• Hive Five
  • Posts
  • NahamSec interviews masonhck357

NahamSec interviews masonhck357

Video

Profile

33 years old Daniel Marte has only been hacking for 1 year, but has already made great strides. At the 6 month mark he decided to go full-time. He's mostly active on BugCrowd.

He hit rock bottom when his job was made redundant. This turned out to be a blessing in disguise. He started his IT journey in the helpdesk.

During that time he got his comptia and network+ certs. This is when he saw STOK's video, which immediately got him interested in bug bounty. He decided to attend DEFCON.

When he's not behind a computer, he loves going to the beach.

He hasn't collaborated a lot, but is open to it. He would collaborate with anyone, but looks forward to doing so with Nahamsec and Specters.

Learning

When he started his bug bounty journey he didn't know anything. He had no idea what the difference between a GET and a POST request was. Or how IPv4 or IPv6 worked.

He started off on the wrong foot by jumping directly into it and by blindly using tools without a solid foundation.

Realizing his mistakes he quickly recovered. This time he went for deep knowledge. He started reading the RFC, to get a solid foundation of how HTTP works. He began asking the right questions. How do headers work? What do these cookies mean? And then he would turn to Google for the answers.

He picked up Bash, which allowed him to build one-liners for himself, and became familiar with the CLI.

Tips

  • Watch others, and copy what they do, and then make it your own. Get familiar with the OWASP top 10 and focus on web security training.

  • As a beginner, pick one vulnerability type. Then pull up every single resource that you can find and go through them. While you're doing this ask yourself questions. What was the authors mindset? What was their approach? Once you become familiar with said vulnerability, start looking at the DoD program, and grind for 8-9 hours.

  • When picking a program look at the bounty tables. They have to be financially positives. After that he looks at the scope and the amount of features the app has.

  • When feeling burned out he goes into learning mode. He also tries to understand why it's happening. Always make sure to take long breaks. It's good to push yourself but don't overdo it.

  • Everyone deals with impostor syndrome. It's okay to acknowledge that he's a beginner.

  • Certifications aren't a requirements for bug bounty. That being said the OSCP can be valuable when you're searching for a job, as it can get you past HR.

  • Programming is beneficial, but not a requirement. However it's a requirement for himself. He just finished a JavaScript course, and is planning to take a Golang and Python course.

Recon

Recon means to gather intelligence, it's helpful when chaining vulnerabilities.

When approaching a single web app he performs the following steps:

  1. Use it as a user

  2. Go through sign up process and analyze requests

  3. Go through JavaScript automated and manually

  4. Waybackurls

  5. Take notes of interesting behavior/findings while analyzing (turns into checklist)

  6. Go through same process the next day while leveraging known data

{% sponsor 'digitalocean', 'https://m.do.co/c/3d1907a09a86' %}

Tools

  • FFUF

  • Waybackurls

  • gau

  • Burp Pro

  • Auto-repeater

  • Replacing auth tokens

  • Changing GET to POST

  • Change content type to XML

  • Look for error

  • Authorize

  • Upload scanner

  • Burp history

  • Compare sessions

Routine

He hacks for 8-12 hours a day. His routine consists of:

  1. Get up 5:00-5:30AM

  2. Meditate/gratitude

  • cognitive benefits

  • Listen to hacking related stuff

  1. Green juice

  2. Shower

  3. Start hacking

  4. Game / relax

  5. Hack some more (4 hours)

  • While in game queue go through Burp requests

  • Read write-ups

  • Perform light fuzzing

  1. Go to bed at 10:00PM