My Bug Bounty Resource Management

Methodology , Tips , And Resources

Methodology

• Find a target
• Extensive Recon
• Initial Recon / Quick
• Test ATO
• Test Login & Register / Session
• Javascript Enumration
• Test For Information Disclosure
• Testing Cache
• Suface Level Testing

Attacks

• Hacking APIs
• SQL Injection
• JWT Attacks
• NoSQL Injection
• O Auth 2.0 Attacks
• Web Cache Attacks
• CSRF
• CSV Injection
• FIle Upload Bugs
• Attacking CMS
• Insecure Deserialization
• SSRF
• WAF Bypass
• XSS Hunting
• XXE
• Path Traversal
• Post Message Hunting

Class X Issues

• Same Site Scripting
• WebSocket Bugs
• Origin IP
• Mail Server Misconfiguration
• Integer Overflow
• Insecure Crossdomain
• Exif Data Not Stripped
• .git Exposed
• DOS Attack
• Exploiting Cookie
• Captacha Bypass
• AEM Misconfiguration
• Hunting S3 Buckets
• CORS Misconfiguration
• Exploit Leaked Credentials
• AWS Cognito Misconfiguration
• Open Redirect
• Email Injection