Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
The Bug Hunter’s Recon Methodology
Search
Sponsored
·
Your Podcast. Everywhere. Effortlessly.
Share. Educate. Inspire. Entertain. You do you. We'll handle the rest.
→
Tushar Verma
August 08, 2021
Technology
800
2
Share
The Bug Hunter’s Recon Methodology
Tushar Verma
August 08, 2021
More Decks by Tushar Verma
See All by Tushar Verma
The Power of Recon_ Leveraging Recon for Easy $$$$
e11i0t_4lders0n
0
230
AWS Cloud Forensics & Incident Response
e11i0t_4lders0n
1
720
Hacking OAuth Applications
e11i0t_4lders0n
1
2.1k
Exploiting SSRF like a Boss
e11i0t_4lders0n
2
1.1k
How to Fail at Bug Bounty Hunting
e11i0t_4lders0n
1
1.7k
METHODOLOGIES AND APPROACH TO START BUG BOUNTY HUNTING
e11i0t_4lders0n
0
620
Bypassing 2FA Misconfiguration
e11i0t_4lders0n
1
2.4k
How to get started in bug bounty
e11i0t_4lders0n
1
510
Other Decks in Technology
See All in Technology
AIプラットフォームを運用し続けるための可観測性
tanimuyk
4
650
AI駆動開発でなんでもハンズオン環境をつくってみた
yoshimi0227
0
180
Javaで学ぶSOLID原則
negima
1
240
テストコードのないプロジェクトにテストを根付かせる
tttol
0
230
string地獄を脱出する
sansantech
PRO
1
110
食べログのサーキットブレーカー導入を振り返って
atpons
1
160
海外カンファレンス「JavaOne」参加レポート ユーザー系IT企業における目的・成果/JavaOne Report Purpose and Results in the User IT Company
muit
0
120
ビジュアルプログラミングIoTLT vol.23
1ftseabass
PRO
0
160
Agentic AI時代における メルカリのAIガバナンスとガードレール実装
naoichihara
16
17k
個人の発見を、組織の知恵に 〜生成AI活用を"探索"から"組織の仕組み"へ〜
kintotechdev
2
210
ITエンジニアを取り巻く環境とキャリアパス / A career path for Japanese IT engineers
takatama
4
1.8k
Oracle AI Database@AWS:サービス概要のご紹介
oracle4engineer
PRO
4
2.7k
Featured
See All Featured
We Are The Robots
honzajavorek
0
240
Mind Mapping
helmedeiros
PRO
1
220
Navigating Algorithm Shifts & AI Overviews - #SMXNext
aleyda
1
1.3k
The Myth of the Modular Monolith - Day 2 Keynote - Rails World 2024
eileencodes
28
3.5k
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
marcduiker
35
2.5k
16th Malabo Montpellier Forum Presentation
akademiya2063
PRO
0
130
Building a Modern Day E-commerce SEO Strategy
aleyda
45
9.1k
Agile Leadership in an Agile Organization
kimpetersen
PRO
0
160
Visual Storytelling: How to be a Superhuman Communicator
reverentgeek
2
540
The untapped power of vector embeddings
frankvandijk
2
1.7k
YesSQL, Process and Tooling at Scale
rocio
174
15k
The SEO Collaboration Effect
kristinabergwall1
1
470
Transcript
The Bug Hunter’s Recon Methodology By: Tushar Verma
Whoami Application Security Engineer Synack Red Team Member Bug Bounty
Hunter Infosec Trainer & Speaker
Agenda Scope Review for any program Before Recon After Recon
Scope- based Recon Basic Methodolog y Tools and Automation frameworks
Scope review for any program • Assets • No of
reports resolved • Payout • Time to triage and Time to Bounty
Before Recon • Company name • Available scope • Overview
about the company business • Information from program page related to security purposes
After recon • Service info • Backend technology used •
Interesting Endpoints • Juicy links which may be vulnerable • More and more
Scope based recon • Small Scope Target-Single URL like domain
and subdomain(Ex. evil.com , info.evil.com • Medium Scope Target-Lists of subdomains(Ex. *.evil.com) • Large Scope Target-All website related to company is in scope
Basic Methodology Target : *.evil.com
Tools and Automation Framework ReconF TW Project Bheem Osmed eus
Get in touch at • Twitter: @e11i0t_4lders0n • LinkedIn: /in/tushars25
• Instagram: @e11i0t_4lders0n__ • Email:
[email protected]
Thank you
e11i0t_4lders0n
tanimuyk
yoshimi0227
negima
tttol
sansantech
atpons
muit
1ftseabass
naoichihara
kintotechdev
takatama
oracle4engineer
honzajavorek
helmedeiros
aleyda
eileencodes
marcduiker
akademiya2063
kimpetersen
reverentgeek
frankvandijk
rocio
kristinabergwall1
