Overall Results
| Task/day |
Bug bounty Programs |
| android private program , kiwi android apps, netflix recon, nordvpn dns scanning |
found 2 vul, submit to h1, google |
| bug bounty on uber, comcast |
found 2 vul, submit to h1, bugcrowd |
| bug bounty on cisco, google |
found 1 vul, submit to cisco |
| bug bounty on cisco, netflix, starbucks, youtube |
found 1 vul, submit to bugcrowd, resubmit 1 issue |
| bug bounty on starbucks |
found 1 vul, submit to h1 |
| Reports |
Hackerone |
Bugcrowd |
Private Programs |
| P1-P2 |
1 |
0 |
0 |
| P2-P3 |
1 |
0 |
0 |
| P4-P5 |
13 |
5 |
1 |
| Duplicated |
8 |
2 |
0 |
| Pending |
2 |
1 |
1 |
| Traiged |
4 |
0 |
0 |
Total paid bounty $ 1,328 USD
Pending bounty $ 1,000 USD
Thoughts
Avoid any verizon bug bounty program.
- already too much hunters, & they dont pay well under new program rules. ( I submitted few issues, some of those they fixed and not paying for that, some are low vul issue and not paying too.)
Small scope private + new programs are good place to start.
- Like only 1 website + few CRUD apps.
- But dont spend too much time in it. Caz usually there is not much attack surface to test.