Recon Series #2: Subdomain enumeration – expand attack surfaces with active, passive techniques

Ever wondered whether you ever missed a hidden subdomain that would have unlocked a critical vulnerability and a large bounty reward?

In this article, you will discover how cutting-edge subdomain enumeration techniques, both passive and active, can reveal the unseen corners of your target’s infrastructure.

We’ll explain the advantages of various techniques, recommend enumeration tools for executing them, and show you how to implement these techniques, supported by illustrative examples performed on a real public bug bounty program (that of Swedish betting brand ATG).

When Bug Bounty hunting or conducting a pentest, subdomain enumeration is a crucial first reconnaissance step before you actually start hacking – maximising the exposed attack surface and therefore your chances of finding vulnerabilities.

You can find the full article on YesWeHack’s blog page