢ Google Hacking Database (GHDB)
❑ Web and browser
➢ Web Hacking 101 by Peter Yaworski.
➢ Breaking into Information Security: Learning the Ropes 101 by Andy Gill.
➢ The Web Application Hacker’s Handbook: Finding and Exploiting Security Flaws
by Dafydd Stuttard and Marcus Pinto.
➢ Tangled Web by Michal Zalewski.
➢ OWASP Testing Guide v4 by OWASP Breakers community.
❑ Mobile
➢ The Mobile Application Hacker's Handbook by Dominic Chell et al.
➢ iOS Application Security: The Definitive Guide for Hackers and Developers by David Thiel.
❑ Cryptography
➢ Crypto 101 by Laurens Van Houtven.
❑ IEEE Papers
➢ https://sci-hub.io/
➢ VulnHub
➢ Pentesterlab
➢ XSS Game
➢ Hack This Site
➢ Root-Me
➢ HackTheBox
➢ Hack Me
➢ CTF 365
➢ Google Gruyere
➢ OWASP Juice Shop
➢ Hack Yourself First
➢ bWAPP
➢ Pentestbox