Note that during these interviews I also moderate thus quality may vary.

Profile 🐝

  • cofounder HackerOne
  • 29 years old
  • started hacking at 11 years old

HackerOne 🐝

  • Genesis when 13 years old
  • Visual Basics book
  • Website got defaced -> learned about hacking and perform hacking
  • Started company after graduating, worked for Dutch government and companies etc.

Workflow 🐝

  • deep dive
  • read docs
  • ask questions
  • always be learning
  • take a lot of notes
  • what’s interesting -> defenses that are in place
  • read up on company -> what is impact for bug besides technical
  • look for one bug type at a time (a lot of work)
    • helps you go deeper on each iteration
    • better coverage
  • use knowledge for continuous integration

Tips 🐝

  • Never stop learning
  • Be eager to understand what you’re looking at
  • Focus on learning to keep you motivated
  • Focus on one target -> leverage information to find more
  • Use what you know
    • GitLab uses similar stack as HackerOne
  • Pay for features once you feel confident in bug hunting
    • Mention it in bug report for clarity and perhaps reimburstment or bonus
  • Attack surface not always in new additions but in deleted ones
  • IDOR
    • Don’t use existing ID’s authorization is already in place
  • Beginners
    • Hack your own code
      • sunny day vs rainy day
        • write test with random input for example
    • Try all the things that you expect to go wrong
    • Try to break it
    • Think outside of the box
    • Structure it for yourself and focus on learning
  • Security is thinking about defensive programming - anticipate tampering and how you handle these cases.
  • book atomic habits

Tools 🐝

  • Burp

School 🐝

  • Learned how technology works
  • Spend 10 weeks on IP stack
  • Learned more about software dev and architecture
  • Made him a better hacker

Certificates 🐝

  • Not needed
  • Forces you to learn a particular thing
  • HackerOne profile > certificate

Enjoy my content?

You can support me in a couple of ways:

Buy me a Coffee or share it with your friends

Select links throughout the site are affiliates. They give me a small kickback, don't cost you anything extra and are always curated.

Don't bee a stranger

If you want to work together, have a question, or if you just want to say hi, feel free to reach out!

You can find me on Twitter, Discord, and Instagram.