Table of contents
Note that during these interviews I also moderate thus quality may vary.
- Got into hacking in middleschool
- Cicumventing security on school laptops.
- Bypass school web filter, youtube etc.
- Got into web app hacking through hackthissite missions
- Breakthrough moment was hacking on Department of Defense
- Thought of DoD hacking was very novel.
- Wanted more challenge coins.
- Good training ground
- Different coding languages etc.
- Gathering as much actionable information as possible.
- How does company operate
- Google dorking
- Internal documents
- Read the documentation and leverage that information
- Burp Suite
- List subdomains
- Focus on stuff that is more vulnerable
- Look for interesting subdomain names, dev, console, test, vpn, graphana, beta, staging
- Google dork with interesting subdomain
- Brute force directories
- Look for interesting behaviour
- Are there weird errors
- Is there a proxy
- Try to change host header to localhost
- Are there apis?
- Monitor Twitter, it’s an endless source of info
- Knowing how to code is not needed
- Understand when to disconnect and take time off to prevent burnout.
- Just because you missed something that someone else didn’t doesn’t mean you’re bad.
- Ask good questions (not things you can Google)
- Asking for help isn’t inherently bad
- Checklist can consist of Google dorks, documentation, API that’s over permissive
- To learn and help secure stuff. Protecting websites against hackers.
- Money is a big motivator
- Hacking is meditative
Imposter syndrome 🐝
- Definitely a thing
- Rather to see it as a fault of your own and see it as a challenge.
- It’s manageable and you can work on it
- If person X found a big vulnerability and you didn’t just learn from it and use it in the future.
- Started of solo
- Once they started to collab you’re able to accomplish so much more.
- You’re able to share informationa and styles of hacking, e.g. breaking things apart vs recon head.
- You can combine different experiences and profit