Practical Exploitation of DoS in Bug Bounty
Roni Lupin Carta
DEF CON 32 Creator Stage · Day 1 · Creator Stage
In this DEF CON 32 talk, Roni Lupin Carta, co-founder of Lupin Holmes, delves into the often-misunderstood and frequently dismissed realm of Denial-of-Service (DoS) vulnerabilities within bug bounty programs. Carta challenges the common perception that DoS attacks are inherently low-impact or out of scope, arguing instead that with a responsible approach, they can yield significant business impact and substantial financial rewards for security researchers. The presentation focuses on practical exploitation techniques, differentiating between client-side and server-side DoS vectors, and provides concrete examples of successful bounties.