The Bug Hunter’s Recon Methodology

August 08, 2021

790

The Bug Hunter’s Recon Methodology

Tushar Verma

August 08, 2021

Tweet

More Decks by Tushar Verma

See All by Tushar Verma

The Power of Recon_ Leveraging Recon for Easy $$$$

e11i0t_4lders0n

0

210

AWS Cloud Forensics & Incident Response

e11i0t_4lders0n

1

710

Hacking OAuth Applications

e11i0t_4lders0n

1

2.1k

Exploiting SSRF like a Boss

e11i0t_4lders0n

2

1.1k

How to Fail at Bug Bounty Hunting

e11i0t_4lders0n

1

1.7k

METHODOLOGIES AND APPROACH TO START BUG BOUNTY HUNTING

e11i0t_4lders0n

0

610

Bypassing 2FA Misconfiguration

e11i0t_4lders0n

1

2.4k

How to get started in bug bounty

e11i0t_4lders0n

1

500

Other Decks in Technology

See All in Technology

OCHaCafe S11 #2 コンテナ時代の次の一手：Wasm 最前線

oracle4engineer

PRO

2

130

Zeal of the Convert: Taming Shai-Hulud with AI

0

100

会社紹介資料 / Sansan Company Profile

PRO

16

410k

Postman v12 で変わる API開発ワークフロー (Postman v12 アップデート) / New API development workflow with Postman v12

0

130

Go標準パッケージのI/O処理をながめる

0

210

Abuse report だけじゃない。AWS から緊急連絡が来る状況とは？昨今の攻撃や被害の事例の紹介と備えておきたい考え方について

1

720

JAWSDAYS2026_A-6_現場SEが語る回せるセキュリティ運用～設計で可視化、AIで加速する「楽に回る」運用設計のコツ～

0

3k

Sansanでの認証基盤内製化と移行

PRO

0

480

DevOpsエージェントで実現する!！ AWS Well-Architected（W-A）を実現するシステム設計 / 20260307 Masaki Okuda

PRO

3

800

楽しく学ぼう！ネットワーク入門

4

3.3k

フロントエンド刷新 4年間の軌跡

0

410

20260311 技術SWG活動報告（デジタルアイデンティティ人材育成推進WG Ph2 活動報告会）

0

350

Featured

See All Featured

Bash Introduction

615

210k

Performance Is Good for Brains [We Love Speed 2024]

12

1.5k

Joys of Absence: A Defence of Solitary Play

1

310

Data-driven link building: lessons from a $708K investment (BrightonSEO talk)

1

980

JAMstack: Web Apps at Ludicrous Speed - All Things Open 2022

1

390

The browser strikes back

0

800

DBのスキルで生き残る技術 - AI時代におけるテーブル設計の勘所

PRO

63

51k

Chrome DevTools: State of the Union 2024 - Debugging React & Beyond

10

1.1k

30

1.4k

The Curse of the Amulet

1

10k

Designing Dashboards & Data Visualisations in Web Apps

231

54k

The MySQL Ecosystem @ GitHub 2015

251

13k

Transcript

The Bug Hunter’s Recon Methodology By: Tushar Verma
Whoami Application Security Engineer Synack Red Team Member Bug Bounty
Hunter Infosec Trainer & Speaker
Agenda Scope Review for any program Before Recon After Recon
Scope- based Recon Basic Methodolog y Tools and Automation frameworks
Scope review for any program • Assets • No of
reports resolved • Payout • Time to triage and Time to Bounty
Before Recon • Company name • Available scope • Overview
about the company business • Information from program page related to security purposes
After recon • Service info • Backend technology used •
Interesting Endpoints • Juicy links which may be vulnerable • More and more
Scope based recon • Small Scope Target-Single URL like domain
and subdomain(Ex. evil.com , info.evil.com • Medium Scope Target-Lists of subdomains(Ex. *.evil.com) • Large Scope Target-All website related to company is in scope
Basic Methodology Target : *.evil.com
Tools and Automation Framework ReconF TW Project Bheem Osmed eus
Get in touch at • Twitter: @e11i0t_4lders0n • LinkedIn: /in/tushars25
• Instagram: @e11i0t_4lders0n__ • Email: [email protected]
Thank you