What are your thoughts on using Log correlation engines such as ELK, Splunk, etc, to keep track of everything (such as port mapping, ssl ciphers, etc) and create intelligence for your bug hunt activities ? Do any of you currently use Log Correlation for it personally?
I’ve stumbled across a very good professional, who does it (https://github.com/maK-), and published some script for that purpose. I’m thinking on doing the same, automating what can be automated, and including manual tests manually into the same logging system.
Definitely an interesting idea, the more I dive into it the more it is fairly clear that in order to be a good bug bounty hunter and be productive, the more organized and methodical you can be the better!
You must be logged in to reply to this topic.
The Ethical Hacker Network (EH-Net) is proud to be part of the eLearnSecurity family.