Note that during these interviews I also moderate thus quality may vary.

Profile ๐Ÿ

  • 10yrs hacking
  • bug bounty X
  • has oscp, respectable standard
  • coding: ghetto bash, curl

Tips ๐Ÿ

  • mentors, whoโ€™s in your corner and who can you communicate with
  • friendly helpful competition with peers
  • surround yourself with people that have the qualities you wish to attain
  • be an autodidact, ie. self teach to an extent
  • put the time in ~8+ hours a day, ie. bruteforce while watching Adventure Time
  • no one can teach you the practical skills, ie. experience
  • canโ€™t be single-minded, ie. get a multiple of your time
    • always have multiple irons in the fire
  • multiple censys account to avoid x
  • donโ€™t rely on tools, could have skewed results. E.g. screenshots cannot appropriately display underlying content, errors and functionality.
  • user correct host header, cname in host header
  • reading RFCโ€™s and leveraging that knowledge a la Inti
  • requests are free
  • vhost scan
  • everything youโ€™re doing is to extend your attack surface
  • discovery > web skills
  • fuzz interesting things

Routine ๐Ÿ

  1. wake up, coffee
  2. 6-7 Verizon hosts of interest found over night
  3. nmap 80,443,xxx,xx
  4. based on that look for target to hit
  5. shodan, censys, xx over night look for interesting
  6. brute force those hosts
  7. hack those if anything interesting

Workflow ๐Ÿ

Automation = dns resolution

  1. donโ€™t rescan, assume assets donโ€™t change every X week
  2. nmap nmap -T 4 -iL hosts -Pn --script=http-title -p80,4443,4080,443 --open
  3. filter out new stuff
  4. burp
  5. run scan
  6. fuzz while scan is running
  7. intruder

Tools ๐Ÿ

  • nmap
  • amass
  • ffuf

Collaboration ๐Ÿ

  • Would like to collab with agarri
  • Shout out to shubz, x, green hat hackers

What's buzzing?

If you have a question, a comment, or if you just want to say hi, feel free to reach out on Twitter.