.png)
4 months ago
56 BOOK THIS SPACE FOR AD
ARTICLE ADAT&T is one of the large scope programs, meaning that everything that AT&T owns and manages is included within its scope. But what exactly does “everything” mean when I say that? Essentially, it means that almost all of AT&T’s digital assets are in scope, except for those specifically mentioned in the HackerOne scope section as “Out of scope.”
Note: Keep in mind that this article is not about reconnaissance but rather focuses on confirming asset ownership.
https://hackerone.com/att/policy_scopes
There are a few assets that are very clear regarding the scope of AT&T with zero doubts, and two of them are *.att.com and *.att.com.mx. All subdomains of these two domains are considered in-scope assets, so you can confidently hunt on any of them without hesitation.
Let’s discuss how to confirm which assets are owned by AT&T. With its numerous subsidiaries, it can be challenging to pinpoint exactly what belongs to AT&T. Based on my experience hunting for AT&T, I’ve found a few effective methods to identify unique assets that fall within their scope.
In my initial days, one of the first things I learned was to search for assets using the
Legal name which is “AT&T SERVICES, INC”AT&T Branding — AT&T Logo / Color theme of the BrandCopyright notice and trademark attributionWHOIS is very helpful for finding the organization name, which you can use to verify other assets. If they share the same organization name, it confirms the ownership of the asset.
The following command will provide the organization name if it is publicly visible:
whois att.com | grep OrgBranding can often be confirmed through the official website, but it’s important to note that not all assets will prominently display a logo. Therefore, it’s crucial to stay vigilant when searching for assets.
For instance, an in-scope asset without a visible logo is: https://miattweb.att.com.mx/.
And finally, there’s the copyright notice and trademark attribution mentioned in the footer of websites. While not all assets include this section, branding and domain details can still provide confidence about in-scope assets.
For instance, an in-scope asset without a copyright notice is: https://miattweb.att.com.mx/.
Sometimes, basic Google dorks can help you confirm the asset ownership as well.
site:att.com -www "asset.com"If the details are mentioned on the official website, then there’s a good chance that the asset belongs to AT&T.
To complete the article, let’s refine and summarize the discussion on confirming and finding assets, using the example of att.net:
“att.net” is a domain owned by AT&T, primarily serving as a web portal and email service for AT&T customers. While the main domain is owned by AT&T, not all subdomains “*.att.net” are included in their bug bounty program scope.
In such cases, effective reconnaissance skills are crucial to identify assets beyond the main domain. Here’s an example of the domain with branding and copyright details.
https://lsreg.att.net/
https://ipnetwork.bgtmo.ip.att.net/pws/
Soon, Insha Allah, I will share the detailed article about finding hidden assets through different methods. For now, Allah Hafiz and take care.
If you found this article helpful, show your appreciation by supporting me through Buy Me a Coffee.
https://www.buymeacoffee.com/imusabkhan
I hope you found this write-up interesting. If you have any queries, feel free to reach out to me at musabkhan.queries@gmail.com. Also, don’t forget to follow me on my social media profiles for more updates. Thank you for reading!
Youtube: https://www.youtube.com/musabkhan
Linkedin: https://www.linkedin.com/in/musab1995/
Twitter: https://twitter.com/Musab1995
Facebook: https://www.facebook.com/imusabkhan
Github: https://github.com/imusabkhan/
Instagram: imusabkhan
Bengali (Bangladesh) · 
English (United States) ·