Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
The Bug Hunter’s Recon Methodology
Search
Tushar Verma
August 08, 2021
Technology
2
790
The Bug Hunter’s Recon Methodology
Tushar Verma
August 08, 2021
Tweet
Share
More Decks by Tushar Verma
See All by Tushar Verma
The Power of Recon_ Leveraging Recon for Easy $$$$
e11i0t_4lders0n
0
200
AWS Cloud Forensics & Incident Response
e11i0t_4lders0n
1
700
Hacking OAuth Applications
e11i0t_4lders0n
1
2.1k
Exploiting SSRF like a Boss
e11i0t_4lders0n
2
1.1k
How to Fail at Bug Bounty Hunting
e11i0t_4lders0n
1
1.7k
METHODOLOGIES AND APPROACH TO START BUG BOUNTY HUNTING
e11i0t_4lders0n
0
600
Bypassing 2FA Misconfiguration
e11i0t_4lders0n
1
2.3k
How to get started in bug bounty
e11i0t_4lders0n
1
500
Other Decks in Technology
See All in Technology
Agentic AIが変革するAWSの開発・運用・セキュリティ ~Frontier Agentsを試してみた~ / Agentic AI transforms AWS development, operations, and security I tried Frontier Agents
yuj1osm
0
160
松尾研LLM講座2025 応用編Day3「軽量化」 講義資料
aratako
14
4.7k
Agent Skillsがハーネスの垣根を超える日
gotalab555
7
4.9k
ハッカソンから社内プロダクトへ AIエージェント ko☆shi 開発で学んだ4つの重要要素
leveragestech
0
440
小さく、早く、可能性を多産する。生成AIプロジェクト / prAIrie-dog
visional_engineering_and_design
0
220
Cloud WAN MCP Serverから考える新しいネットワーク運用 / 20251228 Masaki Okuda
shift_evolve
PRO
0
130
Introduce marp-ai-slide-generator
itarutomy
0
150
ECS_EKS以外の選択肢_ROSA入門_.pdf
masakiokuda
1
120
20251222_サンフランシスコサバイバル術
ponponmikankan
2
150
Oracle Database@Google Cloud:サービス概要のご紹介
oracle4engineer
PRO
1
790
MariaDB Connector/C のcaching_sha2_passwordプラグインの仕様について
boro1234
0
1.1k
Microsoft Agent Frameworkの可観測性
tomokusaba
1
120
Featured
See All Featured
The SEO identity crisis: Don't let AI make you average
varn
0
40
ラッコキーワード サービス紹介資料
rakko
0
1.9M
Are puppies a ranking factor?
jonoalderson
0
2.5k
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
234
17k
Leveraging LLMs for student feedback in introductory data science courses - posit::conf(2025)
minecr
0
97
No one is an island. Learnings from fostering a developers community.
thoeni
21
3.6k
brightonSEO & MeasureFest 2025 - Christian Goodrich - Winning strategies for Black Friday CRO & PPC
cargoodrich
2
73
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
194
17k
Git: the NoSQL Database
bkeepers
PRO
432
66k
Designing for Timeless Needs
cassininazir
0
100
[RailsConf 2023] Rails as a piece of cake
palkan
58
6.2k
Designing Experiences People Love
moore
143
24k
Transcript
The Bug Hunter’s Recon Methodology By: Tushar Verma
Whoami Application Security Engineer Synack Red Team Member Bug Bounty
Hunter Infosec Trainer & Speaker
Agenda Scope Review for any program Before Recon After Recon
Scope- based Recon Basic Methodolog y Tools and Automation frameworks
Scope review for any program • Assets • No of
reports resolved • Payout • Time to triage and Time to Bounty
Before Recon • Company name • Available scope • Overview
about the company business • Information from program page related to security purposes
After recon • Service info • Backend technology used •
Interesting Endpoints • Juicy links which may be vulnerable • More and more
Scope based recon • Small Scope Target-Single URL like domain
and subdomain(Ex. evil.com , info.evil.com • Medium Scope Target-Lists of subdomains(Ex. *.evil.com) • Large Scope Target-All website related to company is in scope
Basic Methodology Target : *.evil.com
Tools and Automation Framework ReconF TW Project Bheem Osmed eus
Get in touch at • Twitter: @e11i0t_4lders0n • LinkedIn: /in/tushars25
• Instagram: @e11i0t_4lders0n__ • Email:
[email protected]
Thank you
e11i0t_4lders0n
yuj1osm
.jpg){kind=avatar}
aratako
gotalab555
leveragestech
visional_engineering_and_design
shift_evolve
itarutomy
masakiokuda
ponponmikankan
oracle4engineer
boro1234
tomokusaba
varn
rakko
jonoalderson
marcelosomers
minecr
thoeni
cargoodrich
afnizarnur
bkeepers
cassininazir
palkan
moore
