Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
The Bug Hunter’s Recon Methodology
Search
Tushar Verma
August 08, 2021
Technology
800
2
Share
The Bug Hunter’s Recon Methodology
Tushar Verma
August 08, 2021
More Decks by Tushar Verma
See All by Tushar Verma
The Power of Recon_ Leveraging Recon for Easy $$$$
e11i0t_4lders0n
0
220
AWS Cloud Forensics & Incident Response
e11i0t_4lders0n
1
720
Hacking OAuth Applications
e11i0t_4lders0n
1
2.1k
Exploiting SSRF like a Boss
e11i0t_4lders0n
2
1.1k
How to Fail at Bug Bounty Hunting
e11i0t_4lders0n
1
1.7k
METHODOLOGIES AND APPROACH TO START BUG BOUNTY HUNTING
e11i0t_4lders0n
0
610
Bypassing 2FA Misconfiguration
e11i0t_4lders0n
1
2.4k
How to get started in bug bounty
e11i0t_4lders0n
1
500
Other Decks in Technology
See All in Technology
OCI技術資料 : ロード・バランサ 概要 - FLB・NLB共通
ocise
4
27k
Microsoft Fabricで考える非構造データのAI活用
ryomaru0825
0
600
Oracle AI Database@AWS:サービス概要のご紹介
oracle4engineer
PRO
3
2.1k
出版記念イベントin大阪「書籍紹介&私がよく使うMCPサーバー3選と社内で安全に活用する方法」
kintotechdev
0
140
Babylon.js を使って試した色々な内容 / Various things I tried using Babylon.js / Babylon.js 勉強会 vol.5
you
PRO
0
190
トイルを超えたCREは何屋になるのか
bengo4com
0
120
LLMに何を任せ、何を任せないか
cap120
11
6.9k
Cortex Code君、今日から内製化支援担当ね。
coco_se
0
100
開発チームとQAエンジニアの新しい協業モデル -年末調整開発チームで実践する【QAリード施策】-
qa
0
690
Zephyr(RTOS)でOpenPLCを実装してみた
iotengineer22
0
180
Kiro Meetup #7 Kiro アップデート (2025/12/15〜2026/3/20)
katzueno
2
280
【AWS】CloudTrail LakeとCloudWatch Logs Insightsの使い分け方針
tsurunosd
0
130
Featured
See All Featured
Leveraging Curiosity to Care for An Aging Population
cassininazir
1
210
Odyssey Design
rkendrick25
PRO
2
560
Groundhog Day: Seeking Process in Gaming for Health
codingconduct
0
140
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
122
21k
Producing Creativity
orderedlist
PRO
348
40k
brightonSEO & MeasureFest 2025 - Christian Goodrich - Winning strategies for Black Friday CRO & PPC
cargoodrich
3
140
The Cost Of JavaScript in 2023
addyosmani
55
9.8k
Practical Orchestrator
shlominoach
191
11k
B2B Lead Gen: Tactics, Traps & Triumph
marketingsoph
0
94
How GitHub (no longer) Works
holman
316
150k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
35
3.4k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
37
6.3k
Transcript
The Bug Hunter’s Recon Methodology By: Tushar Verma
Whoami Application Security Engineer Synack Red Team Member Bug Bounty
Hunter Infosec Trainer & Speaker
Agenda Scope Review for any program Before Recon After Recon
Scope- based Recon Basic Methodolog y Tools and Automation frameworks
Scope review for any program • Assets • No of
reports resolved • Payout • Time to triage and Time to Bounty
Before Recon • Company name • Available scope • Overview
about the company business • Information from program page related to security purposes
After recon • Service info • Backend technology used •
Interesting Endpoints • Juicy links which may be vulnerable • More and more
Scope based recon • Small Scope Target-Single URL like domain
and subdomain(Ex. evil.com , info.evil.com • Medium Scope Target-Lists of subdomains(Ex. *.evil.com) • Large Scope Target-All website related to company is in scope
Basic Methodology Target : *.evil.com
Tools and Automation Framework ReconF TW Project Bheem Osmed eus
Get in touch at • Twitter: @e11i0t_4lders0n • LinkedIn: /in/tushars25
• Instagram: @e11i0t_4lders0n__ • Email:
[email protected]
Thank you
e11i0t_4lders0n
ocise
ryomaru0825
oracle4engineer
kintotechdev
you
bengo4com
cap120
coco_se
qa
iotengineer22
katzueno
tsurunosd
cassininazir
rkendrick25
codingconduct
panda_program
orderedlist
cargoodrich
addyosmani
shlominoach
marketingsoph
holman
rmw
kevinliebholz
