Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
The Bug Hunter’s Recon Methodology
Search
Tushar Verma
August 08, 2021
Technology
2
790
The Bug Hunter’s Recon Methodology
Tushar Verma
August 08, 2021
Tweet
Share
More Decks by Tushar Verma
See All by Tushar Verma
The Power of Recon_ Leveraging Recon for Easy $$$$
e11i0t_4lders0n
0
200
AWS Cloud Forensics & Incident Response
e11i0t_4lders0n
1
710
Hacking OAuth Applications
e11i0t_4lders0n
1
2.1k
Exploiting SSRF like a Boss
e11i0t_4lders0n
2
1.1k
How to Fail at Bug Bounty Hunting
e11i0t_4lders0n
1
1.7k
METHODOLOGIES AND APPROACH TO START BUG BOUNTY HUNTING
e11i0t_4lders0n
0
600
Bypassing 2FA Misconfiguration
e11i0t_4lders0n
1
2.4k
How to get started in bug bounty
e11i0t_4lders0n
1
500
Other Decks in Technology
See All in Technology
Scrum Fest Morioka 2026
kawaguti
PRO
2
600
【5分でわかる】セーフィー エンジニア向け会社紹介
safie_recruit
0
43k
俺の失敗を乗り越えろ!メーカーの開発現場での失敗談と乗り越え方 ~ゆるゆるチームリーダー編~
spiddle
0
300
Oracle Base Database Service 技術詳細
oracle4engineer
PRO
15
94k
論文検索を日本語でできるアプリを作ってみた
sailen2
0
110
あすけん_Developers_Summit_2026_-_Vibe_Coding起点での新機能開発で__あすけん_が乗り越えた壁.pdf
iwahiro
0
740
GoとWasmでつくる軽量ブラウザUI
keyl0ve
0
130
【Claude Code】Plugins作成から始まったファインディの開発フロー改革
starfish719
0
440
vol11_ねこIoTLT_お遊びVibeCoding
1027kg
0
180
【2026年版】生成AIによる情報システムへのインパクト
taka_aki
0
170
「静的解析」だけで終わらせない。 SonarQube の最新機能 × AIで エンジニアの開発生産性を本気で上げる方法
xibuka
2
260
AI時代のAPIファースト開発
nagix
1
520
Featured
See All Featured
Digital Ethics as a Driver of Design Innovation
axbom
PRO
1
200
What does AI have to do with Human Rights?
axbom
PRO
0
2k
How to Build an AI Search Optimization Roadmap - Criteria and Steps to Take #SEOIRL
aleyda
1
1.9k
GitHub's CSS Performance
jonrohan
1032
470k
Practical Tips for Bootstrapping Information Extraction Pipelines
honnibal
25
1.8k
Designing for humans not robots
tammielis
254
26k
Crafting Experiences
bethany
1
65
My Coaching Mixtape
mlcsv
0
61
Lightning talk: Run Django tests with GitHub Actions
sabderemane
0
130
The #1 spot is gone: here's how to win anyway
tamaranovitovic
2
960
Making Projects Easy
brettharned
120
6.6k
How to audit for AI Accessibility on your Front & Back End
davetheseo
0
200
Transcript
The Bug Hunter’s Recon Methodology By: Tushar Verma
Whoami Application Security Engineer Synack Red Team Member Bug Bounty
Hunter Infosec Trainer & Speaker
Agenda Scope Review for any program Before Recon After Recon
Scope- based Recon Basic Methodolog y Tools and Automation frameworks
Scope review for any program • Assets • No of
reports resolved • Payout • Time to triage and Time to Bounty
Before Recon • Company name • Available scope • Overview
about the company business • Information from program page related to security purposes
After recon • Service info • Backend technology used •
Interesting Endpoints • Juicy links which may be vulnerable • More and more
Scope based recon • Small Scope Target-Single URL like domain
and subdomain(Ex. evil.com , info.evil.com • Medium Scope Target-Lists of subdomains(Ex. *.evil.com) • Large Scope Target-All website related to company is in scope
Basic Methodology Target : *.evil.com
Tools and Automation Framework ReconF TW Project Bheem Osmed eus
Get in touch at • Twitter: @e11i0t_4lders0n • LinkedIn: /in/tushars25
• Instagram: @e11i0t_4lders0n__ • Email:
[email protected]
Thank you
e11i0t_4lders0n
kawaguti
safie_recruit
spiddle
oracle4engineer
sailen2
iwahiro
keyl0ve
starfish719
1027kg
taka_aki
xibuka
nagix
axbom
aleyda
jonrohan
honnibal
tammielis
bethany
mlcsv
sabderemane
tamaranovitovic
brettharned
davetheseo
