$30 off During Our Annual Pro Sale. View Details »
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
The Bug Hunter’s Recon Methodology
Search
Tushar Verma
August 08, 2021
Technology
2
790
The Bug Hunter’s Recon Methodology
Tushar Verma
August 08, 2021
Tweet
Share
More Decks by Tushar Verma
See All by Tushar Verma
The Power of Recon_ Leveraging Recon for Easy $$$$
e11i0t_4lders0n
0
200
AWS Cloud Forensics & Incident Response
e11i0t_4lders0n
1
690
Hacking OAuth Applications
e11i0t_4lders0n
1
2k
Exploiting SSRF like a Boss
e11i0t_4lders0n
2
1.1k
How to Fail at Bug Bounty Hunting
e11i0t_4lders0n
1
1.7k
METHODOLOGIES AND APPROACH TO START BUG BOUNTY HUNTING
e11i0t_4lders0n
0
590
Bypassing 2FA Misconfiguration
e11i0t_4lders0n
1
2.3k
How to get started in bug bounty
e11i0t_4lders0n
1
490
Other Decks in Technology
See All in Technology
eBPFとwaruiBPF
sat
PRO
2
930
mablでリグレッションテストをデイリー実行するまで #mablExperience
bengo4com
0
470
研究開発部メンバーの働き⽅ / Sansan R&D Profile
sansan33
PRO
3
21k
All About Sansan – for New Global Engineers
sansan33
PRO
1
1.3k
“決まらない”NSM設計への処方箋 〜ビットキーにおける現実的な指標デザイン事例〜 / A Prescription for "Stuck" NSM Design: Bitkey’s Practical Case Study
bitkey
PRO
1
340
プロダクトマネージャーが押さえておくべき、ソフトウェア資産とAIエージェント投資効果 / pmconf2025
i35_267
2
340
Multimodal AI Driving Solutions to Societal Challenges
keio_smilab
PRO
1
120
翻訳・対話・越境で強いチームワークを作ろう! / Building Strong Teamwork through Interpretation, Dialogue, and Border-Crossing
ar_tama
4
1.6k
命名から始めるSpec Driven
kuruwic
3
830
Security Diaries of an Open Source IAM
ahus1
0
110
Digitization部 紹介資料
sansan33
PRO
1
6.1k
手動から自動へ、そしてその先へ
moritamasami
0
180
Featured
See All Featured
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
irinanazarova
9
1.1k
What’s in a name? Adding method to the madness
productmarketing
PRO
24
3.8k
Rails Girls Zürich Keynote
gr2m
95
14k
Intergalactic Javascript Robots from Outer Space
tanoku
273
27k
Measuring & Analyzing Core Web Vitals
bluesmoon
9
690
XXLCSS - How to scale CSS and keep your sanity
sugarenia
249
1.3M
Into the Great Unknown - MozCon
thekraken
40
2.2k
Building an army of robots
kneath
306
46k
Why You Should Never Use an ORM
jnunemaker
PRO
60
9.6k
Navigating Team Friction
lara
191
16k
How STYLIGHT went responsive
nonsquared
100
5.9k
The MySQL Ecosystem @ GitHub 2015
samlambert
251
13k
Transcript
The Bug Hunter’s Recon Methodology By: Tushar Verma
Whoami Application Security Engineer Synack Red Team Member Bug Bounty
Hunter Infosec Trainer & Speaker
Agenda Scope Review for any program Before Recon After Recon
Scope- based Recon Basic Methodolog y Tools and Automation frameworks
Scope review for any program • Assets • No of
reports resolved • Payout • Time to triage and Time to Bounty
Before Recon • Company name • Available scope • Overview
about the company business • Information from program page related to security purposes
After recon • Service info • Backend technology used •
Interesting Endpoints • Juicy links which may be vulnerable • More and more
Scope based recon • Small Scope Target-Single URL like domain
and subdomain(Ex. evil.com , info.evil.com • Medium Scope Target-Lists of subdomains(Ex. *.evil.com) • Large Scope Target-All website related to company is in scope
Basic Methodology Target : *.evil.com
Tools and Automation Framework ReconF TW Project Bheem Osmed eus
Get in touch at • Twitter: @e11i0t_4lders0n • LinkedIn: /in/tushars25
• Instagram: @e11i0t_4lders0n__ • Email:
[email protected]
Thank you
e11i0t_4lders0n
sat
bengo4com
sansan33
bitkey
i35_267
keio_smilab
ar_tama
kuruwic
ahus1
moritamasami
irinanazarova
productmarketing
gr2m
tanoku
bluesmoon
sugarenia
thekraken
kneath
jnunemaker
lara
nonsquared
samlambert
