March 5, 2020 · Bug Bounty Thoughts
Week 2 - Found something interesting
|Task/day||Bug bounty Programs|
|android private program , kiwi android apps, netflix recon, nordvpn dns scanning||found 2 vul, submit to h1, google|
|bug bounty on uber, comcast||found 2 vul, submit to h1, bugcrowd|
|bug bounty on cisco, google||found 1 vul, submit to cisco|
|bug bounty on cisco, netflix, starbucks, youtube||found 1 vul, submit to bugcrowd, resubmit 1 issue|
|bug bounty on starbucks||found 1 vul, submit to h1|
| Reports | Hackerone | Bugcrowd | Private Programs |
| P1-P2 | 1 | 0 | 0 |
| P2-P3 | 1 | 0 | 0 |
| P4-P5 | 13 | 5 | 1 |
| Duplicated | 8 | 2 | 0 |
| Pending | 2 | 1 | 1 |
| Traiged | 4 | 0 | 0 |
Total paid bounty $ 1,328 USD
Pending bounty $ 1,000 USD
Avoid any verizon bug bounty program.
- already too much hunters, & they dont pay well under new program rules. ( I submitted few issues, some of those they fixed and not paying for that, some are low vul issue and not paying too.)
Small scope private + new programs are good place to start.
- Like only 1 website + few CRUD apps.
- But dont spend too much time in it. Caz usually there is not much attack surface to test.