Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
The Bug Hunter’s Recon Methodology
Search
Tushar Verma
August 08, 2021
Technology
2
750
The Bug Hunter’s Recon Methodology
Tushar Verma
August 08, 2021
Tweet
Share
More Decks by Tushar Verma
See All by Tushar Verma
The Power of Recon_ Leveraging Recon for Easy $$$$
e11i0t_4lders0n
0
150
AWS Cloud Forensics & Incident Response
e11i0t_4lders0n
1
640
Hacking OAuth Applications
e11i0t_4lders0n
1
2k
Exploiting SSRF like a Boss
e11i0t_4lders0n
2
1.1k
How to Fail at Bug Bounty Hunting
e11i0t_4lders0n
1
1.7k
METHODOLOGIES AND APPROACH TO START BUG BOUNTY HUNTING
e11i0t_4lders0n
0
540
Bypassing 2FA Misconfiguration
e11i0t_4lders0n
1
2.2k
How to get started in bug bounty
e11i0t_4lders0n
1
470
Other Decks in Technology
See All in Technology
アプリをリリースできる状態に保ったまま 段階的にリファクタリングするための 戦略と戦術 / Strategies and tactics for incremental refactoring
yanzm
6
1.4k
タイミーのレコメンドにおける ABテストの運用
ozeshun
1
140
技術的負債解消の取り組みと専門チームのお話
bengo4com
0
330
どこよりも遅めなWinActor Ver.7.5.0 新機能紹介
tamai_63
0
210
OCI で始める!! Red Hat OpenShift / Get Started OpenShift on OCI
oracle4engineer
PRO
1
180
App Router を実プロダクトで採用して見えてきた勘所をちょっとだけ紹介
marokanatani
1
930
不動産 x AIことはじめ~データの真価を拓くために
estie
0
110
AI活用したくてもできなかった不動産SaaSの今とこれから
nealle
0
330
o1のAPIで実験してみたが 制限きつすぎて辛かった話
pharma_x_tech
0
200
JTCや セキュリティチェックリストが夢の跡
nikinusu
1
640
QAに対する超個人的な解釈 / Personal Take on QA
toma_sm
1
100
【株式会社ELYZA】|GENIAC成果報告会 自社開発モデルプレゼンテーション
elyza
1
270
Featured
See All Featured
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
248
20k
Optimising Largest Contentful Paint
csswizardry
31
2.8k
How to train your dragon (web standard)
notwaldorf
85
5.6k
Java REST API Framework Comparison - PWX 2021
mraible
PRO
27
7.4k
Building a Modern Day E-commerce SEO Strategy
aleyda
36
6.8k
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
230
17k
Building a Scalable Design System with Sketch
lauravandoore
459
32k
Side Projects
sachag
451
42k
Facilitating Awesome Meetings
lara
49
5.9k
Building an army of robots
kneath
302
42k
How to name files
jennybc
75
98k
Adopting Sorbet at Scale
ufuk
73
8.9k
Transcript
The Bug Hunter’s Recon Methodology By: Tushar Verma
Whoami Application Security Engineer Synack Red Team Member Bug Bounty
Hunter Infosec Trainer & Speaker
Agenda Scope Review for any program Before Recon After Recon
Scope- based Recon Basic Methodolog y Tools and Automation frameworks
Scope review for any program • Assets • No of
reports resolved • Payout • Time to triage and Time to Bounty
Before Recon • Company name • Available scope • Overview
about the company business • Information from program page related to security purposes
After recon • Service info • Backend technology used •
Interesting Endpoints • Juicy links which may be vulnerable • More and more
Scope based recon • Small Scope Target-Single URL like domain
and subdomain(Ex. evil.com , info.evil.com • Medium Scope Target-Lists of subdomains(Ex. *.evil.com) • Large Scope Target-All website related to company is in scope
Basic Methodology Target : *.evil.com
Tools and Automation Framework ReconF TW Project Bheem Osmed eus
Get in touch at • Twitter: @e11i0t_4lders0n • LinkedIn: /in/tushars25
• Instagram: @e11i0t_4lders0n__ • Email:
[email protected]
Thank you