Live Stream Lecture on Recon Data Analysis

Jul 8, 2024

Live Stream Lecture Notes

Opening Remarks

  • Welcome and Introduction: Brief welcome and appreciation for returning viewers.
  • Upcoming Guests: Justin (Runner raater) on Monday, Stoke on Tuesday.

Technical Setup and Announcements

  • Technical Difficulties: Camera and microphone issues mentioned; troubleshooting on air.
  • VOD Availability: Will be available on YouTube a week after streaming; immediate access for YouTube Nomi subscribers.
  • YouTube Streaming Preference: Dislike for YouTube chat; prefers Twitch for community interaction.

Stream Content Focus

  • Main Focus: Recon data analysis; manual review over full automation.
  • Tools and Platforms: Short scan for vulnerability checks and Trickest for Recon data.

Data Analysis and Recon Techniques

Filters and Searches

  • Domain Analysis: Analysis of titles, hostnames, and content types for potential vulnerabilities.
  • Login Pages: Focus on identifying login pages and portals for further exploration.
  • 404 Pages: Instructions to utilize 404 errors for brute-forcing hidden directories.

Practical Demonstrations

  • Short Scan Tool: Multiple examples of using short scan for IIS vulnerability checks.
  • Cookie Headers: Discussion on setting cookies in headers for authenticated sessions.
  • Wayback URLs: Use of Wayback Machine to find historical data on URLs.
  • Brute Forcing: Use of asset note wordlists for brute forcing endpoints.

Specific Targets and Scenarios

  • Public Recon on Dell: Step-by-step manual review of Dell subdomains and assets found via Trickest platform.
  • WordPress Vulnerabilities: Methodology for finding vulnerabilities in WordPress sites (themes, plugins, readme.txt files).

User Interaction and Engagement

  • Live Questions & Answers: Real-time responses to user questions and suggestions.
  • Polls and Feedback: Gathering viewer input on potential targets and future stream preferences.
  • Encouragement for Engagement: Request for likes, follows, and comments to boost visibility.

Closing Remarks

  • Future Streams: Discussion on potentially making weekly streams; more guest sessions planned.
  • Course Promos: Mention of a bug bounty course with a discount code available.
  • Thank You Message: Appreciation for viewer support and interaction.

Links and Resources

  • Trickest Platform: For accessing recon data for free.
  • Bug Bounty Course: Mentioned with a promotional code.
  • YouTube Channel: Encouragement to engage with recent videos and subscribe.