Post on 11-Apr-2020
Himanshu MehtaSenior Threat Analysis Engineer
✓ Security Intelligence Team @ Symantec
✓ Mentor @ NITI Aayog
✓ Bug Hunter | Penetration Tester | Security Researcher
✓ Speaker at National Cyber Security Conference, Hakon, Hack
In The Box & Hack In Paris
✓ Advisory Board Member @EC-Council & Convetit
✓ Program Committee Member of Dubai International
Conferences - Data Mining & Knowledge Management, and
Fuzzy Logic Systems
@LionHeartRoxx
Sachin Wagh
Threat Analysis Engineer
✓ Security Intelligence Team @ Symantec
✓ Speaker at HAKON, Infosecurity Europe and Hack In
Paris
✓ Bug Hunter | Penetration Tester | Security
Researcher
✓ Reviewer of “Hands-On Bug Bounty for Penetration
Testers” and “Burp Suite Cookbook”
@tiger_tigerboy
❑ Companies: Receive vulnerability reports from bug hunters.
❑ Vulnerability: A security flaw or weakness found in software or in an operating system (OS) that can lead to security concerns.
❑ Bug Hunters: Receive awards for valid submissions.
❖ Bounty: 10$ - 100,000$
❖ Swag: T-shirt, Hoodie, Mug etc.
❑ Open For Signup
➢ Hackerone
➢ Bugcrowd
➢ BountyFactory
➢ Bugbountyjp
➢ Intigriti
➢ Open Bug Bounty
➢ Yogosha
➢ P1 - Critical: Vulnerabilities that cause a privilege escalation from unprivileged to admin or allow for remote code execution, financial theft, etc.
➢ P2 - High: Vulnerabilities that affect the security of the software and impact the processes it supports.
➢ P3 - Medium: Vulnerabilities that affect multiple users and require little or no user interaction to trigger.
➢ P4 - Low: Vulnerabilities that affect singular users and require interaction or significant prerequisites to trigger (MitM) to trigger.
➢ P5 - Informational: Non-exploitable vulnerabilities in functionality. Vulnerabilities that are by design or are deemed acceptable business risk to the customer.
inurl:"bug bounty" and intext:"€" and inurl:/security
intext:bounty inurl:/security
intext:"Bug Bounty" and intext:"BTC" and intext:"reward“
intext:"Bug Bounty" and inurl:"/bounty" and intext:"reward“
https://www.virustotal.com/#/domain/google.com
https://searchdns.netcraft.com/
1. Create two account for testing. In my case attacker1@gmail.comand attacker2@gmail.com
2. Now login with attacker1@gmail.com in one browser. After login, open another browser and request for reset password for attacker2@gmail.com.
3. After entering email id and captcha, you will get the link for resetting password.
4. Just copy the link and paste into the first browser where you already login for attacker1@gmail.com account.
E.g https://www.tesla.com/user/reset/98389498/1472248302/4ujwKW8mbcCottRZYCayKKRAjT_0LweAxjFRRMfz-1E
where 98389498 is userid.
5. Just increase it with 1 and it will discloses the email id of another user.
DLL Highjacking is a process by which malicious code is
injected into an application via a maliciousDLL with the
same name as a DLL used by the application.
Look for access denied, Require authentication error
GET http://www.example.com - 200
GET http://www.example.com/backlog/ - 404
GET http://www.example.com/admin/ - 401 hmm.. ok
GET http://www.example.com/admin/[bruteforce here now]
❑ Tools/OS
➢ Kali Linux OS
➢ Burp Suite
➢ Browser Plugins
❑ Methodologies
➢ OWASP Top 10
➢ SANS Top 25
➢ Google Hacking Database (GHDB)
❑ Web and browser
➢ Web Hacking 101 by Peter Yaworski.
➢ Breaking into Information Security: Learning the Ropes 101 by Andy Gill.
➢ The Web Application Hacker’s Handbook: Finding and Exploiting Security Flaws
by Dafydd Stuttard and Marcus Pinto.
➢ Tangled Web by Michal Zalewski.
➢ OWASP Testing Guide v4 by OWASP Breakers community.
❑ Mobile
➢ The Mobile Application Hacker's Handbook by Dominic Chell et al.
➢ iOS Application Security: The Definitive Guide for Hackers and Developers by David Thiel.
❑ Cryptography
➢ Crypto 101 by Laurens Van Houtven.
❑ IEEE Papers
➢ https://sci-hub.io/
➢ VulnHub
➢ Pentesterlab
➢ XSS Game
➢ Hack This Site
➢ Root-Me
➢ HackTheBox
➢ Hack Me
➢ CTF 365
➢ Google Gruyere
➢ OWASP Juice Shop
➢ Hack Yourself First
➢ bWAPP
➢ Pentestbox