Nahamsec interviews Jobert Abma

Note that during these interviews I also moderate thus quality may vary.

Profile 🐝

• cofounder HackerOne
• 29 years old
• started hacking at 11 years old

HackerOne 🐝

• Genesis when 13 years old
• Visual Basics book
• Website got defaced -> learned about hacking and perform hacking
• Started company after graduating, worked for Dutch government and companies etc.

Workflow 🐝

• deep dive
• read docs
• ask questions
• always be learning
• take a lot of notes
• what’s interesting -> defenses that are in place
• read up on company -> what is impact for bug besides technical
• look for one bug type at a time (a lot of work)
  • helps you go deeper on each iteration
  • better coverage
• use knowledge for continuous integration

Tips 🐝

• Never stop learning
• Be eager to understand what you’re looking at
• Focus on learning to keep you motivated
• Focus on one target -> leverage information to find more
• Use what you know
  • GitLab uses similar stack as HackerOne
• Pay for features once you feel confident in bug hunting
  • Mention it in bug report for clarity and perhaps reimburstment or bonus
• Attack surface not always in new additions but in deleted ones
• IDOR
  • Don’t use existing ID’s authorization is already in place
• Beginners
  • Hack your own code
    • sunny day vs rainy day
      • write test with random input for example
  • Try all the things that you expect to go wrong
  • Try to break it
  • Think outside of the box
  • Structure it for yourself and focus on learning
• Security is thinking about defensive programming - anticipate tampering and how you handle these cases.
• book atomic habits

Tools 🐝

• Burp

School 🐝

• Learned how technology works
• Spend 10 weeks on IP stack
• Learned more about software dev and architecture
• Made him a better hacker

Certificates 🐝

• Not needed
• Forces you to learn a particular thing
• HackerOne profile > certificate

Links 🐝

• Interview
• Twitter