Demystifying Bug Bounties: Insights from a Decade of Experience - Yassine Aboukir
HTML-код
- Опубликовано: 11 сен 2024
- Bug bounties have gained popularity as a well-established process within organizations with a mature security posture. Throughout the last decade, I have been an active member of the bug bounty community and have had the privilege of managing such programs for several high-profile organizations, including Airbnb, the US military, Spotify, Sony, PayPal, and Slack.
Additionally, I have also taken part in these programs as a hacker and have successfully identified over a thousand security vulnerabilities. This experience has proved invaluable in advancing my skills, mindset, and hacking methodology, allowing me to identify better and higher severity bugs over time, leading to increased payouts in return. During this presentation, we will deconstruct the concept of bug bounties and share insights and lessons learned from my experience as both a hacker and a bug bounty program manager. Furthermore, I will walk you through some of my favorite technical bugs that I have uncovered during my journey.
That guy who fixed the microphone in the beginning is a star.
That was clutch. What a difference 😅
Very well done
Wow Amazing how much information I got from this lecture , this is definitely one of the best talks that will change too much in my bug bounty journey , thank you Yassine for this amazing talk.
great talk thank you
this was a great talk. thank you!
1:07:09
I think the IMDSv2 has a ttl of 1 hop so only the ec2 instance can get the credentials and it can't send it to the client back even if there is valid SSRF?
Kosovo was really nice, loved the country and beside was dope
Thanks
Great talk thank you!
0
Pain
To pata hi tha p
Great talk! Will you be making the slides available? Thank you!!!
:)
Will you get pay more if you sell a critical bug on a black market?
if you sell it to enough people always lol
🇲🇦🇲🇦🇲🇦🇲🇦