Recon and bug bounties what a great love story

Recon is an important phase in Penetration Testing. But wait, not everyone does that because everyone's busy filling forms with values <script>alert(1);</script>. Effective recon can often give you access to assets/boxes that are less commonly found by regular penetration testers. Internet is one of the best ways to find such hosts/assets. There are a bunch of tools available on the internet which can help researchers to get access to such boxes. Is reverse-IP really useful? Is dnsdumpster the only site that can give list of sub-domains? What if I told you there are many different ways which combined together can give you effective results.

What if I told you I have got access to many dev/test boxes which should not have been public facing. In this talk, the speaker will demonstrate few effective techniques using which researchers/pen testers can do better information gathering. The speaker would also share many stories which allowed him to earn some bounties using these recon techniques. This techniques might also be useful to red teams/incident response teams to identify rogue devices in their organisation which are often missed out during normal penetration testing. These might not be "best practices" but are definitely "good practices" and "nice to know" things while doing Penetration Testing. Plus, the speaker will not just use presentation but will try to pray demo gods for some luck. Definitely some direct and key take aways to most attendees after the talk.