Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
The Bug Hunter’s Recon Methodology
Search
Tushar Verma
August 08, 2021
Technology
2
780
The Bug Hunter’s Recon Methodology
Tushar Verma
August 08, 2021
Tweet
Share
More Decks by Tushar Verma
See All by Tushar Verma
The Power of Recon_ Leveraging Recon for Easy $$$$
e11i0t_4lders0n
0
190
AWS Cloud Forensics & Incident Response
e11i0t_4lders0n
1
690
Hacking OAuth Applications
e11i0t_4lders0n
1
2k
Exploiting SSRF like a Boss
e11i0t_4lders0n
2
1.1k
How to Fail at Bug Bounty Hunting
e11i0t_4lders0n
1
1.7k
METHODOLOGIES AND APPROACH TO START BUG BOUNTY HUNTING
e11i0t_4lders0n
0
580
Bypassing 2FA Misconfiguration
e11i0t_4lders0n
1
2.3k
How to get started in bug bounty
e11i0t_4lders0n
1
490
Other Decks in Technology
See All in Technology
仕様は“書く”より“語る” - 分断を超えたチーム開発の実践 / 20251115 Naoki Takahashi
shift_evolve
PRO
1
400
自己的售票系統自己做!
eddie
0
430
QAセントラル組織が運営する自動テストプラットフォームの課題と現状
lycorptech_jp
PRO
0
370
re:Invent完全攻略ガイド
junjikoide
1
280
Introducing RFC9111 / YAPC::Fukuoka 2025
k1low
1
220
ステートレスなLLMでステートフルなAI agentを作る - YAPC::Fukuoka 2025
gfx
4
600
コミュニティと共に変化する 私とFusicの8年間
ayasamind
0
450
Black Hat USA 2025 Recap ~ クラウドセキュリティ編 ~
kyohmizu
0
520
手を動かしながら学ぶデータモデリング - 論理設計から物理設計まで / Data modeling
soudai
PRO
19
4.2k
"おまじない"はもう卒業! デバッガで探るSpring Bootの裏側と「学び方」の学び方
takeuchi_132917
0
110
Design and implementation of "Markdown to Google Slides" / phpconfuk 2025
k1low
1
390
決済システムの信頼性を支える技術と運用の実践
ykagano
0
490
Featured
See All Featured
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
31
2.9k
Designing for humans not robots
tammielis
254
26k
No one is an island. Learnings from fostering a developers community.
thoeni
21
3.5k
Six Lessons from altMBA
skipperchong
29
4.1k
Typedesign – Prime Four
hannesfritz
42
2.9k
Optimising Largest Contentful Paint
csswizardry
37
3.5k
4 Signs Your Business is Dying
shpigford
186
22k
CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again
sstephenson
162
15k
VelocityConf: Rendering Performance Case Studies
addyosmani
333
24k
GraphQLとの向き合い方2022年版
quramy
49
14k
Large-scale JavaScript Application Architecture
addyosmani
514
110k
The Pragmatic Product Professional
lauravandoore
36
7k
Transcript
The Bug Hunter’s Recon Methodology By: Tushar Verma
Whoami Application Security Engineer Synack Red Team Member Bug Bounty
Hunter Infosec Trainer & Speaker
Agenda Scope Review for any program Before Recon After Recon
Scope- based Recon Basic Methodolog y Tools and Automation frameworks
Scope review for any program • Assets • No of
reports resolved • Payout • Time to triage and Time to Bounty
Before Recon • Company name • Available scope • Overview
about the company business • Information from program page related to security purposes
After recon • Service info • Backend technology used •
Interesting Endpoints • Juicy links which may be vulnerable • More and more
Scope based recon • Small Scope Target-Single URL like domain
and subdomain(Ex. evil.com , info.evil.com • Medium Scope Target-Lists of subdomains(Ex. *.evil.com) • Large Scope Target-All website related to company is in scope
Basic Methodology Target : *.evil.com
Tools and Automation Framework ReconF TW Project Bheem Osmed eus
Get in touch at • Twitter: @e11i0t_4lders0n • LinkedIn: /in/tushars25
• Instagram: @e11i0t_4lders0n__ • Email:
[email protected]
Thank you
e11i0t_4lders0n
shift_evolve
eddie
lycorptech_jp
junjikoide
k1low
gfx
ayasamind
kyohmizu
soudai
takeuchi_132917
ykagano
danielanewman
tammielis
thoeni
skipperchong
hannesfritz
csswizardry
shpigford
sstephenson
addyosmani
quramy
lauravandoore
