DEFCON Workshop | Forming a Bug Bounty Hunting Party (Digital Version)

Рет қаралды 2,639

Күн бұрын

Пікірлер: 29

@akatech-ls5dq 2 ай бұрын

As always, a FANTASTIC video which took us for two hours straight without feeling it .. A deep thanks from the bottom of our heart for what you are doing . Truly, your teaching intention has reached us . THANKS

@hippolytnavrose5094 3 ай бұрын

What Mr. R-s0n has taught about bug bounty cannot be found in any medium. All those books and KZbin videos are teaching surfaces. They don't teach the detail side of it. We really appreciate Mr. R-s0n. Thank you.

@rHino122295 3 ай бұрын

This was a FANTASTIC video. Thank you for this and your very detailed breakdown dude

@ezioauditore8744 3 ай бұрын

Your videos have taught me so much, sir.

@ImKidriani 2 ай бұрын

These is brilliant

@CharanGowdak-sf5no 3 ай бұрын

Client side injection part 2 plz

@rupokhoque2979 3 ай бұрын

You change my life, Thank you so much bro

@berkepakis8088 20 күн бұрын

Can you share the framework you use for bugbounty hunting ? And what are the dependencies

@jsmith85151 3 ай бұрын

Welcome back.

@gamerz9129 Ай бұрын

hey, bruh where are you? we are missing you ):

@NM_24_7 8 күн бұрын

are u still streaming on twitch?

@awais0x1 3 ай бұрын

need One More Video On Access Controls Please

@YoYo-ij6fq 13 күн бұрын

Is there any community discord channel?

@HackGuru.tech... 3 ай бұрын

How do you divide up the pay for the group?

@rs0n_live 3 ай бұрын

That's a great question! I typically see groups take one of two strategies: 1. Everyone splits the bounty evenly, even if they did not participate in the hunting: This typically works for teams that know each other very well, have worked together before, and aren't highly motivated by money. This strategy can definitely breed resentment if you have someone "flaky" on the team. A way to mitigate that issue is that everyone agrees upfront that if someone doesn't participate in X way, they will be removed from the group. I've even seen groups create an SLA for async responses and number of synchronous meetups each month. 2. Money is split per bounty, based on participation: This is the most common way I see teams split pay. Usually they come to some agreement for the scribes and automation engineers, for example if their notes/tools directly lead to finding a vuln they get 50%, etc. Mentors typically get a split of every vuln they advise on. Ultimately, the most important thing is to sit down as a team and formally set up/document these agreements. The simplest way to do that is just to say "Everyone who contributed to finding a bug splits the money evenly" but again, if you're primary motivation is earning money that may not work for you.

@HackGuru.tech... 3 ай бұрын

@@rs0n_live Thank you for the detailed response. Building a group is super stressful, as is talking in voice chat. However, I will continue to slog through discord . I will keep following your videos too. And again wow such a large reply.

@Ipp-t3s 19 күн бұрын

Why did you stop posting

@youssefismail5754 3 ай бұрын

Love this notifications

@rs0n_live 3 ай бұрын

I"m glad! I'll be in the chat to answer any questions that the group has :)

@huzaifamuhammad8044 3 ай бұрын

Found that your discord server is gone. What is it only me or your took it down?

@j-makkk5208 14 күн бұрын

Anyone got a link to the discord his link expired?

@jxkz7 3 ай бұрын

What a nice personality ❤?

@RealWorldPortal464 3 ай бұрын

Bro do a live bug hunting specialy focus on api

@mdtonmoyhossainjifat9117 2 ай бұрын

anybody want to create a team ?

@z.7856 3 ай бұрын

something i hate about watching live bounties n bug bounty tips in general is nobody talks about certain things, i've noticed a lot of people who do live bug bounties don't use vpns or proxies but don't say why, nobody talks about the program rules like how to change user agent for automated/manual recon, nobody explains anything like that