Aftermath2020 #002 with @xer0dayz – Live Bug Bounty Recon with Sn1per Professional

Highlights:

0:00 – Basic stealth mode single domain recon with Sn1per Professional v8.0
5:00 – Leveraging built-in Sn1per Professional recon links to passively gather #OSINT
6:15 – Using InjectX fuzzer to fuzz dynamic URL’s (unreleased)
8:04 – Levaging Sn1per Professional’s Fuzzer Add-on to brute force files/directories (unreleased)
9:00 – More stealth mode single target recon with split panel/search/host jump features
11:20 – Manual scan analysis of discovered URL’s
16:20 – Levaging Sn1per Professional’s Fuzzer Add-on to brute force files/directories (unreleased)
17:35 – Use of Sn1per Professional’s host table filter
17:45 – Use of Sn1per Professional’s quick links to view websites in browser
18:52 – Use of Sn1per Professional’s built-in Google Dorks links to discover hidden content
19:20 – Levaging Sn1per Professional’s Fuzzer Add-on to brute force files/directories (unreleased)
22:22 – Using Burpsuite Professional JSLinkFinder plugin to analyze Javascript files
24:20 – Leveraging built-in Sn1per Professional recon links to passively gather #OSINT
25:54 – Discovering hidden/cached content via URLScan.io
29:55 – Use of Sn1per Professional’s built-in Notepad add-on to keep notes on workspace
30:37 – Use of Fofa to conduct recon on target domain
35:31 – Levaging Sn1per Professional’s Fuzzer Add-on to brute force files/directories with extensions (unreleased)
36:26 – Using Google dorks to discover content and URL’s
43:17 – Manual Javascript analysis from the command line
44:42 – Discovering pre-production and internal domains in Javascript files
53:18 – Digging deeper into hidden/discovered content on a target
57:14 – Discovering PayPal github repos in Javascript source
57:42 – Conducting basic github recon on PayPal developers for sensitive data

Aftermath2020 #001 with @xer0dayz – Live Bug Bounty Recon with Sn1per Professional

Highlights:

0:35 – Basic single domain recon with Sn1per Professional v8.0 + Command Execution Add-on
3:27 – Analyzing scan results via split screen Sn1per Professional host reports
5:45 – Discovering hidden content via Sn1per Professional Fuzzer add-on (unreleased)
7:23 – Sn1per Professional workspace navigator search/filter
7:31 – Sn1per Professionla ‘recon’ mode to discover sub-domains
9:00 – Sn1per ‘flyover’ mode of discovered domains from the command line
13:50 – Sn1per Professional ‘web’ mode visual recon
15:00 – Sn1per Professional ‘web’ mode scan
17:30 – Analyzing scan results and browsing discovered URL’s
20:00 – Using Sn1per Professional’s recon links to perform recon on TLD
32:30 – Sn1per Professional workspace report filtering for live web hosts
33:45 – Utilizing Sn1per Professional’s quick links to view websites
38:18 – Digging deeper manually into interesting hosts
40:00 – Leveraging Burpsuite Professional with Collaborator to catch emails and analyze HTTP requests
42:26 – Running URL Fuzzer Add-on to fuzz dynamic URL’s for open redirects and CRLF vulnerabilities (unreleased)
43:56 – Using Sn1per Professional’s built-in Notepad to keep/store notes in workspace
46:55 – Discovering hidden content via Sn1per Professional Fuzzer add-on (unreleased)
48:14 – Setting up Burpsuite Professional certificate authority to intercept HTTPS traffic
49:32 – Installing and using Burpsuite CO2 plugin to scan for SQL injection
50:38 – Manually fuzzing dynamic URL’s via Burpsuite Intruder
56:24 – Manually analyzing fuzzer results to discover hidden content
1:01:00 – Brute forcing basic authentication with Sn1per Professional’s Brute Force add-on (unreleased)
1:06:36 – Manually fuzzing dynamic URL’s via Burpsuite Intruder
1:14:22 – Using Sn1per Professional’s CSV export to view host table

Recent Comments