h@cktivitycon 2020: Beyond the Borders of Scope

In this session, Jr0ch17 talks about a somewhat controversial topic in bug bounty: looking at out-of-scope assets. This is not about doing actual hacking on those out-of-scope assets, it’s about doing recon on them in special ways in order to find bugs on the in-scope assets. The recon that he does uses a few techniques/tricks that he’s been doing for a while which have resulted in him finding some bugs in programs’ core applications. As a matter of fact, with the help of that recon, he’s never gotten a single duplicate yet so it definitely is an unexplored area. I will go through each technique or trick and show an example of a bug I’ve found. Some as simple as a reflected XSS (actually not that simple) and some with higher impact like RCE and information disclosure.