A naukri.com initiative
Hackingblogs
1w
248
Image Credit: Hackingblogs
Bug Bounty 10-Day Complete Free Training: Day6 – Ending Reconnaissance
- The Bug Bounty 10-Day Complete Free Training Day 6 focuses on ending reconnaissance, with a deep dive into key techniques for bug hunting by Dipanshu Kumar.
- The training provides practical advice and hands-on experience to enhance vulnerability discovery in bug bounty programs, regardless of experience level.
- Topics covered include the importance of wordlists in bug bounty hunting for identifying hidden resources, such as subdomains, directories, and files.
- Tools like crt.sh, Sublist3r.py, and Gobuster are discussed for subdomain enumeration and brute forcing.
- The use of robots.txt for reconnaissance in bug bounty hunting to identify potential attack surfaces and sensitive areas on websites is highlighted.
- Commonspeak is introduced as a tool for generating custom wordlists using data from the Commoncrawl archive.
- The importance of subdomain enumeration in bug bounty hunting and tools like Sublist3r and Gobuster for automating the process are emphasized.
- Day 7 will shift focus to the exploitation phase, covering quick wins like subdomain takeover and more complex vulnerabilities including SQL Injection, IDOR, SSRF, and XSS.
Read Full Article
14 Likes
For uninterrupted reading, download the app