What Should You Do After Recon?!

Подписаться 132 тыс.

Просмотров 26 тыс.

50% 1

Purchase my Bug Bounty Course here 👉🏼 bugbounty.nahamsec.training
One of the most popular questions I get asked to this day is "What should I do after recon?".. and honestly, that really depends on you! I hope this video helps you figure out the next steps for what to do when you approach an organization or your bug bounty target!
Buy Me Coffee:
www.buymeacoffee.com/nahamsec
Live Every Sunday on Twitch:
/ nahamsec
Free $100 DigitalOcean Credit:
m.do.co/c/3236319b9d0b
Follow me on social media:
/ nahamsec
/ nahamsec
twitch.com/nahamsec
hackerone.com/nahamsec
/ nahamsec1
Github:
github.com/nahamsec
Nahamsec's Discord:
discordapp.com/invite/ucCz7uh
#offensivesecurity #redteam #bugbounty #hackerone #hackers #hacking #infosec #hackingtutorial #owasp #educational

Наука

Опубликовано:

5 фев 2023

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 77

@captain_crunchv1145 Год назад

A nuclei video would be absolutely sick! I've been wanting to research more about it lately, just haven't found the time for it yet.

@NahamSec Год назад

Noted! Give me a few weeks to poke around :)

@deepanshu29 Год назад

@@NahamSec thanks so much

@crusader_ Год назад

Everyone tells you to create custom nuclei template. On the other hand people on twitter and the nuclei template team is continuously creating templates as soon as new cves are coming out. A detailed video on nuclei automation would be really helpful clearing the confusions.

@rahmat_qurishi Год назад

I love manual approach, anyway thanks for this awsome video❤

@bughunter3476 Год назад

we need a stream brother about what to do after a recon, maybe doing a hard ctf or a medium one. This is the video I've been waiting for long.

@binjaminsmoker4667 Год назад

amazing video we need more like this with practical example

@oliviergaudel3838 Год назад

Thanks Nahamsec. I start with automatic recon (subdomains, tech, parameters, js links, ...) ... after, manual recon, js file analyze. I avoid CMS. Thanks for the tips ... I will now use httpx to prioritize and I will avoid switching targets too quickly (30x on sso ...)

@user-mo8uj9vq5u 5 месяцев назад

on another note I started learning from you and st0k and tom hudson I will always be grateful for your content.

@worm_403 Месяц назад

I'm watching all your videos and i've been learning a lot

@cadetpriyanshu6987 Год назад

Awesome video🔥

@KevinBeee Год назад

Thank you for making this, as this is the question I'm kind of stuck on right now. I've gotten pretty good at recon and even started automated my process, but have yet to figure out how to use the pile of data I collect each time to land my first reportable bug.

@sveneFX Год назад

Dude I feel u, just where I am right now and it is frustrating

@MFoster392 Год назад

u da man bro, thank you for your videos :-)

@Adityaa33 Год назад

Great video sir..

@legeekdad Год назад

Hi! love you videos. Starting in Bug Bounty. Long time computer technician with lot a knowledge about network and computers and starting to learn linux and python. Did you finally make a video about nuclei? Couldn't find it! I learn a lot here, keep the good job!

@Rocks_roxks9 Год назад

Fantastic video 🤩

@NahamSec Год назад

Thanks 🤗

@emekaukwuani4119 5 месяцев назад

I don't have a style of hacking as a beginner, And i will like you to be my mentor. I will be so happy to get that offer,

@user-mo8uj9vq5u 5 месяцев назад

No that is 100% true Ben, I tried automation and found out I do better using some of my own tools I write to hunt but still use the automation only for loose recon. I now go hands on with the apps and all that as before I just used automation to clip low hanging fruit.

@brutexploiter Год назад

Awesome!!! 🔥🔥🔥

@omega7018 Год назад

A nuclei video would be amazing!

