My first introduction to reconnaissance was Jason Haddix’s Bug Bounty Hunters Methodology. It’s the de facto standard and is still updated every year. There are currently four iterations and I encourage you to watch them all.

Nowadays, Sunday Recon with NahamSec is my main resource for all things recon. You can’t beat seeing someone do recon live and being able to ask them questions.

digitalocean logo

The go-to VPS for bug bounty hunters. I use it for all of my own recon and automation needs, plus it also doubles as a VPN. They have every cloud resource you need at an affordable price.

View these videos as a foundation and draw inspiration from them.

In the end, the best bug bounty recon methodology is a unique one only you can come up with. It’ll ensure that you get the best results and the least amount of dupes.

th3g3nt3lman, security advisor + pen tester @ Bugcrowd

GitHub Recon and Sensitive Data Exposure

Resource

Learn how to locate and identify a company's sensitive data on GitHub. An absolute game changer and the foundation of many bug findings.

twitter icon

InsiderPhD

How To Do Recon - Introduction to Recon

Resource

The first of Katie's How to Do Recon series. Talking about all things recon, why you might want to do recon, what tools you need, and how to actually find bugs with all this data. Check out her inclusive community.

Michael Skelton (codingo) Global Head of Security Ops and Researcher Enablement bugcrowd

Recon and Corporate OSINT with DNSGrep and Rapid7 Open Data

Resource

Michael discuss the fundamentals of doing recon and OSINT on a corporation using the Rapid7 Open Data project, and DNSGrep. Part of the awesome BugCrowd community.

twitter icon

Jason Haddix @ DEF CON Red Team Village

The Bug Hunter's Methodology v4.0 - Recon Edition

Talk

An ongoing yearly installment on the newest tools and techniques for bug hunters and red teamers. Also featured in my must-watch InfoSec talks of 2020.

twitter icon

Tom Hudson @ BSidesLeeds

Passive-ish Recon Techniques

Talk

A run-down of (mostly) passive reconnaissance techniques; some well-known, some not-so-well-known.

Abhijeth Dugginapeddi @ DEF CON 25 Recon Village

Recon and Bug Bounties What A Great Love Story

Talk

Abhijeth demonstrates effective techniques to do better information gathering, while also sharing the stories behind the bugs found.

twitter icon

Ben Sadeghipour (NahahSec) @ BSides Portland 2018

It’s the Little Things

Talk

Create an automated process that will actively look for vulnerabilities using OSINT and other well known recon tools. Join the Nahomies.

twitter icon

Rob Ragan Partner + Oscar “One Line Man” Salazar Managing Security Associate, Bishop Fox James Kettle @ AppSecCali 2019

Pose a Threat - How Perceptual Analysis Helps Bug Hunters

Talk

Optimize the hunt for security vulnerabilities, through unlimited storage, scalable serverless infrastructure, and machine learning powered by collaborative filtering.

Bharath Kumar @ Bugcrowd LevelUp 2017

Esoteric sub-domain enumeration techniques

Talk

Delving deep into how enumeration techniques work, why they are effective, the tooling around them, and also the mitigation techniques.

Patrik Fehrenbach (ITSecurityGuard) @ NahamCon 2021

Amassive Leap in Host Discovery

Talk

This talk covers methods to easily implement data sources of all sorts into the amass engine, to make it the all-in-one recon tool that fits everyone's needs.

Hussein

Recon Sunday with hussein98d

Interview

One of the more creative and unorthodox recon methodologies I've seen. It introduced me to new tools and websites.

twitter icon

Don't leave, there's more content below! 👇

Mayonaise

Recon Sunday with Mayonaise

Interview

Definitely a game changer for me. His way of thinking, and his methodology makes this a must-watch. I had to watch this one a couple of times to catch all the intricacies.

twitter icon

Todayisnew

Recon Sunday with Todayisnew

Interview

A rare appearance and boy was it worth the wait. It's jam packed with information. His friendly demeanor, and automation are highly sought after. Check out my NahamSec interview notes.

twitter icon

Corben Leo - backend engineer Assetnote

Recon Sunday with CDL

Interview

Corben goes into detail of how he does recon and which tools he uses, including his own tool GAU and explaining the reasoning behind it.

Tom Hudson, tech lead security research Detectify

VIM tutorial - linux terminal tools for bug bounty pentest and redteams

Interview

Tom chats with STÖK, sharing his command line recon methodology and how he uses his own tools. One of the main reasons why I started using Vim. I used it as a guide and played it on repeat for a while.

Naffy (nnwakelam)

Recon Sunday with Naffy

Interview

Naffy hitting you with that real talk, emphasizing the importance of time spent, a good foundation, and not to rely on tools.

twitter icon

Jason Haddix

The Bug Hunter's Methodology Full 2-hour Resource

Demo

Jason walks through his entire recon methodology on a live target, sharing how there's a class of hidden bounties.

twitter icon

Patrik Fehrenbach HackerOne

Sunday Live Recon with ITSecurityGuard

Demo

Patrik walks us through his recon process, sharing his love for amass. He also covers how he uses SecurityTrails, and more. Representing the HackerOne community.

twitter icon

Jeff Foley (Caffix)

OWASP Amass Red Team Village Resource

Demo

Want to know the ins and outs of amass? Amass creator Jeff shows you all there is to know. Did you know there was an Amass community?.

Ben Bidmead (pry0cc) @ NahamCon 2021

Introduction to Axiom - The Dynamic Infrastructure Framework for Everybody

Demo

In this talk, Ben give a crash-course on axiom and how to use it. He also perform a live demo of axiom using 170 instances. Founder of 0x00sec community.

rez0 @ NahamCon 2021

ffuf scripts and tricks

Demo

Presentation by rez0 for NahamCon 2021 on the topic of the web fuzzer ffuf

d0nutptr @ NahamCon 2021

Building Faster Than Light Reconnaissance

Demo

Ever want to build your very own high performance recon tooling? Come learn some of the techniques to use and mistakes to avoid when writing your own recon tools.

Honoki

BBRF - Kickstart your recon

Demo

The Bug Bounty Reconnaissance Framework (BBRF) can be used to coordinate your reconnaissance workflows across multiple devices.

Enjoy my content?

You can support me in a couple of ways:

Buy me a Coffee or share it with your friends

Select links throughout the site are affiliates. They give me a small kickback, don't cost you anything extra and are always curated.

Don't bee a stranger

If you want to work together, have a question, or if you just want to say hi, feel free to reach out!

You can find me on Twitter, Discord, and Instagram.