Table of contents
Video π
Note that during these interviews I also moderate so quality may vary.
Profile π
Very active, always giving back, and spearheaded Bugcrowd university bugcrowd.com/university/
His BBHM was my intro to recon. It was invaluable and made me fall in love with it.
- 2005 Started hacking
- 2009 Vulnerability Assessment β Pentester at Redspin
- 2010 HP Pentest - on forefront of mobile
- 2014 Bugcrowd leaderboard #1 or #2, battle with bitcork
- 2016 Head of Trust and Security at Bugcrowd
- Head of Security and Risk Management at Ubisoft
How to shot web origin π
- Having a methodology is always better
- A checklist prevents you from missing/overlooking things
Recon methodology π
- Check out scope for project
- Check clauses in scope, e.g. Tesla even if not in scope tell us.
- Amass, Subfinder, MassDNS
- GitHub dork while tools above are running
- Look at acquisitions last 3 years
- Chrunchbase
- β¦ Re-watch stream
The go-to VPS for bug bounty hunters. I use it for all of my own recon and automation needs, plus it also doubles as a VPN. They have every cloud resource you need at an affordable price.
Favorite tools π
- Aquatone
- Amass
- Nmap
- Burp
- turbo intruder
- faster than any other
- not recursive
- lacking capabilities vs CLI
- Masscan
Routine π
- If invite is brand I know it sparks my interest
- Put on EDM
- Make sure tools are updated
Learning π
- Put fuzzing strings, links into Evernote under each Bug Type
Videos π
- Jason Haddix - How to Shot Web: Web and mobile hacking in 2015
- Methodology 1, 2 and 3
- Pentesterlab
- Hacker101
- Bugcrowd University
- OWASP vulnerable machines collection
Tips π
- Web applications handbook
- Test new tools on VDP with wildcard scopes
Coding π
- You donβt need to know how to code
- Coding β finding bugs
- Programming β scripting
- Know basics, e.g. html, js etc
Wish he knew π
- Report write up is more important than the bug itself
- Assume youβre writing it for someone who doesnβt know anything
- What is the impact for the company in specific?
- Make templates for each bug type being contextual risk for a company
- Data disclosure
- Explain how you found the bug
- Make templates for each bug type being contextual risk for a company
- Take a video or screenshot showing the exploitation of the bug
- Automation, know what to automate
Future π
- All distributed
- Less heavy handed approach
- More in the hands of hackers
Featured in π
Enjoy my content?
You can support me in a couple of ways:
Buy me a Coffee or share it with your friends
Select links throughout the site are affiliates. They give me a small kickback, don't cost you anything extra and are always curated.
Hive Five newsletter
Sharing what matters in security. Every week I curate the InfoSec news, so you can focus on securing web apps and earning bug bounties.
As a thank you, you'll receive 85+ InfoSec RSS feeds.
No spam. Unsubscribe at any time.
What does it look like?





