3尼泊尔演讲.pdf

1、Bug Bounty at Scale Through Automation2025/01/11Abiral Shrestha$whoami Abiral Shrestha(proabiral)Kathmandu,Nepal Cofounder ThreatNix/Threat CON 7 years of Bug bounty experience Top 25 Hackerone-all time.Importance of automation workflow for Bug bounty Importance of subdomain enumeration Passive Subd

2、omain Enumeration Amass Subfinder Example:CVE-2019-9670 Example:Exposed Heap Dump Active Enumeration Subdomain Bruteforcing o https:/ Resolvers Need Good resolvers that:Responds with correct DNS answers Responds NXDOMAIN for non existing domain https:/ https:/ https:/wordlists.assetnote.io/https:/ h

3、ttps:/ Custom wordlist From your existing subdomain https:/ https:/ Brute Forcehttps:/ Stats:6000+number of new subdomains founds with this PermuteRipgen/gotator/goaltdns Regulator WildcardsWildcards on domain with resolvers in China:https:/www.assetnote.io/resources/research/insecurity-through-cens

4、orship-vulnerabilities-caused-by-the-great-firewall https:/www.usenix.org/system/files/sec21-hoang.pdf https:/recon- Setting up and maintaining multiple servers is time-consuming and inefficient.Becomes unmanageable at scale(e.g.,beyond 5 servers).Difficulties in:o Coordinating outputs from multiple

5、 servers.o Distributing domains to scan across the servers.Scaling Existing solutions(Axiom/Fleex/ShadowClone)Problems I faced with them o Not suitable for long running task o No retry on failure o Charges are higher if you run them continuously 30Kubernetes Container orchestration tools Easy Scalin

6、g/Replication Auto heal Kubernetes key concepts Pod:The smallest deployable unit;a group of containers.Node:A machine(VM or physical)that runs Pods.Kubernetes YAML Files for pods definition:Deployment Anti-Affinity Anti-Affinity Problem Rac