Aggressive Scanning in Bug Bounty (and how to avoid it)

Поделиться
HTML-код
  • Опубликовано: 28 июн 2024
  • 🧠 What is aggressive scanning / intrusive testing? How can you avoid it? Learn about the importance of adhering to program requirements and the rules of engagement in bug bounty. In this video, we'll configure and test some common web hacking tools to ensure the requests are rate-limited and stay within the maximum requests per second permitted by the program.
    🔗 Check out our accompanying blog post: blog.intigriti.com/2024/03/18...
    🔗 More on rate-limiting / throttling: kb.intigriti.com/en/articles/...
    🔗 More on testing requirements: kb.intigriti.com/en/articles/...
    🧑💻 Sign up and start hacking right now - go.intigriti.com/register
    👾 Join our Discord - go.intigriti.com/discord
    🎙️ This show is hosted by / _cryptocat ( ‪@_CryptoCat‬ ) & / intigriti
    👕 Do you want some Intigriti Swag? Check out swag.intigriti.com
    Overview:
    0:00 Intro
    0:19 What is aggressive scanning?
    1:00 5 examples from public programs
    3:45 Demo: tool defaults
    7:24 Why should you avoid it?
    9:20 How can you avoid it?
    10:50 Demo: configuring common tools
    10:54 ffuf
    11:41 gobuster
    12:48 Be careful with threads!!
    14:06 sqlmap
    16:11 burp suite
    17:19 Conclusion

Комментарии • 11

  • @TechAmbition
    @TechAmbition 2 месяца назад +1

    Srsly, I wasn't expecting that much by intigriti to make that much in depth video

    • @intigriti
      @intigriti  2 месяца назад

      Hope it was useful! 💜

  • @G3msFinder
    @G3msFinder 3 месяца назад +2

    This was very helpful video, thank you

  • @soanzin
    @soanzin 2 месяца назад

    Those rate limits are imposed by intrigiti or by the programs it self, because in others platforms i didnt see those rate limits rules ..

    • @intigriti
      @intigriti  2 месяца назад +1

      It's imposed by the programs, if they are happy for unlimited requests then it's no problem for us. It is rare to see no limits though, especially with small companies for the reasons mentioned in the video/blog. I (CryptoCat) was recently hacking on a program on another platform and at first I thought there was no limit because it didn't state "requests per second" or "throttling" or "rate limiting" etc anywhere. Eventually I realised they didn't permit use of automated tools, full stop! 😣

    • @soanzin
      @soanzin 2 месяца назад

      @@intigriti thanks for the answer..

