Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
The Bug Hunter’s Recon Methodology
Search
Sponsored
·
Ship Features Fearlessly
Turn features on and off without deploys. Used by thousands of Ruby developers.
→
Tushar Verma
August 08, 2021
Technology
2
790
The Bug Hunter’s Recon Methodology
Tushar Verma
August 08, 2021
Tweet
Share
More Decks by Tushar Verma
See All by Tushar Verma
The Power of Recon_ Leveraging Recon for Easy $$$$
e11i0t_4lders0n
0
210
AWS Cloud Forensics & Incident Response
e11i0t_4lders0n
1
710
Hacking OAuth Applications
e11i0t_4lders0n
1
2.1k
Exploiting SSRF like a Boss
e11i0t_4lders0n
2
1.1k
How to Fail at Bug Bounty Hunting
e11i0t_4lders0n
1
1.7k
METHODOLOGIES AND APPROACH TO START BUG BOUNTY HUNTING
e11i0t_4lders0n
0
600
Bypassing 2FA Misconfiguration
e11i0t_4lders0n
1
2.4k
How to get started in bug bounty
e11i0t_4lders0n
1
500
Other Decks in Technology
See All in Technology
クラウド時代における一時権限取得
krrrr38
1
150
AI が Approve する開発フロー / How AI Reviewers Accelerate Our Development
zaimy
1
260
【SLO】"多様な期待値" と向き合ってみた
z63d
2
290
フルカイテン株式会社 エンジニア向け採用資料
fullkaiten
0
10k
Oracle Cloud Infrastructure:2026年2月度サービス・アップデート
oracle4engineer
PRO
0
200
AI Agentにおける評価指標とAgent GPA
tsho
1
280
DX Improvement at Scale
ntk1000
2
240
名刺メーカーDevグループ 紹介資料
sansan33
PRO
0
1.1k
社内でAWS BuilderCards体験会を立ち上げ、得られた気づき / 20260225 Masaki Okuda
shift_evolve
PRO
1
160
Kaggleで鍛えたスキルの実務での活かし方 競技とプロダクト開発のリアル
recruitengineers
PRO
1
100
Eight Engineering Unit 紹介資料
sansan33
PRO
1
6.9k
チームメンバー迷わないIaC設計
hayama17
5
3.7k
Featured
See All Featured
The Illustrated Children's Guide to Kubernetes
chrisshort
51
52k
Max Prin - Stacking Signals: How International SEO Comes Together (And Falls Apart)
techseoconnect
PRO
0
110
Stop Working from a Prison Cell
hatefulcrawdad
274
21k
StorybookのUI Testing Handbookを読んだ
zakiyama
31
6.6k
How Fast Is Fast Enough? [PerfNow 2025]
tammyeverts
3
470
The Director’s Chair: Orchestrating AI for Truly Effective Learning
tmiket
1
120
What’s in a name? Adding method to the madness
productmarketing
PRO
24
4k
The Web Performance Landscape in 2024 [PerfNow 2024]
tammyeverts
12
1k
What's in a price? How to price your products and services
michaelherold
247
13k
エンジニアに許された特別な時間の終わり
watany
106
240k
Color Theory Basics | Prateek | Gurzu
gurzu
0
220
How to Align SEO within the Product Triangle To Get Buy-In & Support - #RIMC
aleyda
1
1.4k
Transcript
The Bug Hunter’s Recon Methodology By: Tushar Verma
Whoami Application Security Engineer Synack Red Team Member Bug Bounty
Hunter Infosec Trainer & Speaker
Agenda Scope Review for any program Before Recon After Recon
Scope- based Recon Basic Methodolog y Tools and Automation frameworks
Scope review for any program • Assets • No of
reports resolved • Payout • Time to triage and Time to Bounty
Before Recon • Company name • Available scope • Overview
about the company business • Information from program page related to security purposes
After recon • Service info • Backend technology used •
Interesting Endpoints • Juicy links which may be vulnerable • More and more
Scope based recon • Small Scope Target-Single URL like domain
and subdomain(Ex. evil.com , info.evil.com • Medium Scope Target-Lists of subdomains(Ex. *.evil.com) • Large Scope Target-All website related to company is in scope
Basic Methodology Target : *.evil.com
Tools and Automation Framework ReconF TW Project Bheem Osmed eus
Get in touch at • Twitter: @e11i0t_4lders0n • LinkedIn: /in/tushars25
• Instagram: @e11i0t_4lders0n__ • Email:
[email protected]
Thank you
e11i0t_4lders0n
krrrr38
zaimy
z63d
fullkaiten
oracle4engineer
tsho
ntk1000
sansan33
shift_evolve
recruitengineers
hayama17
chrisshort
techseoconnect
hatefulcrawdad
zakiyama
tammyeverts
tmiket
productmarketing
michaelherold
watany
gurzu
aleyda
