Bug bounties with Frans Rosén

Agenda:

Bug bounties – What, how and why?

Going through the current state of bug bounties, what is it really? How do you start, and why? Frans will give some insights being one of the top ranked hackers on HackerOne and Bugcrowd and will share some advices on getting started together with some examples of fun bugs.(30 min)

DNS hijacking using cloud providers – no verification needed

A few years ago, Detectify did a blog post regarding domain hijacking using services like AWS, Heroku and GitHub. These issues still remains and are still affecting a lot of companies and there are many tools to find these vulnerabilities that have popped up after this went public.

However, there are many more ways to hijack domains, nameservers and DNS-providers. The tools out there are missing these cases completely. Frans will go through both the currently disclosed and the non-disclosed ways to take control over domains and will share the specific techniques involved.(50 min)

Frans Rosén is a knowledge advisor at Detectify and also spends a lot of his time doing bug bounties, and let's just say he is quite successful at that.

--

Big thanks to Schibsted Products & Technology for sponsoring pizza for the meeting