Introduction
Whenever I am on a pentest, there are always several ways I approach my target. Please note how I mentioned pentesting and no bug bounties as those are two totally different beasts. Pentesting makes it a lot easier in my opinion to find vulnerabilities but don’t let that discourage you to do bug bounty hunting because while it might be true that pentesters find more issues, a lot of them are low priority or have less impact and as if that was not enough, even pentester needs to be pretty complete.
Recon
Recon recon recon, I can’t stress enough how important this part of my hacking cycle is. To hack a target I need to have as much information as possible and for me, this all starts with trying to map hidden attack surfaces. A lot of people don’t realise this but social media accounts are a prime target for me so I will try to link data I have to existing social media accounts.
Social media hacking
I am telling you this because I think you need to be aware of the dangers of this kind of attack, not because I want you to go try it on your ex. This is not persé a real vulnerability on any websites part as their implementation will more than likely be correct however the creator of the current password system already stated that he regretted making…
