Note that during these interviews I also moderate thus quality may vary.

Profile 🐝

  • Kevin aka Rhok
  • Been doing bug bounties for 4 years
  • Works at Okta
  • Hacks a couple times a month
  • First program: Uber
  • First vulnerability: Sensitive Information Disclosure
  • First bounty: $3350
  • Best purchase: provide money for parents
  • Favorite bug type: RCE
  • Mentor: Peter Yaworski
  • Favorite tool: Burp
  • Hobbies: gaming

Timeline 🐝

  • During junior year in college he signed up to drive for Uber and found a PII bug
    • Signed up for HackerOne to report bug to Uber private program
      • Received couple thousand dollars and started to look more into bug bounties
  • Bug bounties landed him his first infosec job at Synack as security analyst
  • Currently works at Okta
    • Provided him with vendor side insight wrt bug bounties
      • SLA etc.
    • His role is to code review new functionality

Live hacking events 🐝

  • First event he was invited to was h1702
    • Didn’t know what to do went in head first
    • met Peter Yaworski

Collaboration 🐝

  • What does it mean to you?
    • Motivate each other
    • Everyone has a different mindset
  • Often collaborates with
    • ZephyrFish
    • Zseano
    • Jaworski

Learning 🐝

  • Reading things from hacking activity
  • Going on YouTube or just googling things
  • Talking to people in the community, e.g. on Twitter
  • Once did 120 bugs in 120 days
  • Started following bug bounty hunters on Twitter and their blogs
  • How to learn new things
    • Do research
      • How did they go about it
        • Whitelist vs blacklist
      • What tools did they use
      • A lot of reading
    • CTF
      • Helps you think outside of the box
      • Promotes collaboration

Programming 🐝

  • Codes with Python
    • Not required for hunting but helps, especially with code review
    • Helpful for automation

Advice 🐝

  • Be patient
    • Don’t constantly ask for updates as it’s immature
  • Don’t be lazy
    • Don’t immediately reach for tools such as SQLMap
      • Try to understand how it all works

Methodology 🐝

  • Recon
    • Understand what the product is about, what they have to offer
    • I do more vertical recon opposed to horizontal

What's buzzing?

If you have a question, a comment, or if you just want to say hi, feel free to reach out on Twitter.