Reconnaissance is an important first stage in any (ethical) hacking attempt. Before it’s possible to exploit a vulnerability in the target system, it’s necessary to find it. By performing reconnaissance on the target, an ethical hacker can learn about the details of the target network and identify potential attack vectors.
While organizations work to secure priority assets, attackers are more focused on whatever fell off the radar. While organizations think they know their attack surface and have it all mapped out, attackers always seem to find a way in. These are the targets the organization doesn’t know about and unknown or un-prioritized assets become targets because they are most likely to have vulnerabilities. And this is a not to be dismissed risk– in 2016 Gartner predicted that around 30% of successful attacks in 2020 would be against shadow IT.
Why do recon?
Starting Bug Bounties on a significant online attack surface, always raises the question ‘where do we start?’. To be able to answer this question in a proper way, you need to actually know your online attack surface. This is why we do recon: know your online attack surface and then choose your bug bounty strategy.
Zerocopters hacker team is made of the best of the best in the bug bounty world, and being successful there means that your reconnaissance is up to par. Monitoring changes, finding hidden doors, forgotten servers and services, all of this will lead to being a highly successful bug bounty hunter.
Every time we do Recon for one of our clients, I am surprised how much online presence our Researchers find that our clients are not aware of. - Edwin van Andel, CEO Zerocopter
How do we do recon?
A selection of our best researchers will each spend a predetermined amount of time mapping your online presence, and work as a team to find everything they can. Results will include (not limited to):
- IP addresses linked to your organisation
- Domains and subdomains linked to your organisation
- Open ports found on the above
- Directories that should not be publicly exposed
- API’s linked to your organization
- Forgotten or legacy (development) tools, S3 buckets or servers (Jenkins/Jira etc)
- Passwords, credentials and possible keys linked to your organisation
- Other information found to help map or breach your organisation or products from a hackers' point of view
We will manage and assist the selected researchers, and present the feedback in a clear report. Any critical finds will be reported immediately..
Zerocopter Recon is the ultimate start for organizations (especially with a lot of online presence), to get an accurate overview of your public facing attack surface. Once you know (the size of) your online scope in detail, and you cleaned up all the forgotten or unnecessary entry points, you are much better able to manage and prioritize protecting it.
Don’t let vulnerabilities become your weakness: implement a Coordinated Vulnerability Disclosure program
Written by Zerocopter
August 5, 2020
Share this blog: