Slide 1

Slide 1 text

The Bug Hunter’s Recon Methodology By: Tushar Verma

Slide 2

Slide 2 text

Whoami Application Security Engineer Synack Red Team Member Bug Bounty Hunter Infosec Trainer & Speaker

Slide 3

Slide 3 text

Agenda Scope Review for any program Before Recon After Recon Scope- based Recon Basic Methodolog y Tools and Automation frameworks

Slide 4

Slide 4 text

Scope review for any program • Assets • No of reports resolved • Payout • Time to triage and Time to Bounty

Slide 5

Slide 5 text

Before Recon • Company name • Available scope • Overview about the company business • Information from program page related to security purposes

Slide 6

Slide 6 text

After recon • Service info • Backend technology used • Interesting Endpoints • Juicy links which may be vulnerable • More and more

Slide 7

Slide 7 text

Scope based recon • Small Scope Target-Single URL like domain and subdomain(Ex. evil.com , info.evil.com • Medium Scope Target-Lists of subdomains(Ex. *.evil.com) • Large Scope Target-All website related to company is in scope

Slide 8

Slide 8 text

Basic Methodology Target : *.evil.com

Slide 9

Slide 9 text

Tools and Automation Framework ReconF TW Project Bheem Osmed eus

Slide 10

Slide 10 text

Get in touch at • Twitter: @e11i0t_4lders0n • LinkedIn: /in/tushars25 • Instagram: @e11i0t_4lders0n__ • Email: [email protected]

Slide 11

Slide 11 text

Thank you