My first introduction to reconnaissance was Jason Haddix’s Bug Bounty Hunters Methodology. It’s the de facto standard and is still updated every year. There are currently four iterations and I encourage you to watch them all.
Nowadays, Sunday Recon with NahamSec is my main resource for all things recon. You can’t beat seeing someone do recon live and being able to ask them questions.
The go-to VPS for bug bounty hunters. I use it for all of my own recon and automation needs, plus it also doubles as a VPN. They have every cloud resource you need at an affordable price.
View these videos as a foundation and draw inspiration from them.
In the end, the best bug bounty recon methodology is a unique one only you can come up with. It’ll ensure that you get the best results and the least amount of dupes.
Th3G3nt3lman
GitHub Recon and Sensitive Data Exposure
Resource
Learn how to locate and identify a company’s sensitive data on GitHub. An absolute game changer and the foundation of many bug findings.
Katie Paxton-Fear (InsiderPhD)
How To Do Recon – Introduction to Recon
Resource
The first of Katie’s How to Do Recon series. Talking about all things recon, why you might want to do recon, what tools you need, and how to actually find bugs with all this data. Check out her inclusive community.
Michael Skelton (Codingo)
Recon and Corporate OSINT with DNSGrep and Rapid7 Open Data
Resource
Jason Haddix (jhaddix)
The Bug Hunter’s Methodology v4.0 – Recon Edition
Talk
Tom Hudson (Tomnomnom)
Passive-ish Recon Techniques
Talk
A run-down of (mostly) passive reconnaissance techniques; some well-known, some not-so-well-known.
Abhijeth Dugginapeddi
Recon and Bug Bounties What A Great Love Story
Talk
Abhijeth demonstrates effective techniques to do better information gathering, while also sharing the stories behind the bugs found.
Ben Sadeghipour (NahamSec)
It’s the Little Things
Talk
Create an automated process that will actively look for vulnerabilities using OSINT and other well known recon tools. Join the Nahomies.
Rob Ragan + Oscar Salazar
Pose a Threat – How Perceptual Analysis Helps Bug Hunters
Talk
Optimize the hunt for security vulnerabilities, through unlimited storage, scalable serverless infrastructure, and machine learning powered by collaborative filtering.
Bharath Kumar
Esoteric sub-domain enumeration techniques
Talk
Delving deep into how enumeration techniques work, why they are effective, the tooling around them, and also the mitigation techniques.
Patrik Fehrenbach (ITSecurityGuard)
Amassive Leap in Host Discovery
Talk
This talk covers methods to easily implement data sources of all sorts into the amass engine, to make it the all-in-one recon tool that fits everyone’s needs.
Hussein
Recon Sunday with hussein98d
Interview
One of the more creative and unorthodox recon methodologies I’ve seen. It introduced me to new tools and websites.
Don’t leave, there’s more content below! 👇
Mayonaise
Recon Sunday with Mayonaise
Interview
Definitely a game changer for me. His way of thinking, and his methodology makes this a must-watch. I had to watch this one a couple of times to catch all the intricacies.
Todayisnew
Recon Sunday with Todayisnew
Interview
Corben Leo (cdl)
Recon Sunday with CDL
Interview
Corben goes into detail of how he does recon and which tools he uses, including his own tool GAU and explaining the reasoning behind it.
Tom Hudson (Tomnomnom)
VIM tutorial – linux terminal tools for bug bounty pentest and redteams
Interview
Tom chats with STÖK, sharing his command line recon methodology and how he uses his own tools. One of the main reasons why I started using Vim. I used it as a guide and played it on repeat for a while.
Nathaniel Wakelam (Naffy)
Recon Sunday with Naffy
Interview
Naffy hitting you with that real talk, emphasizing the importance of time spent, a good foundation, and not to rely on tools.
Jason Haddix (jhaddix)
The Bug Hunter’s Methodology Full 2-hour Resource
Demo
Jason walks through his entire recon methodology on a live target, sharing how there’s a class of hidden bounties.
Patrik Fehrenbach (ITSecurityGuard)
Sunday Live Recon with ITSecurityGuard
Demo
Jeff Foley (Caffix)
OWASP Amass Red Team Village Resource
Demo
Ben Bidmead (pry0cc)
Introduction to Axiom – The Dynamic Infrastructure Framework for Everybody
Demo
In this talk, Ben give a crash-course on axiom and how to use it. He also perform a live demo of axiom using 170 instances. Founder of 0x00sec community.
rez0 @ NahamCon 2021
ffuf scripts and tricks
Demo
Presentation by rez0 for NahamCon 2021 on the topic of the web fuzzer ffuf
Nathanial (d0nutptr)
Building Faster Than Light Reconnaissance
Demo
Ever want to build your very own high performance recon tooling? Come learn some of the techniques to use and mistakes to avoid when writing your own recon tools.
Pieter (Honoki)
BBRF – Kickstart your recon
Demo
The Bug Bounty Reconnaissance Framework (BBRF) can be used to coordinate your reconnaissance workflows across multiple devices.
Enjoy my content?
You can support me in a couple of ways:
Buy me a Coffee or share it with your friends
Select links throughout the site are affiliates. They give me a small kickback, don’t cost you anything extra and are always curated.
Hive Five newsletter
Sharing what matters in security. Every week I curate the InfoSec news, so you can focus on securing web apps and earning bug bounties.
As a thank you, you’ll receive 100+ InfoSec RSS feeds.
Don’t bee a stranger
If you want to work together, have a question, or if you just want to say hi, feel free to reach out!
You can find me on Twitter, Discord, and Instagram.