Abstract

Have you ever wanted to feel like you're getting kicked in the head by a mule? Do you want to be gaslit into oblivion by someone in Belgium called CaptainC0m3t? Then do I have the side hustle of the century for you!

Bug bounty is well picked-over territory. However there is still a rich vein of bullshit to mine, if you're prepared to do a little work and void some warranties in the process. I'll present some fairly widespread vulnerabilities and how I found them.

The promise of bug bounty has lured hundreds of thousands of 'researchers' into the field, very few of whom will be successful. Bug Bounty forums are littered with the remains of desperate people trying to break into this industry of pretend crime. The grift of 'make $$$ in your spare time' is a scam as old as El Nasir, but with a little bit of upfront effort, we can find issues that the automatons have overlooked.

This is not a talk about how to use Nuclei, automate your troubles away, or use the latest offensive tooling to farm whatever low hanging fruit is left. This is a talk about how to take a deep dive to find novel bugs within existing software; and how to open up attack surface through voiding warranties, and just generally being a menace to computers.

We will cover decompiling off the shelf images of well known software to expose endpoints, how to mix-and-match techniques to discover new vulnerabilities and how to increase impact of these issues once you've found them.