Resources-for-Beginner-Bug-Bounty-Hunters

Talks 🤓

Table of Contents

1. General Bug Bounty Talks
2. Recon and Automation
3. Research and Exploitation
4. Vulnerabilities Explained
5. Mobile Hacking
6. Miscellaneous

General Bug Bounty Talks

• How To Get Started In Bug Bounties by DC CyberSec
• Is it too late to start doing BUG BOUNTY in 2020? STOK
• MY BUG BOUNTY JOURNEY! by Farah Hawa
• DEF CON 23 - Jason Haddix - How to Shot Web: Web and mobile hacking in 2015
• Google Hacking (Dorking)

Recon and Automation

• The Truth About Recon
• The Bug Hunter’s Methodology v4.0 - Recon Edition by @jhaddix #NahamCon2020! -It’s the Little Things - BSides Portland 2018 by @NahamSec
• Who, What, Where, When, Wordlist by @TomNomNom #NahamCon2020
• GitHub Recon and Sensitive Data Exposure
• Creating Wordlists for Hacking, Pentesting & Bug Bounty Hunting Using Seclists, Bigquery, and More!
• Hacking IIS (Recon) by infosec_au
• Knock knock, Who’s There? Identifying Assets in the Cloud

Research and Exploitation

• XSS on Google Search - Sanitizing HTML in The Client? - LiveOverflow
  • The Fix
• DEF CON 27 Conference - By NahamSec - Owning The Clout Through Server Side Request Forgery
• Orange Tsai - Infiltrating Corporate Intranet Like NSA Preauth RCE - DEF CON 27 Conference
• Breaking Parser Logic: Take Your Path Normalization off and Pop 0days Out!
• You’ve Got Pwned: Exploiting E-Mail Systems by @securinti #NahamCon2020!
• Practical Attacks Using HTTP Request Smuggling by @defparam #NahamCon2020

Vulnerabilities Explained

• Subdomain Takeovers, beyond the basics for Pentesters and Bug Bounty Hunters
• albinowax - HTTP Desync Attacks: Smashing into the Cell Next Door - DEF CON 27 Conference
• Server-Side Template Injection: RCE For The Modern Web App
• A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages!

• [Finding DOMXSS with DevTools

  Untrusted Types Chrome Extension](https://www.youtube.com/watch?v=CNNCCgDkt5k)

• Burp Suite tutorial: IDOR vulnerability automation using Autorize and AutoRepeater (bug bounty) - STÖK & Fisher
• AppSec EU 2017 Exploiting CORS Misconfigurations For Bitcoins And Bounties by James Kettle

Mobile Hacking

• Getting Started with Android App Testing with Genymotion
• Exploiting Android deep links and exported components - Ekoparty Mobile Hacking Space Talk
• Android Hacking #VirSecCon2020
• Advanced Android Bug Bounty skills - Ben Actis
• Android Application Exploitation - Red Team Village
• Android App Reverse Engineering LIVE!
• Android App Penetration Testing 101
• Fun with Frida on Mobile

Miscellaneous

• Securing the System: A Deep Dive into Reversing Android Pre-Installed Apps
• Hacker101 - JavaScript for Hackers (Created by @STÖK)