Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
The Bug Hunter’s Recon Methodology
Search
Tushar Verma
August 08, 2021
Technology
2
760
The Bug Hunter’s Recon Methodology
Tushar Verma
August 08, 2021
Tweet
Share
More Decks by Tushar Verma
See All by Tushar Verma
The Power of Recon_ Leveraging Recon for Easy $$$$
e11i0t_4lders0n
0
170
AWS Cloud Forensics & Incident Response
e11i0t_4lders0n
1
660
Hacking OAuth Applications
e11i0t_4lders0n
1
2k
Exploiting SSRF like a Boss
e11i0t_4lders0n
2
1.1k
How to Fail at Bug Bounty Hunting
e11i0t_4lders0n
1
1.7k
METHODOLOGIES AND APPROACH TO START BUG BOUNTY HUNTING
e11i0t_4lders0n
0
570
Bypassing 2FA Misconfiguration
e11i0t_4lders0n
1
2.3k
How to get started in bug bounty
e11i0t_4lders0n
1
480
Other Decks in Technology
See All in Technology
AIコーディングの最前線 〜活用のコツと課題〜
pharma_x_tech
4
2.9k
フルカイテン株式会社 エンジニア向け採用資料
fullkaiten
0
5.4k
AIにおけるソフトウェアテスト_ver1.00
fumisuke
1
310
企業が押さえるべきMCPの未来
takaakikakei
0
210
Running JavaScript within Ruby
hmsk
3
430
Terraform Cloudで始めるおひとりさまOrganizationsのすゝめ
handy
2
210
MCPを理解する
yudai00
12
7.7k
【Oracle Cloud ウェビナー】ご希望のクラウドでOracle Databaseを実行〜マルチクラウド・ソリューション徹底解説〜
oracle4engineer
PRO
1
130
Computer Use〜OpenAIとAnthropicの比較と将来の展望〜
pharma_x_tech
6
790
Microsoft の SSE の現在地
skmkzyk
0
250
Cross Data Platforms Meetup LT 20250422
tarotaro0129
1
850
意思決定を支える検索体験を目指してやってきたこと
hinatades
PRO
0
350
Featured
See All Featured
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
233
17k
For a Future-Friendly Web
brad_frost
177
9.7k
The Psychology of Web Performance [Beyond Tellerrand 2023]
tammyeverts
47
2.7k
The Cost Of JavaScript in 2023
addyosmani
49
7.8k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
136
33k
Learning to Love Humans: Emotional Interface Design
aarron
273
40k
Documentation Writing (for coders)
carmenintech
69
4.7k
Side Projects
sachag
453
42k
Build your cross-platform service in a week with App Engine
jlugia
230
18k
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
194
16k
How To Stay Up To Date on Web Technology
chriscoyier
790
250k
The MySQL Ecosystem @ GitHub 2015
samlambert
251
12k
Transcript
The Bug Hunter’s Recon Methodology By: Tushar Verma
Whoami Application Security Engineer Synack Red Team Member Bug Bounty
Hunter Infosec Trainer & Speaker
Agenda Scope Review for any program Before Recon After Recon
Scope- based Recon Basic Methodolog y Tools and Automation frameworks
Scope review for any program • Assets • No of
reports resolved • Payout • Time to triage and Time to Bounty
Before Recon • Company name • Available scope • Overview
about the company business • Information from program page related to security purposes
After recon • Service info • Backend technology used •
Interesting Endpoints • Juicy links which may be vulnerable • More and more
Scope based recon • Small Scope Target-Single URL like domain
and subdomain(Ex. evil.com , info.evil.com • Medium Scope Target-Lists of subdomains(Ex. *.evil.com) • Large Scope Target-All website related to company is in scope
Basic Methodology Target : *.evil.com
Tools and Automation Framework ReconF TW Project Bheem Osmed eus
Get in touch at • Twitter: @e11i0t_4lders0n • LinkedIn: /in/tushars25
• Instagram: @e11i0t_4lders0n__ • Email:
[email protected]
Thank you
e11i0t_4lders0n
.png){kind=icon}
pharma_x_tech
fullkaiten
fumisuke
takaakikakei
hmsk
handy
yudai00
oracle4engineer
skmkzyk
tarotaro0129
hinatades
marcelosomers
brad_frost
tammyeverts
addyosmani
eileencodes
aarron
carmenintech
sachag
jlugia
afnizarnur
chriscoyier
samlambert
