1 00:00:01,320 --> 00:00:04,020 Hello, everyone, and welcome to this video. 2 00:00:04,860 --> 00:00:14,010 So in this video, we are going to understand the importance of subdomains in our reconnaissance or 3 00:00:14,220 --> 00:00:19,870 increasing the scope of our asset into any bug bounty program. 4 00:00:21,150 --> 00:00:23,670 So the first question, why subdomains? 5 00:00:24,120 --> 00:00:32,040 Because subdomains are the high value target, which will increase our success rate whenever we are 6 00:00:32,040 --> 00:00:35,400 performing bug bounty or penetration testing. 7 00:00:36,480 --> 00:00:44,690 So now we are going to consider the target as evil corp dot com to take further, more examples. 8 00:00:45,420 --> 00:00:51,570 So enumerating the scope of a program which is evil corp dot com from now is very, very important 9 00:00:51,570 --> 00:00:52,050 for us. 10 00:00:52,800 --> 00:00:56,400 why, because we are going to increase the scope. 11 00:00:56,640 --> 00:01:04,980 The chances are that your success rate is going to increase because there are high chances that many 12 00:01:04,980 --> 00:01:13,830 of the subdomains must not be tested by other security researchers or not even properly protected by 13 00:01:13,830 --> 00:01:17,460 the developers of that particular organization. 14 00:01:18,450 --> 00:01:26,220 There have been many examples in which there are critical findings on subdomains through which the security 15 00:01:26,220 --> 00:01:30,840 researcher is able to get access to the main domain as well. 16 00:01:32,010 --> 00:01:40,050 There have been chances wherein developers have deployed outdated software versions or content management 17 00:01:40,050 --> 00:01:48,420 systems on subdomains, and there are publicly available exploit for those targeted softwares. 18 00:01:49,380 --> 00:01:58,170 Now it becomes very, very easy to identify these types of low hanging subdomains to easily target them 19 00:01:58,380 --> 00:01:59,870 and get a reward. 20 00:02:00,960 --> 00:02:08,880 That way, you should always start with identification of subdomains that can be hidden over there and 21 00:02:08,880 --> 00:02:09,660 be vulnerable. 22 00:02:11,010 --> 00:02:14,880 Now, what exactly is a subdomain that we are talking about? 23 00:02:15,340 --> 00:02:23,880 If you see into this figure over here as our target is evil corp dot com, it is known as the top level 24 00:02:23,880 --> 00:02:28,620 domain for any bug bounty program or any organization. 25 00:02:29,250 --> 00:02:33,200 No beta dot evil corp dot com is the subdomain. 26 00:02:33,540 --> 00:02:43,530 Remember, each and every subdomain start before the top level domain and start before the dot, as 27 00:02:43,530 --> 00:02:45,090 you can see over here. 28 00:02:47,800 --> 00:02:58,720 Now, alpha.beta.evilcorp.com is also called the sub sub domain or also known as vertical 29 00:02:58,720 --> 00:02:59,710 co-relation. 30 00:03:00,310 --> 00:03:07,090 This basically is an example of multiple subdomains under the top level domain. 31 00:03:07,450 --> 00:03:15,520 And yes, there have been many, many examples of many bug bounty programs wherein there are multiple 32 00:03:15,520 --> 00:03:21,880 sub subdomains which are hidden and which are vulnerable to multiple vulnerabilities. 33 00:03:22,750 --> 00:03:28,570 So, yes, identification of subdomain and sub subdomain is very, very important. 34 00:03:28,910 --> 00:03:32,140 And in the upcoming videos, we're going to see that. 35 00:03:32,140 --> 00:03:39,100 How can you identify the subdomains or the hidden sub subdomains, which are not known by other security 36 00:03:39,100 --> 00:03:44,080 researchers, and you can easily identify issues of flaws into them. 37 00:03:44,950 --> 00:03:50,030 So I hope you guys understood the importance of subdomains and what is a subdomain. 38 00:03:50,410 --> 00:03:51,010 Thank you.