Upgrade to Pro — share decks privately, control downloads, hide ads and more …

The Bug Hunter’s Recon Methodology

The Bug Hunter’s Recon Methodology

Tushar Verma

August 08, 2021
Tweet

More Decks by Tushar Verma

Other Decks in Technology

Transcript

  1. Agenda Scope Review for any program Before Recon After Recon

    Scope- based Recon Basic Methodolog y Tools and Automation frameworks
  2. Scope review for any program • Assets • No of

    reports resolved • Payout • Time to triage and Time to Bounty
  3. Before Recon • Company name • Available scope • Overview

    about the company business • Information from program page related to security purposes
  4. After recon • Service info • Backend technology used •

    Interesting Endpoints • Juicy links which may be vulnerable • More and more
  5. Scope based recon • Small Scope Target-Single URL like domain

    and subdomain(Ex. evil.com , info.evil.com • Medium Scope Target-Lists of subdomains(Ex. *.evil.com) • Large Scope Target-All website related to company is in scope