We're sorry but this page doesn't work properly without JavaScript enabled. Please enable it to continue.
Feedback

RECON VILLAGE - Bug Bounty Hunting on Steroids

00:00
subtitles
off
playback rate
1
subtitles
off
English (auto-generated)
playback rate
0.25
0.5
0.75
1
1.25
1.5
1.75
2
quality
576p
87
 Cite
 Share
 Download Purchase
No logo availableDEF CON
 Bhartiya, Anshuman Grant, Glenn

Formal Metadata

Title
RECON VILLAGE - Bug Bounty Hunting on Steroids
Title of Series
Number of Parts
322
Author
License
CC Attribution 3.0 Unported:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Identifiers
Publisher
Release Date
Language

Content Metadata

Subject Area
Genre
Abstract
Bug bounty programs are a hot topic these days. More and more companies are realizing the benefits of running a program, and researchers are jumping at the opportunity to grab some swag and make some extra cash from the bugs they find. Reporting security issues has never been as easy, open, and risk-free as it is right now. Everybody wins! Though that doesn’t mean we should stop there. As researchers, we spend a lot of time doing the same menial tasks for each program: monitoring for new targets, checking for common issues, remembering just which flags you needed to pass to that tool (or even which tool is best for that job). We build new tools, hack together shell scripts, and generally make small incremental changes to our process. But surely there’s a better approach? Are you sick of repeating the same tedious tasks over and over? Wouldn’t it be nice to have your own bug hunting machine? One that - Is always watching Reacts as soon as a new target becomes available Takes care of those tedious repetitive steps for you Makes life easy when you want to integrate a new tool/workflow Doesn’t cost the world to run, and trivially scales Leverages lessons and technologies battle tested in the dev world to improve your offensive capacity, capability and productivity Monitors your own infrastructure and reacts before hackers can (while saving you the cost of those Bug Bounty payouts in the meantime) We call this approach Bug Bounty Hunting on Steroids. We will discuss our research and approach to building such a machine, sharing some of the lessons we learned along the way. x
00:00
Virtual machineVacuumIntegrated development environmentReal numberMereologyScaling (geometry)Context awareness1 (number)Moment (mathematics)Disk read-and-write headBuildingCodeBitSoftware developerCloningMathematicsBelegleserServer (computing)Figurate numberDomain nameInformation securityQuicksortScripting languageSoftware bugHacker (term)Multiplication signRepository (publishing)AliasingProjective planePairwise comparisonRegulärer Ausdruck <Textverarbeitung>ParsingResultantInformationMemory managementEnumerated typeTraffic reportingAreaScalabilityFunction (mathematics)TwitterCuboidDatabaseIntegrated development environmentDebuggerFault-tolerant systemVirtual machinePresentation of a groupAutomationDampingLoginLink (knot theory)Perspective (visual)Computer fileGodContinuum hypothesisSoftware repositoryUrinary bladderSelf-organization
09:07
Domain nameGroup actionLink (knot theory)Repository (publishing)Musical ensembleRight angleWritingInheritance (object-oriented programming)Similarity (geometry)Computer animation
10:54
Presentation of a groupResultantRepository (publishing)Similarity (geometry)Right angleLink (knot theory)
11:52
ArchitectureQueue (abstract data type)Function (mathematics)Differenz <Mathematik>Infinite conjugacy class propertyTelecommunicationAliasingGoodness of fitOpen sourceSoftware developerDifferent (Kate Ryan album)outputBitLimit (category theory)Right angleAlpha (investment)Information securityNumberScaling (geometry)ResultantDomain nameQueue (abstract data type)InformationStress (mechanics)BuildingPoint cloudDirectory serviceComputer architectureDatabaseFormal languageQuicksortInstance (computer science)Data conversionFunction (mathematics)Projective planeCausalitySeries (mathematics)Differenz <Mathematik>AreaMathematicsShared memoryBinary codeSelf-organizationComputer programmingRun time (program lifecycle phase)Moment (mathematics)Point (geometry)FreewareCore dumpDependent and independent variablesTelecommunicationServer (computing)Data managementVector spaceScalabilityCommon Language InfrastructureCASE <Informatik>Software framework1 (number)Similarity (geometry)Multiplication signProcess (computing)User interfaceTime zoneDistribution (mathematics)Mobile WebDivisor
19:37
Just-in-Time-CompilerAliasingRight angleRepository (publishing)Function (mathematics)Frame problemResultantProduct (business)Software repositoryDemo (music)AuthenticationPort scannerGoodness of fitFeedbackDomain nameQuicksortSlide rulePoint (geometry)Multiplication signLink (knot theory)Canadian Mathematical SocietyWebsiteCASE <Informatik>Presentation of a groupInformationService (economics)Boss CorporationBlogOpen sourceCommunications protocolAuthorizationCodePrototypeDirect numerical simulationInstance (computer science)Decision theoryoutputServer (computing)File formatWeb 2.0Traffic reportingWeb pageLaptopLatent heatCellular automatonNormal (geometry)Source code
27:22
Web pageMaxima and minimaExecution unitAliasingParallel portTerm (mathematics)Message passingComputer fileMereologyFrame problemInformationWeb 2.0Sheaf (mathematics)Domain nameCanadian Mathematical SocietySelf-organizationSystem administratorVariable (mathematics)Right angleSensitivity analysisVector potentialRepository (publishing)QuicksortGastropod shellServer (computing)Figurate numberDefault (computer science)Forcing (mathematics)Group actionPort scannerGame controllerAreaSoftware frameworkSequelAutomationFunction (mathematics)
32:30
Monster groupRight angleSelf-organizationDomain nameNumberDefault (computer science)Inclusion mapForcing (mathematics)Computer fileEmailSequelFunction (mathematics)Figurate numberGoogolGame controllerDifferent (Kate Ryan album)RoutingSource codeRootPoint (geometry)PasswordShared memoryCore dumpPort scannerOpen setSource code
35:04
AliasingSource codeReading (process)Goodness of fitRow (database)Hacker (term)Right angleCodeClosed setMultiplication signShared memoryCASE <Informatik>Repository (publishing)Information securityOnline helpMusical ensembleOpen sourceBuilding
Transcript: English(auto-generated)