@sveneFX Год назад

Thanks Ben! I spent the whole day today in the console while finding absolutely nothing. I think I am more comfortable in an application instead of the console so I will give it a shot :) I would love to see a video of you staring at an httpx output and telling us which assets you would go for and why. Cheers ✌️

@insertcoindesign4115 Год назад

Hi bro I am learning bug bounty I am doing manual and automated pentesting but at the moment I didn't find any bug thank you for the video I will focus in httpx to get the codes

@vinayakpatil5214 7 месяцев назад

need video on how your approach for utilising nuclei while hunting

@tonybloodloss Год назад

I like to google everything I've found via recon. It usually helps a lot and sometimes leads to some 4chan post with a complete instruction on how to exploit the cve related to the server's hardware/software. Sometimes it's literally like in Mr.Robot CTF(Wordpress website). So, sometimes recon replaces actual hacking, lol.

@alexbenjamin-nl3gd Год назад

the community is asking for nuclei video , or some course that shows hot to use and build our templates 🙂

@mjsblo80 Год назад

To manually brute some some admin pass like u mentioned at 10 min mark, yea..., i was that smoked only twice, and i regret that waste of time XD

@norsalam9302 Год назад

Thank you for sharing

@NahamSec Год назад

Thanks for watching!

@AnthonyMcqueen1987 Год назад

Amass is all I need for recon and waybackurls as well server bugs is all I care about.

@markfuentes3666 Год назад

I'm still a noob, but I start by throwing the first few things that I found at the wall and see if anything sticks.

@arianahmadi1227 7 месяцев назад

you are great

@neon_Nomad Год назад

The 1st approach i hate it but i actually do both

@slumb3rx 10 месяцев назад

Hey i can't find any video of you about how to approach to bug bounty first time, what is the process and the steps

@chuxokeke9919 Год назад

Please can you use nuclei to solve hack the box so that it can be very practical

@mugunthanp2747 Год назад

make a live for what should you do after recon on real website

@denissteif4678 Год назад

you like to use make instead of nuclei can you post a link of make ?

@mrblackhat8088 Год назад

nice

@noureldinehab2686 Год назад

💙

@NahamSec Год назад

❤️

@NahamSec Год назад

So.. what kind of hacker are you?

@rabbiyatabassum2278 Год назад

Skid🤐🙃

@FaLkraydz Год назад

I'm not a hacker yet. But I WILL be (it's a fate). What would be the options included in this context? The same ones I learned when I was studying for Sec+ like: Script Kiddie (which I don't consider actually a hacker) Hacktivist Insider threat Nation State (the Elite Hackers like APT). Or would that be something more like White, Black and Grey hat?

@FaLkraydz Год назад

Oh I see what you're saying... I'm still watching the video. 😅

@G3msFinder 6 месяцев назад

I'm following your path ❤

@CloudSec101 Год назад

nuclei from basic installation to advance usage.

@pubgfantasy9010 11 месяцев назад

❣

@hariharan1996 Год назад

Recon, Code Analysis, Payloads Repeat !

@janekmachnicki2593 Год назад

Thanks nathamsec .I love terminal and im old style Linux lover

@techofch Год назад

Fuzzing :)

@oneplanet2198 Год назад

KEYWORD: All of these comes with YEARS of experience, The more you do these the more you learn.

@j4ck_d4niels Год назад

plz make nuclei :)

@ananthakrishnaner9807 Год назад

Need a nuclei video

@yousufalirafi1630 Год назад

After recon i Start manually hunt.

@NahamSec Год назад

What does that include?

@exploitjunkie Год назад

I have tons and tons of questions. But , if you do a live bug hunting video , like from choosing a target to finding a bug, it would solve all of the questions I have. Please make this video, this will help me a lot. @NahamSec

@negus8810 Год назад

I live in burp

@mereemail8352 Год назад

Please make nuclei video

@mayhem1994 6 месяцев назад

I made this sick tool when i wad like 26 but it would take hours to scan

@Nejtak853 Месяц назад

How old are you now?

@mayhem1994 Месяц назад

@@Nejtak853 30

@ahmedelhady335 Год назад

full nuclei video

@bewithoutfear1361 Год назад

Recon is useless for us(beginners),we need to get good on manual testing,if you look at the some of the guys who good at sql or xss,they really good at testing these variations,so thats why little bit of information or 1 more subdomain important for them,get good on testing and understand everything otherwise you will look at the screen with a lot of useless information in your hand.