Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
The Bug Hunter’s Recon Methodology
Search
Tushar Verma
August 08, 2021
Technology
800
2
Share
The Bug Hunter’s Recon Methodology
Tushar Verma
August 08, 2021
More Decks by Tushar Verma
See All by Tushar Verma
The Power of Recon_ Leveraging Recon for Easy $$$$
e11i0t_4lders0n
0
220
AWS Cloud Forensics & Incident Response
e11i0t_4lders0n
1
720
Hacking OAuth Applications
e11i0t_4lders0n
1
2.1k
Exploiting SSRF like a Boss
e11i0t_4lders0n
2
1.1k
How to Fail at Bug Bounty Hunting
e11i0t_4lders0n
1
1.7k
METHODOLOGIES AND APPROACH TO START BUG BOUNTY HUNTING
e11i0t_4lders0n
0
610
Bypassing 2FA Misconfiguration
e11i0t_4lders0n
1
2.4k
How to get started in bug bounty
e11i0t_4lders0n
1
500
Other Decks in Technology
See All in Technology
Move Fast and Break Things: 10 in 20
ramimac
0
110
脳が溶けた話 / Melted Brain
keisuke69
1
1.2k
CREがSLOを握ると 何が変わるのか
nekomaho
0
370
QA組織のAI戦略とAIテスト設計システムAITASの実践
sansantech
PRO
1
300
Embeddings : Symfony AI en pratique
lyrixx
0
440
やさしいとこから始めるGitHubリポジトリのセキュリティ
tsubakimoto_s
3
2.1k
スクラムを支える内部品質の話
iij_pr
0
160
TUNA Camp 2026 京都Stage ヒューリスティックアルゴリズム入門
terryu16
0
660
Oracle AI Database@Google Cloud:サービス概要のご紹介
oracle4engineer
PRO
5
1.3k
Physical AI on AWS リファレンスアーキテクチャ / Physical AI on AWS Reference Architecture
aws_shota
1
290
【Oracle Cloud ウェビナー】データ主権はクラウドで守れるのか?NTTデータ様のOracle Alloyで実現するソブリン対応クラウドの最適解
oracle4engineer
PRO
3
130
非同期・イベント駆動処理の分散トレーシングの繋げ方
ichikawaken
1
250
Featured
See All Featured
Conquering PDFs: document understanding beyond plain text
inesmontani
PRO
4
2.5k
Breaking role norms: Why Content Design is so much more than writing copy - Taylor Woolridge
uxyall
0
240
Heart Work Chapter 1 - Part 1
lfama
PRO
5
35k
Practical Orchestrator
shlominoach
191
11k
Paper Plane
katiecoart
PRO
1
48k
Building a A Zero-Code AI SEO Workflow
portentint
PRO
0
420
How People are Using Generative and Agentic AI to Supercharge Their Products, Projects, Services and Value Streams Today
helenjbeal
1
150
Optimizing for Happiness
mojombo
378
71k
Product Roadmaps are Hard
iamctodd
PRO
55
12k
Mozcon NYC 2025: Stop Losing SEO Traffic
samtorres
0
190
Automating Front-end Workflow
addyosmani
1370
200k
Joys of Absence: A Defence of Solitary Play
codingconduct
1
330
Transcript
The Bug Hunter’s Recon Methodology By: Tushar Verma
Whoami Application Security Engineer Synack Red Team Member Bug Bounty
Hunter Infosec Trainer & Speaker
Agenda Scope Review for any program Before Recon After Recon
Scope- based Recon Basic Methodolog y Tools and Automation frameworks
Scope review for any program • Assets • No of
reports resolved • Payout • Time to triage and Time to Bounty
Before Recon • Company name • Available scope • Overview
about the company business • Information from program page related to security purposes
After recon • Service info • Backend technology used •
Interesting Endpoints • Juicy links which may be vulnerable • More and more
Scope based recon • Small Scope Target-Single URL like domain
and subdomain(Ex. evil.com , info.evil.com • Medium Scope Target-Lists of subdomains(Ex. *.evil.com) • Large Scope Target-All website related to company is in scope
Basic Methodology Target : *.evil.com
Tools and Automation Framework ReconF TW Project Bheem Osmed eus
Get in touch at • Twitter: @e11i0t_4lders0n • LinkedIn: /in/tushars25
• Instagram: @e11i0t_4lders0n__ • Email:
[email protected]
Thank you
e11i0t_4lders0n
ramimac
keisuke69
nekomaho
sansantech
lyrixx
tsubakimoto_s
iij_pr
terryu16
oracle4engineer
aws_shota
ichikawaken
inesmontani
uxyall
lfama
shlominoach
katiecoart
portentint
.png){kind=avatar}
helenjbeal
mojombo
iamctodd
samtorres
addyosmani
codingconduct
