What Should You Do After Recon?!
ฝัง
- เผยแพร่เมื่อ 5 ก.พ. 2023
- Purchase my Bug Bounty Course here 👉🏼 bugbounty.nahamsec.training
One of the most popular questions I get asked to this day is "What should I do after recon?".. and honestly, that really depends on you! I hope this video helps you figure out the next steps for what to do when you approach an organization or your bug bounty target!
Buy Me Coffee:
www.buymeacoffee.com/nahamsec
Live Every Sunday on Twitch:
/ nahamsec
Free $100 DigitalOcean Credit:
m.do.co/c/3236319b9d0b
Follow me on social media:
/ nahamsec
/ nahamsec
twitch.com/nahamsec
hackerone.com/nahamsec
/ nahamsec1
Github:
github.com/nahamsec
Nahamsec's Discord:
discordapp.com/invite/ucCz7uh
#offensivesecurity #redteam #bugbounty #hackerone #hackers #hacking #infosec #hackingtutorial #owasp #educational - วิทยาศาสตร์และเทคโนโลยี
Everyone tells you to create custom nuclei template. On the other hand people on twitter and the nuclei template team is continuously creating templates as soon as new cves are coming out.
A detailed video on nuclei automation would be really helpful clearing the confusions.
A nuclei video would be absolutely sick! I've been wanting to research more about it lately, just haven't found the time for it yet.
Noted! Give me a few weeks to poke around :)
@@NahamSec thanks so much
That's awesome
we need a stream brother about what to do after a recon, maybe doing a hard ctf or a medium one. This is the video I've been waiting for long.
Thanks Nahamsec. I start with automatic recon (subdomains, tech, parameters, js links, ...) ... after, manual recon, js file analyze. I avoid CMS. Thanks for the tips ... I will now use httpx to prioritize and I will avoid switching targets too quickly (30x on sso ...)
I love manual approach, anyway thanks for this awsome video❤
on another note I started learning from you and st0k and tom hudson I will always be grateful for your content.
amazing video we need more like this with practical example
Hi! love you videos. Starting in Bug Bounty. Long time computer technician with lot a knowledge about network and computers and starting to learn linux and python.
Did you finally make a video about nuclei? Couldn't find it! I learn a lot here, keep the good job!
I'm watching all your videos and i've been learning a lot
Thank you for making this, as this is the question I'm kind of stuck on right now. I've gotten pretty good at recon and even started automated my process, but have yet to figure out how to use the pile of data I collect each time to land my first reportable bug.
Dude I feel u, just where I am right now and it is frustrating
No that is 100% true Ben, I tried automation and found out I do better using some of my own tools I write to hunt but still use the automation only for loose recon. I now go hands on with the apps and all that as before I just used automation to clip low hanging fruit.
u da man bro, thank you for your videos :-)
Awesome video🔥
Thanks Ben! I spent the whole day today in the console while finding absolutely nothing. I think I am more comfortable in an application instead of the console so I will give it a shot :)
I would love to see a video of you staring at an httpx output and telling us which assets you would go for and why. Cheers ✌️
I don't have a style of hacking as a beginner, And i will like you to be my mentor. I will be so happy to get that offer,
Hi bro I am learning bug bounty I am doing manual and automated pentesting but at the moment I didn't find any bug thank you for the video I will focus in httpx to get the codes
Great video sir..
Awesome!!! 🔥🔥🔥
Fantastic video 🤩
Thanks 🤗
A nuclei video would be amazing!
I like to google everything I've found via recon. It usually helps a lot and sometimes leads to some 4chan post with a complete instruction on how to exploit the cve related to the server's hardware/software. Sometimes it's literally like in Mr.Robot CTF(Wordpress website). So, sometimes recon replaces actual hacking, lol.
To manually brute some some admin pass like u mentioned at 10 min mark, yea..., i was that smoked only twice, and i regret that waste of time XD
need video on how your approach for utilising nuclei while hunting
the community is asking for nuclei video , or some course that shows hot to use and build our templates 🙂
I'm still a noob, but I start by throwing the first few things that I found at the wall and see if anything sticks.
Amass is all I need for recon and waybackurls as well server bugs is all I care about.
The 1st approach i hate it but i actually do both
Thank you for sharing
Thanks for watching!
Hey i can't find any video of you about how to approach to bug bounty first time, what is the process and the steps
you are great
Please can you use nuclei to solve hack the box so that it can be very practical
you like to use make instead of nuclei can you post a link of make ?
NahamSec, i am new in tech industry.
nice
make a live for what should you do after recon on real website
nuclei from basic installation to advance usage.
Fuzzing :)
💙
❤️
❣
Recon, Code Analysis, Payloads Repeat !
plz make nuclei :)
I have tons and tons of questions. But , if you do a live bug hunting video , like from choosing a target to finding a bug, it would solve all of the questions I have. Please make this video, this will help me a lot. @NahamSec
So.. what kind of hacker are you?
Skid🤐🙃
I'm not a hacker yet. But I WILL be (it's a fate). What would be the options included in this context? The same ones I learned when I was studying for Sec+ like:
Script Kiddie (which I don't consider actually a hacker)
Hacktivist
Insider threat
Nation State (the Elite Hackers like APT).
Or would that be something more like White, Black and Grey hat?
Oh I see what you're saying... I'm still watching the video. 😅
I'm following your path ❤
Need a nuclei video
KEYWORD: All of these comes with YEARS of experience, The more you do these the more you learn.
After recon i Start manually hunt.
What does that include?
Please make nuclei video
I live in burp
I made this sick tool when i wad like 26 but it would take hours to scan
How old are you now?
@@Nejtak853 30
Thanks nathamsec .I love terminal and im old style Linux lover
full nuclei video
browser site
Recon is useless for us(beginners),we need to get good on manual testing,if you look at the some of the guys who good at sql or xss,they really good at testing these variations,so thats why little bit of information or 1 more subdomain important for them,get good on testing and understand everything otherwise you will look at the screen with a lot of useless information in your hand.
Ye most beginners use automation tools,so as 99999999 mil other beginners.
Nap?
Terminal Hacking 🎉
thanks
How to contact you sir