Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
The Bug Hunter’s Recon Methodology
Search
Tushar Verma
August 08, 2021
Technology
800
2
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
The Bug Hunter’s Recon Methodology
Tushar Verma
August 08, 2021
More Decks by Tushar Verma
See All by Tushar Verma
The Power of Recon_ Leveraging Recon for Easy $$$$
e11i0t_4lders0n
0
230
AWS Cloud Forensics & Incident Response
e11i0t_4lders0n
1
720
Hacking OAuth Applications
e11i0t_4lders0n
1
2.1k
Exploiting SSRF like a Boss
e11i0t_4lders0n
2
1.1k
How to Fail at Bug Bounty Hunting
e11i0t_4lders0n
1
1.7k
METHODOLOGIES AND APPROACH TO START BUG BOUNTY HUNTING
e11i0t_4lders0n
0
620
Bypassing 2FA Misconfiguration
e11i0t_4lders0n
1
2.4k
How to get started in bug bounty
e11i0t_4lders0n
1
510
Other Decks in Technology
See All in Technology
「勝手に広まる」人気 AI エージェントを爆速で作ろう!(AWS Summit Japan 2026講演資料)
minorun365
PRO
3
580
【Cyber-sec+】経営層を"動かす"ための考え方
hssh2_bin
0
190
入門!AWS Blocks
ysuzuki
1
150
新しいUbuntu/GNOMEが使いたいからXからWaylandへ移行頑張ってるの巻 2026-06-20
nobutomurata
0
140
【セミナー資料】Claude Code をセキュアに使うための考え方と設定の勘どころ / Claude Code Webinar 20260616
masahirokawahara
2
400
SteampipeとExcel Power QueryでAWS構成定義書の作成を自動化する
jhashimoto
0
130
プロダクト開発から業務改善コンサルまで。事業全体へ「染み出す」ことで広がるエンジニアの可能性
ham0215
0
140
When Platform Engineering Meets GenAI
sucitw
0
110
Kiro Ambassador を目指す話
k_adachi_01
0
100
SONiCのLinuxベースを活かしたZabbix監視
sonic
0
200
IaC コードを資産へ:AWS CDK 社内ライブラリと横断展開 / aws-summit-japan-2026
gotok365
1
310
脆弱性対応、どこで線を引くか
rymiyamoto
1
410
Featured
See All Featured
How To Stay Up To Date on Web Technology
chriscoyier
790
250k
Become a Pro
speakerdeck
PRO
31
6k
HDC tutorial
michielstock
2
720
The Director’s Chair: Orchestrating AI for Truly Effective Learning
tmiket
1
200
How STYLIGHT went responsive
nonsquared
100
6.2k
What’s in a name? Adding method to the madness
productmarketing
PRO
24
4.1k
Writing Fast Ruby
sferik
630
63k
Unsuck your backbone
ammeep
672
58k
Put a Button on it: Removing Barriers to Going Fast.
kastner
60
4.3k
Designing Experiences People Love
moore
143
24k
Balancing Empowerment & Direction
lara
6
1.2k
SEO in 2025: How to Prepare for the Future of Search
ipullrank
3
3.5k
Transcript
The Bug Hunter’s Recon Methodology By: Tushar Verma
Whoami Application Security Engineer Synack Red Team Member Bug Bounty
Hunter Infosec Trainer & Speaker
Agenda Scope Review for any program Before Recon After Recon
Scope- based Recon Basic Methodolog y Tools and Automation frameworks
Scope review for any program • Assets • No of
reports resolved • Payout • Time to triage and Time to Bounty
Before Recon • Company name • Available scope • Overview
about the company business • Information from program page related to security purposes
After recon • Service info • Backend technology used •
Interesting Endpoints • Juicy links which may be vulnerable • More and more
Scope based recon • Small Scope Target-Single URL like domain
and subdomain(Ex. evil.com , info.evil.com • Medium Scope Target-Lists of subdomains(Ex. *.evil.com) • Large Scope Target-All website related to company is in scope
Basic Methodology Target : *.evil.com
Tools and Automation Framework ReconF TW Project Bheem Osmed eus
Get in touch at • Twitter: @e11i0t_4lders0n • LinkedIn: /in/tushars25
• Instagram: @e11i0t_4lders0n__ • Email:
[email protected]
Thank you
e11i0t_4lders0n
minorun365
hssh2_bin
ysuzuki
nobutomurata
masahirokawahara
jhashimoto
ham0215
sucitw
k_adachi_01
sonic
gotok365
rymiyamoto
chriscoyier
speakerdeck
michielstock
tmiket
nonsquared
productmarketing
sferik
ammeep
kastner
moore
lara
ipullrank
