A cybersecurity researcher explains how they targeted a specific organisation for a bug bounty programme by modifying their search queries.
After reviewing over 100 targets, the researcher realised that the targets were not updated, and thus unlikely to respond to reports of vulnerabilities.
By focusing on company domain names that end with specific country codes, the researcher was able to find a target that was self-hosted.
The target was a data management and search platform, which featured a function for adding and deleting management keys.
Management keys are critical administrative passwords, and as such, presents an opportunity for the researcher to identify a vulnerability.