  • @Yt.kb_patil
    @Yt.kb_patil 3 месяца назад

    🙌❤

  • @manashalder1206
    @manashalder1206 3 месяца назад +2

    what if we send 100 using ip rotation

Следующие
Автовоспроизведение
Introduction to GraphQL Attacks18:50Introduction to GraphQL Attacks
Introduction to GraphQL AttacksIntigriti
Просмотров 1,5 тыс.
Unicode Normalization and Cookie Path Precedence - Solution to February (Valentines) '24 Challenge21:15Unicode Normalization and Cookie Path Precedence - Solution to February (Valentines) '24 Challenge
Unicode Normalization and Cookie Path Precedence - Solution to February (Valentines) '24 ChallengeIntigriti
Просмотров 1,1 тыс.
Watch me hack a bug bounty-like target from scratch. #bugbounty #hacking29:05Watch me hack a bug bounty-like target from scratch. #bugbounty #hacking
Watch me hack a bug bounty-like target from scratch. #bugbounty #hackingthehackerish
Просмотров 26 тыс.
Raising a Grocery Store Lobster as a Pet09:20Raising a Grocery Store Lobster as a Pet
Raising a Grocery Store Lobster as a PetAquarium Info
Просмотров 756 тыс.
This Disease is Deadlier Than The Plague10:53This Disease is Deadlier Than The Plague
This Disease is Deadlier Than The PlagueKurzgesagt – In a Nutshell
Просмотров 4,1 млн
Unraveling the Lore of Smiling Friends15:00Unraveling the Lore of Smiling Friends
Unraveling the Lore of Smiling FriendsZeepsterd
Просмотров 307 тыс.
I Created The Most Powerful Pokemon Fusion From Kanto33:29I Created The Most Powerful Pokemon Fusion From Kanto
I Created The Most Powerful Pokemon Fusion From KantoUnited Plays
Просмотров 180 тыс.
Common Scoping Mistakes24:30Common Scoping Mistakes
Common Scoping MistakesIntigriti
Просмотров 723
Introduction to Nuclei8:42Introduction to Nuclei
Introduction to NucleiProjectDiscovery
Просмотров 11 тыс.
The Bug Hunter's Methodology - Application Analysis | Jason Haddix47:21The Bug Hunter's Methodology - Application Analysis | Jason Haddix
The Bug Hunter's Methodology - Application Analysis | Jason HaddixHackerOne
Просмотров 84 тыс.
Bug Bounty bootcamp // Get paid to hack websites like Uber, PayPal, TikTok and more42:19Bug Bounty bootcamp // Get paid to hack websites like Uber, PayPal, TikTok and more
Bug Bounty bootcamp // Get paid to hack websites like Uber, PayPal, TikTok and moreDavid Bombal
Просмотров 161 тыс.
What is the Smallest Possible .EXE?17:57What is the Smallest Possible .EXE?
What is the Smallest Possible .EXE?Inkbox
Просмотров 87 тыс.
it's been a rough week for microsoft...10:22it's been a rough week for microsoft...
it's been a rough week for microsoft...Low Level Learning
Просмотров 266 тыс.
Performing CSRF Exploits Over GraphQL10:36Performing CSRF Exploits Over GraphQL
Performing CSRF Exploits Over GraphQLIntigriti
Просмотров 1 тыс.
Master Burp Suite Like A Pro In Just 1 Hour51:29Master Burp Suite Like A Pro In Just 1 Hour
Master Burp Suite Like A Pro In Just 1 HourNetsec Explained
Просмотров 51 тыс.
Live Hacking On Indeed with Tess 💥 | Hacker2Hacker49:38Live Hacking On Indeed with Tess 💥 | Hacker2Hacker
Live Hacking On Indeed with Tess 💥 | Hacker2HackerHacking Simplified
Просмотров 9 тыс.
Я Построил СЕКРЕТНЫЙ МАГАЗИН ДОМА, Который НИКТО НЕ НАЙДЕТ !14:17Я Построил СЕКРЕТНЫЙ МАГАЗИН ДОМА, Который НИКТО НЕ НАЙДЕТ !
Я Построил СЕКРЕТНЫЙ МАГАЗИН ДОМА, Который НИКТО НЕ НАЙДЕТ !A4
Просмотров 4 млн
Всем, кто летом собирался не в Анапу посвящается😢😢 #shorts #slowslowcow #плохиепесни00:57Всем, кто летом собирался не в Анапу посвящается😢😢 #shorts #slowslowcow #плохиепесни
Всем, кто летом собирался не в Анапу посвящается😢😢 #shorts #slowslowcow #плохиепесниslow slow cow
Просмотров 52 тыс.
Самодельный Мустанг / 12 лет рабства😣 Чем всё закончилось? Обвес на Мустанг КЕНА БЛОКА43:16Самодельный Мустанг / 12 лет рабства😣 Чем всё закончилось? Обвес на Мустанг КЕНА БЛОКА
Самодельный Мустанг / 12 лет рабства😣 Чем всё закончилось? Обвес на Мустанг КЕНА БЛОКАМАШИНАТОРЫ
Просмотров 224 тыс.
🎤Пою РЕТРО Песни ✧˖°3:04:48🎤Пою РЕТРО Песни ✧˖°
🎤Пою РЕТРО Песни ✧˖°Саша Квашеная
Просмотров 1,7 млн
🤣 Странный мужик на таможне удивил сотрудников своими действиями! | Новостничок00:19🤣 Странный мужик на таможне удивил сотрудников своими действиями! | Новостничок
🤣 Странный мужик на таможне удивил сотрудников своими действиями! | НовостничокНОВОСТНИЧОК
Просмотров 2,4 млн
НЕВИДИМАЯ СТЕНА ВСЁ ИСПОРТИЛА #ets2 #shorts #lissa00:36НЕВИДИМАЯ СТЕНА ВСЁ ИСПОРТИЛА #ets2 #shorts #lissa
НЕВИДИМАЯ СТЕНА ВСЁ ИСПОРТИЛА #ets2 #shorts #lissaLissa
Просмотров 142 тыс.
это самое вкусное блюдо00:12это самое вкусное блюдо
это самое вкусное блюдоKatya Klon
Просмотров 2,2 млн
Самоприкорм с сестрой 😂00:19Самоприкорм с сестрой 😂
Самоприкорм с сестрой 😂Alexandra Posnova
Просмотров 298 тыс.