The Bug Hunter’s Recon Methodology

August 08, 2021

800

The Bug Hunter’s Recon Methodology

Tushar Verma

August 08, 2021

More Decks by Tushar Verma

See All by Tushar Verma

The Power of Recon_ Leveraging Recon for Easy $$$$

e11i0t_4lders0n

0

230

AWS Cloud Forensics & Incident Response

e11i0t_4lders0n

1

730

Hacking OAuth Applications

e11i0t_4lders0n

1

2.1k

Exploiting SSRF like a Boss

e11i0t_4lders0n

2

1.1k

How to Fail at Bug Bounty Hunting

e11i0t_4lders0n

1

1.7k

METHODOLOGIES AND APPROACH TO START BUG BOUNTY HUNTING

e11i0t_4lders0n

0

620

Bypassing 2FA Misconfiguration

e11i0t_4lders0n

1

2.4k

How to get started in bug bounty

e11i0t_4lders0n

1

510

Other Decks in Technology

See All in Technology

GitHub Copilot 最新アップデート – 「一歩先」の実践活用術

5

1.5k

200個のGitHubリポジトリを横断調査したかった

0

140

失敗を資産に変えるClaude Code

0

720

スタートアップにAmazon EKSは早すぎる？マルチプロダクト戦略を加速する Platform Engineeringの実践 / Is Amazon EKS Too Soon for Startups? Practical Platform Engineering to Accelerate a Multi-Product Strategy

0

370

SteampipeとExcel Power QueryでAWS構成定義書の作成を自動化する

0

160

ザ・データベース、MySQL ～ OSC 2026 Sendai ～

0

140

自分が詳しくない領域でAIを使う #プロヒス2026

13

5.2k

脱SaaS！FDEを支えるプロビジョニングと分離設計

0

240

アンオフィシャルな､オフィシャルからのお願い

wyamazak_devrel

0

140

IaC コードを資産へ：AWS CDK 社内ライブラリと横断展開 / aws-summit-japan-2026

5

1.1k

エラーバジェットのアラートのタイミングを考える.pdf

0

170

2026TECHFRESH畢業分享會 - AI 時代的人生存檔點

line_developers_tw

PRO

0

1.3k

Featured

See All Featured

How Fast Is Fast Enough? [PerfNow 2025]

3

610

What Being in a Rock Band Can Teach Us About Real World SEO

0

260

16th Malabo Montpellier Forum Presentation

PRO

0

150

RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub

141

35k

Improving Core Web Vitals using Speculation Rules API

sergeychernyshev

21

1.5k

Paper Plane (Part 1)

PRO

0

9.1k

Believing is Seeing

1

150

10 Git Anti Patterns You Should be Aware of

PRO

659

62k

Marketing Yourself as an Engineer | Alaka | Gurzu

0

240

How STYLIGHT went responsive

100

6.2k

Abbi's Birthday

2

8.1k

Raft: Consensus for Rubyists

141

7.5k

Transcript

The Bug Hunter’s Recon Methodology By: Tushar Verma
Whoami Application Security Engineer Synack Red Team Member Bug Bounty
Hunter Infosec Trainer & Speaker
Agenda Scope Review for any program Before Recon After Recon
Scope- based Recon Basic Methodolog y Tools and Automation frameworks
Scope review for any program • Assets • No of
reports resolved • Payout • Time to triage and Time to Bounty
Before Recon • Company name • Available scope • Overview
about the company business • Information from program page related to security purposes
After recon • Service info • Backend technology used •
Interesting Endpoints • Juicy links which may be vulnerable • More and more
Scope based recon • Small Scope Target-Single URL like domain
and subdomain(Ex. evil.com , info.evil.com • Medium Scope Target-Lists of subdomains(Ex. *.evil.com) • Large Scope Target-All website related to company is in scope
Basic Methodology Target : *.evil.com
Tools and Automation Framework ReconF TW Project Bheem Osmed eus
Get in touch at • Twitter: @e11i0t_4lders0n • LinkedIn: /in/tushars25
• Instagram: @e11i0t_4lders0n__ • Email: [email protected]
Thank you