Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
The Bug Hunter’s Recon Methodology
Search
Tushar Verma
August 08, 2021
Technology
2
790
The Bug Hunter’s Recon Methodology
Tushar Verma
August 08, 2021
Tweet
Share
More Decks by Tushar Verma
See All by Tushar Verma
The Power of Recon_ Leveraging Recon for Easy $$$$
e11i0t_4lders0n
0
200
AWS Cloud Forensics & Incident Response
e11i0t_4lders0n
1
700
Hacking OAuth Applications
e11i0t_4lders0n
1
2.1k
Exploiting SSRF like a Boss
e11i0t_4lders0n
2
1.1k
How to Fail at Bug Bounty Hunting
e11i0t_4lders0n
1
1.7k
METHODOLOGIES AND APPROACH TO START BUG BOUNTY HUNTING
e11i0t_4lders0n
0
600
Bypassing 2FA Misconfiguration
e11i0t_4lders0n
1
2.3k
How to get started in bug bounty
e11i0t_4lders0n
1
500
Other Decks in Technology
See All in Technology
re:Invent2025 セッションレポ ~Spec-driven development with Kiro~
nrinetcom
PRO
1
110
投資戦略を量産せよ 2 - マケデコセミナー(2025/12/26)
gamella
0
490
Keynoteから見るAWSの頭の中
nrinetcom
PRO
1
100
日本Rubyの会: これまでとこれから
snoozer05
PRO
6
250
Bedrock AgentCore Evaluationsで学ぶLLM as a judge入門
shichijoyuhi
2
280
2025年のデザインシステムとAI 活用を振り返る
leveragestech
0
370
『君の名は』と聞く君の名は。 / Your name, you who asks for mine.
nttcom
1
130
Oracle Database@Google Cloud:サービス概要のご紹介
oracle4engineer
PRO
1
770
Authlete で実装する MCP OAuth 認可サーバー #CIMD の実装を添えて
watahani
0
210
100以上の新規コネクタ提供を可能にしたアーキテクチャ
ooyukioo
0
270
業務の煩悩を祓うAI活用術108選 / AI 108 Usages
smartbank
9
15k
SQLだけでマイグレーションしたい!
makki_d
0
1.2k
Featured
See All Featured
Paper Plane
katiecoart
PRO
0
44k
Keith and Marios Guide to Fast Websites
keithpitt
413
23k
Dominate Local Search Results - an insider guide to GBP, reviews, and Local SEO
greggifford
PRO
0
21
Jamie Indigo - Trashchat’s Guide to Black Boxes: Technical SEO Tactics for LLMs
techseoconnect
PRO
0
32
Fashionably flexible responsive web design (full day workshop)
malarkey
408
66k
Designing for Performance
lara
610
69k
YesSQL, Process and Tooling at Scale
rocio
174
15k
Marketing Yourself as an Engineer | Alaka | Gurzu
gurzu
0
91
No one is an island. Learnings from fostering a developers community.
thoeni
21
3.6k
Chrome DevTools: State of the Union 2024 - Debugging React & Beyond
addyosmani
9
1k
Dealing with People You Can't Stand - Big Design 2015
cassininazir
367
27k
So, you think you're a good person
axbom
PRO
0
1.9k
Transcript
The Bug Hunter’s Recon Methodology By: Tushar Verma
Whoami Application Security Engineer Synack Red Team Member Bug Bounty
Hunter Infosec Trainer & Speaker
Agenda Scope Review for any program Before Recon After Recon
Scope- based Recon Basic Methodolog y Tools and Automation frameworks
Scope review for any program • Assets • No of
reports resolved • Payout • Time to triage and Time to Bounty
Before Recon • Company name • Available scope • Overview
about the company business • Information from program page related to security purposes
After recon • Service info • Backend technology used •
Interesting Endpoints • Juicy links which may be vulnerable • More and more
Scope based recon • Small Scope Target-Single URL like domain
and subdomain(Ex. evil.com , info.evil.com • Medium Scope Target-Lists of subdomains(Ex. *.evil.com) • Large Scope Target-All website related to company is in scope
Basic Methodology Target : *.evil.com
Tools and Automation Framework ReconF TW Project Bheem Osmed eus
Get in touch at • Twitter: @e11i0t_4lders0n • LinkedIn: /in/tushars25
• Instagram: @e11i0t_4lders0n__ • Email:
[email protected]
Thank you
e11i0t_4lders0n
nrinetcom
gamella
snoozer05
shichijoyuhi
leveragestech
nttcom
oracle4engineer
watahani
ooyukioo
smartbank
makki_d
katiecoart
keithpitt
greggifford
techseoconnect
malarkey
lara
rocio
gurzu
thoeni
addyosmani
cassininazir
axbom
