Table of contents
Note that during these interviews I also moderate thus quality may vary.
- 10yrs hacking
- bug bounty X
- has oscp, respectable standard
- coding: ghetto bash, curl
- mentors, who’s in your corner and who can you communicate with
- friendly helpful competition with peers
- surround yourself with people that have the qualities you wish to attain
- be an autodidact, ie. self teach to an extent
- put the time in ~8+ hours a day, ie. bruteforce while watching Adventure Time
- no one can teach you the practical skills, ie. experience
- can’t be single-minded, ie. get a multiple of your time
- always have multiple irons in the fire
- multiple censys account to avoid x
- don’t rely on tools, could have skewed results. E.g. screenshots cannot appropriately display underlying content, errors and functionality.
- user correct host header, cname in host header
- reading RFC’s and leveraging that knowledge a la Inti
- requests are free
- vhost scan
- everything you’re doing is to extend your attack surface
- discovery > web skills
- fuzz interesting things
- wake up, coffee
- 6-7 Verizon hosts of interest found over night
- nmap 80,443,xxx,xx
- based on that look for target to hit
- shodan, censys, xx over night look for interesting
- brute force those hosts
- hack those if anything interesting
Automation = dns resolution
- don’t rescan, assume assets don’t change every X week
nmap -T 4 -iL hosts -Pn --script=http-title -p80,4443,4080,443 --open
- filter out new stuff
- run scan
- fuzz while scan is running
- Would like to collab with agarri
- Shout out to shubz, x, green hat hackers
Enjoy my content?
You can support me in a couple of ways:
Select links throughout the site are affiliates. They give me a small kickback, don't cost you anything extra and are always curated.
Sharing what matters in security. Every week I curate the InfoSec news, so you can focus on securing web apps and earning bug bounties.
As a thank you, you'll receive 85+ InfoSec RSS feeds.
No spam. Unsubscribe at any time.
What does it look like?