Share this blog:

Zerocopter Recon - the ultimate start for organizations

Reconnaissance is an important first stage in any (ethical) hacking attempt. Before it’s possible to exploit a vulnerability in the target system, it’s necessary to find it. By performing reconnaissance on the target, an ethical hacker can learn about the details of the target network and identify potential attack vectors.

While organizations work to secure priority assets, attackers are more focused on whatever fell off the radar. While organizations think they know their attack surface and have it all mapped out, attackers always seem to find a way in. These are the targets the organization doesn’t know about and unknown or un-prioritized assets become targets because they are most likely to have vulnerabilities. And this is a not to be dismissed risk– in 2016 Gartner predicted that around 30% of successful attacks in 2020 would be against shadow IT.

Why do recon?

Starting Bug Bounties on a significant online attack surface, always raises the question ‘where do we start?’. To be able to answer this question in a proper way, you need to actually know your online attack surface. This is why we do recon: know your online attack surface and then choose your bug bounty strategy. 

Zerocopters hacker team is made of the best of the best in the bug bounty world, and being successful there means that your reconnaissance is up to par. Monitoring changes, finding hidden doors, forgotten servers and services, all of this will lead to being a highly successful bug bounty hunter.

Every time we do Recon for one of our clients, I am surprised how much online presence our Researchers find that our clients are not aware of. - Edwin van Andel, CEO Zerocopter

How do we do recon?

A selection of our best researchers will each spend a predetermined amount of time mapping your online presence, and work as  a team to find everything they can. Results will include (not limited to):

  • IP addresses linked to your organisation
  • Domains and subdomains linked to your organisation
  • Open ports found on the above
  • Directories that should not be publicly exposed
  • API’s linked to your organization
  • Forgotten or legacy (development) tools, S3 buckets or servers (Jenkins/Jira etc)
  • Passwords, credentials and possible keys linked to your organisation
  • Other information found to help map or breach your organisation or products from a hackers' point of view

We will manage and assist the selected researchers, and present the feedback in a clear report. Any critical finds will be reported immediately..

Zerocopter Recon is the ultimate start for organizations (especially with a lot of online presence), to get an accurate overview of your public facing attack surface. Once you know (the size of) your online scope in detail, and you cleaned up all the forgotten or unnecessary entry points, you are much better able to manage and prioritize protecting it.

Got a question or inquiry?

Send us a message or give us a call and we’ll respond as soon as possibe

Get in touch
Zerocopter get in touch


Act 1 - Security Theater in Play

Digital defense in need of a larger vision by greater people

Edwin van Andel on Coordinated Vulnerability Disclosure and NIS2

What is template injection?

What's the key to a successful Coordinated Vulnerability Disclosure process?

Let's talk about Local File Inclusion

What is Cross Site Request Forgery?

Let's talk about SQL Injection

What is an Insecure Direct Object Reference (IDOR)?

What is cross-site scripting (XSS)?

Reporting tips: using Markdown to make your report look better

Reporting tips: setting the severity of a report with the CVSS calculator

New guide from Cybersprint: This is how you hack a city

Why having a #FirstAidKit is not enough for proper cyber security - but does help!

Don’t let vulnerabilities become your weakness: implement a Coordinated Vulnerability Disclosure program

New buyer's guide from Cyber Safe Netherlands

Changing the way Zerocopter rewards

Zerocopter Recon - the ultimate start for organizations

When a fun idea spirals out of control - The Office Bug Bounty Game

How to deal with a vulnerability reported by an ethical hacker?

This is how hackers investigate your online security

Why letting your website get hacked makes it safer - Responsible disclosure

Why you should get yourself hacked by a group of hackers you don't know

Bollo. The quest for a Zero-day scanner

Written by Zerocopter

August 5, 2020

Share this blog:

Next blog

Zerocopter Recon - the ultimate start for organizations

Heading

Want to know everything about Zerocopter?

Download our brochure
Zerocopter brochure - Always one step beyond
Zerocopter logo
Login
Contact
For companies
Bug Bounty Program
Coordinated Vulnerability Disclosure
How we work
Platform
Dedicated Hacker Time
Pricing
Zerocopter for
Researchers
CEO
CISO
CFO
CTO
About Zerocopter
About us
Events
Contact
Careers
Resources
All resources
Downloads
Customers
Blogs
News
FAQ

Stay up to date!

Sign up for the newsletter

Terms & Conditions
Privacy and cookie policy
Coordinated Vulnerability Disclosure
© Zerocopter B.V.