In this video, we discuss how beginners can tackle large scope targets in bug bounty hunting. These targets offer more flexibility and potential for bug discovery, making them a great starting point for new hackers. However, they can be overwhelming due to their size and diversity. We suggest focusing on one part of the larger scope, which helps you understand the target's application development process without becoming overwhelmed. We also delve into different reconnaissance techniques, including subdomain enumeration, Google Dorking, API enumeration, OSINT, and more. Lastly, we emphasize that while reconnaissance is critical for large scope targets, it is just a stepping stone to actually hacking and finding vulnerabilities.
This series couldn't happen without the support of our sponsor Bugcrowd, Bugcrowd is the best place to start hacking with a wide range of public and private programs from APIs to Desktop Applications and everything in between. Not ready to jump into a public program yet? Fill out your platform CV and sign up for a waitlisted program. Tell Bugcrowd a bit about your skills, previous certifications or experience and they’ll match you up with the right program using their industry-leading CrowdMatch technology. Whatever your level, there’s a place for you in the crowd. You can sign up with my link here: https://bugcrowd.com/user/sign_up.
00:00 Introduction to Large Scope Targets
01:06 Sponsor Introduction: Bugcrowd
01:57 Understanding Large Scope Targets
03:38 Overcoming Overwhelm with Large Scope Targets
04:36 The Importance of Reconnaissance
04:41 Exploring Different Types of Recon
07:47 Finding Targets: Subdomain Enumeration
08:22 Understanding Your Recon Data
09:41 Challenges with Subdomain Enumeration
10:42 Leveraging Open Source Intelligence (OSINT)
15:42 Using Google Dorking for Recon
17:21 Understanding the Purpose of Recon
18:23 Applying Main App Methodology to Large Scope Targets
20:05 Conclusion and Sponsor Acknowledgement
5.765 Lượt nghe
Video
