-
INTRODUCTION
- Who I'm NOT:
- A super secret NSA hacker/operator who's here to teach you how to earn $1 million with bug bounties
- A "Million Dollar" hacker who crush you all at CTF's
- A 100x coder that knows every langage, built my own compiler, and actually uses vim as their IDE
- Who I am:
- Someone who loves bug bounty hunting and has spent a LOT of time doing it
- Someone who has had a unique career path working in a lot of different roles/orgs
- Someone who has a genuine passion for teaching
- Workshop Overview
- Purpose of the workshop is to help build a formal methodology for effective bug bounty collaboration
- You will leave this workshop with:
- Repeatable Process to Form a Balanced Group
- Skills & Tools Needed to Effectively Collaborate
- Ways to Maximize Return on Investment (ROI)
- My Full Bug Bounty Hunting Methodology
- New Bug Bounty Hunting Friends!
- Who I'm NOT:
-
DIVIDE PEOPLE INTO GROUPS
- EXERCISE 1 (10 MIN): Guided Session to Break Particpants into Group
- Your Version of Success (Are Your Goals Aligned?)
- Success Ideas:
- I want to make money
- I want to learn
- I want to advance my career
- I want to grow my personal brand
- I want to releive stress
- I want a purpose
- Group Types:
- Is your primary goal to make money?
- Join the Big Money Group
- Do you want to leverage bug bounties to start/advance your career in cybersecurity?
- Join the Security Professionals Group
- Do you want to leverage bug bounties to build your personal brand?
- Join the Content Creator Group
- Do you want to use bug bounties as a controlled way to learn offensive security?
- Join the Earn While You Learn Group
- Is your primary goal to make money?
- Success Ideas:
- Your Version of Success (Are Your Goals Aligned?)
- DECISION POINT - Take a few minutes to meet the other members of your group! Do you feel like your goals are aligned? Does anyone feel like they ended up in the wrong place?
- EXERCISE 2 (10 MIN): Balancing The Teams
- Offensive || Defensive
- Offensive (Red Team) - Knows how an attacker thinks. Can identify vulnerabilities and effectively articulate their risk
- Worked on a Red Team
- Top 99% on Try Hack Me
- Defensive (Blue Team) - Understands how applications work, as well as the security controls designed to prevent attacks
- Worked on a Blue Team
- Developer/Engineer transitioning to AppSec
- Offensive (Red Team) - Knows how an attacker thinks. Can identify vulnerabilities and effectively articulate their risk
- Mastering || Applying || Learning
- Mastering
- Found some level of success in bug bounties
- Comfortable teaching some bug bounty concepts
- Applying
- Comfortable hunting on their own
- Learning
- Not comfortable hunting on their own
- Teams only need 1 Applying, seniors not required
- Mastering
- Offensive || Defensive
- NO DECISION POINT, BALANCE THE TEAMS AS NECESSARY
- EXERCISE 1 (10 MIN): Guided Session to Break Particpants into Group
-
ASSIGN EACH GROUP MEMBER A ROLE
- EXERCISE 3 (20 MIN): Guided Session to Assist Partipants in Choosing the Best Role for Them
- Assign Roles
- Roles:
- Mentor
- Red Team Hunter
- Blue Team Hunter
- Scribe
- Automation
- Roles:
- Team Dynamics & Win-Win Scenarios
- Team Dynamics
- Mentor is most experienced, Hunters feed questions to Mentor
- Red Team Hunter & Blue Team Hunter hunt together, bounce questions off each other
- Scribe is the least experienced, tracks everything the group is doing and maintains notes
- Automation builds automation scripts and tools to solve the group's problems
- EXERCISE (5 MIN): Talk with your team members and assign roles
- Team Dynamics
- Return on Investment (ROI)
- Win-Win Scenarios
- Mentor collaborates on most submissions without doing the bulk of the work (more passive income), learns from a wide range of questions
- Hunters learn from each other's unique skillset, grow quickly, and find bugs that specialized researchers miss
- Scribes learn from experienced researchers, as well as by taking notes, and collaborate on some reports
- Automation collaborates on most submissions without doing active hunting, spends a lot of time developing async in flow state
- Win-Win Scenarios
- Ideal Team vs. Minimum Skills Needed
- Ideal Team of Six
- Mentor(Red)
- Mentor(Blue)
- Hunter (Red)
- Hunter (Blue)
- Scribe
- Automation
- Minimum Skills Needed For a Team of Six
- Mentor (Red/Blue)
- Scribe
- Scribe
- Scribe
- Scribe
- Scribe
- Ideal Team of Six
- Assign Roles
- DECISION POINT - Talk with your new team and decide on roles for each member. Be sure to share why you chose your role, that insight will be helpful to other members of your group!
- EXERCISE 3 (20 MIN): Guided Session to Assist Partipants in Choosing the Best Role for Them
-
HOW TO COLLABORATE (6 slides)
- EXERCISE 3 (10 MIN): Guided Session to Assist Partipants in Choosing the Best Role for Them
- Finding a Program
- Styles of Hunting (Examples):
- Recon Heavy
- Deep Dive into SaaS App
- Targeting Future Vulns
- Picking a program to match your group's hunting style
- Recon Heavy:
- Wide-open Scope is best
- Lots of wildcard domains
- The bigger, the better!
- Deep Dive into SaaS App
- Pick a SaaS Company
- Large app w/ authentication & complex RBAC
- Tech stack the team is familiar with
- Targeting Future Vulns
- Enumerate every possible bug bounty program
- Monitor for new web-based CVEs
- Spray and Pray!
- Recon Heavy:
- EXERCISE (10 MIN): Decide as a group what hunting style you will use and find a program to match
- Styles of Hunting (Examples):
- Sync vs Async Hunting
- Hunting Together Syncronously
- Hunting Together Asyncronously
- Communicating and Notes
- Messaging - Discord / Slack
- Online Notetaking - Confluence / GSuite
- Video Collaborating - Zoom / Google Meet
-
BUILD A GROUP METHODOLOGY
- Methodlogy Overview
- Recon
- Cloud
- Injection
- Logic
- Methodology Sheet
- FINAL EXERCISE: Working as a team, divide blocks of rs0n’s methodology between the members of your group and develop a plan of execution.
- Methodlogy Overview