My first introduction to reconnaissance was Jason Haddix’s Bug Bounty Hunters Methodology. It’s the de facto standard and is still updated every year. There are currently four iterations and I encourage you to watch them all.
Nowadays, Sunday Recon with NahamSec is my main resource for all things recon. You can’t beat seeing someone do recon live and being able to ask them questions.
View these videos as a foundation and draw inspiration from them.
In the end, the best bug bounty recon methodology is a unique one only you can come up with. It’ll ensure that you get the best results and the least amount of dupes.
th3g3nt3lman, security advisor + pen tester @ Bugcrowd
GitHub Recon and Sensitive Data Exposure
How To Do Recon - Introduction to Recon
The first of Katie's How to Do Recon series. Talking about all things recon, why you might want to do recon, what tools you need, and how to actually find bugs with all this data. Check out her inclusive community.
Michael Skelton (codingo) Global Head of Security Ops and Researcher Enablement bugcrowd
Recon and Corporate OSINT with DNSGrep and Rapid7 Open Data
Michael discuss the fundamentals of doing recon and OSINT on a corporation using the Rapid7 Open Data project, and DNSGrep. Part of the awesome BugCrowd community.
Jason Haddix @ DEF CON Red Team Village
The Bug Hunter's Methodology v4.0 - Recon Edition
An ongoing yearly installment on the newest tools and techniques for bug hunters and red teamers. Also featured in my must-watch InfoSec talks of 2020.
Tom Hudson @ BSidesLeeds
Passive-ish Recon Techniques
Abhijeth Dugginapeddi @ DEF CON 25 Recon Village
Recon and Bug Bounties What A Great Love Story
Ben Sadeghipour (NahahSec) @ BSides Portland 2018
It’s the Little Things
Create an automated process that will actively look for vulnerabilities using OSINT and other well known recon tools. Join the Nahomies.
Rob Ragan Partner + Oscar “One Line Man” Salazar Managing Security Associate, Bishop Fox James Kettle @ AppSecCali 2019
Pose a Threat - How Perceptual Analysis Helps Bug Hunters
Optimize the hunt for security vulnerabilities, through unlimited storage, scalable serverless infrastructure, and machine learning powered by collaborative filtering.
Bharath Kumar @ Bugcrowd LevelUp 2017
Esoteric sub-domain enumeration techniques
Delving deep into how enumeration techniques work, why they are effective, the tooling around them, and also the mitigation techniques.
Patrik Fehrenbach (ITSecurityGuard) @ NahamCon 2021
Amassive Leap in Host Discovery
Recon Sunday with hussein98d
No spam. Unsubscribe at any time.
What does it look like?
Don't leave, there's more content below! 👇
Recon Sunday with Mayonaise
Recon Sunday with Todayisnew
A rare appearance and boy was it worth the wait. It's jam packed with information. His friendly demeanor, and automation are highly sought after. Check out my NahamSec interview notes.
Corben Leo - backend engineer Assetnote
Recon Sunday with CDL
Tom Hudson, tech lead security research Detectify
VIM tutorial - linux terminal tools for bug bounty pentest and redteams
Recon Sunday with Naffy
The Bug Hunter's Methodology Full 2-hour Resource
Patrik Fehrenbach HackerOne
Sunday Live Recon with ITSecurityGuard
Patrik walks us through his recon process, sharing his love for amass. He also covers how he uses SecurityTrails, and more. Representing the HackerOne community.
Jeff Foley (Caffix)
OWASP Amass Red Team Village Resource
Want to know the ins and outs of amass? Amass creator Jeff shows you all there is to know. Did you know there was an Amass community?.
Ben Bidmead (pry0cc) @ NahamCon 2021
Introduction to Axiom - The Dynamic Infrastructure Framework for Everybody
In this talk, Ben give a crash-course on axiom and how to use it. He also perform a live demo of axiom using 170 instances. Founder of 0x00sec community.
rez0 @ NahamCon 2021
ffuf scripts and tricks
d0nutptr @ NahamCon 2021