The Bug Hunter’s Recon Methodology

August 08, 2021

790

The Bug Hunter’s Recon Methodology

Tushar Verma

August 08, 2021

Tweet

More Decks by Tushar Verma

See All by Tushar Verma

The Power of Recon_ Leveraging Recon for Easy $$$$

e11i0t_4lders0n

0

200

AWS Cloud Forensics & Incident Response

e11i0t_4lders0n

1

700

Hacking OAuth Applications

e11i0t_4lders0n

1

2.1k

Exploiting SSRF like a Boss

e11i0t_4lders0n

2

1.1k

How to Fail at Bug Bounty Hunting

e11i0t_4lders0n

1

1.7k

METHODOLOGIES AND APPROACH TO START BUG BOUNTY HUNTING

e11i0t_4lders0n

0

600

Bypassing 2FA Misconfiguration

e11i0t_4lders0n

1

2.3k

How to get started in bug bounty

e11i0t_4lders0n

1

500

Other Decks in Technology

See All in Technology

SREチームをどう作り、どう育てるか ― Findy横断SREのマネジメント

0

330

OpenShiftでllm-dを動かそう！

0

140

マネージャー視点で考えるプロダクトエンジニアの評価 / Evaluating Product Engineers from a Manager's Perspective

0

130

こんなところでも（地味に）活躍するImage Modeさんを知ってるかい？- Image Mode for OpenShift -

1

170

Claude_CodeでSEOを最適化する_AI_Ops_Community_Vol.2__マーケティングx_AIはここまで進化した.pdf

2

610

10Xにおける品質保証活動の全体像と改善 #no_more_wait_for_test

PRO

2

330

学生・新卒・ジュニアから目指すSRE

2

730

pool.ntp.orgに⾃宅サーバーで参加してみたら...

0

320

M&A 後の統合をどう進めるか ─ ナレッジワーク × Poetics が実践した組織とシステムの融合

PRO

1

490

OWASP Top 10:2025 リリースと少しの日本語化にまつわる裏話

PRO

3

840

Codex 5.3 と Opus 4.6 にコーポレートサイトを作らせてみた / Codex 5.3 vs Opus 4.6

0

190

ClickHouseはどのように大規模データを活用したAIエージェントを全社展開しているのか

0

270

Featured

See All Featured

Organizational Design Perspectives: An Ontology of Organizational Design Elements

PRO

1

470

PRO

31

5.8k

Making the Leap to Tech Lead

135

9.7k

Everyday Curiosity

0

130

How to Talk to Developers About Accessibility

2

140

Are puppies a ranking factor?

1

2.7k

[RailsConf 2023 Opening Keynote] The Magic of Rails

31

9.9k

How to Create Impact in a Changing Tech Landscape [PerfNow 2023]

55

3.3k

How to Align SEO within the Product Triangle To Get  Buy-In & Support - #RIMC

1

1.4k

How to Ace a Technical Interview

281

24k

Imperfection Machines: The Place of Print at Facebook

269

14k

Self-Hosted WebAssembly Runtime for Runtime-Neutral Checkpoint/Restore in Edge–Cloud Continuum

0

330

Transcript

The Bug Hunter’s Recon Methodology By: Tushar Verma
Whoami Application Security Engineer Synack Red Team Member Bug Bounty
Hunter Infosec Trainer & Speaker
Agenda Scope Review for any program Before Recon After Recon
Scope- based Recon Basic Methodolog y Tools and Automation frameworks
Scope review for any program • Assets • No of
reports resolved • Payout • Time to triage and Time to Bounty
Before Recon • Company name • Available scope • Overview
about the company business • Information from program page related to security purposes
After recon • Service info • Backend technology used •
Interesting Endpoints • Juicy links which may be vulnerable • More and more
Scope based recon • Small Scope Target-Single URL like domain
and subdomain(Ex. evil.com , info.evil.com • Medium Scope Target-Lists of subdomains(Ex. *.evil.com) • Large Scope Target-All website related to company is in scope
Basic Methodology Target : *.evil.com
Tools and Automation Framework ReconF TW Project Bheem Osmed eus
Get in touch at • Twitter: @e11i0t_4lders0n • LinkedIn: /in/tushars25
• Instagram: @e11i0t_4lders0n__ • Email: [email protected]
Thank you