Table of contents
note that during these interviews I also moderate so quality may vary.
- Had great teachers in high school
- Got into coding
- No college
- No certificates or training
- 42 years old
- Inspiration/mentor Frans Rosen
Bug bounty 🐝
- Started in 2015, just left a start up
- Wanted to work from home
- Didn’t have any money, was in cc debt
- First bounty on Google
- Found out about HackerOne
- Doesn’t portscan currently
- Halloween clown
- 14 hour days
- Needed money
- HackerOne hacktivity
- Subdomain takeover
- Frans Rosen
- Cloudfront run in loop
- The more you can find the better
Has difficulty focusing attention to memory, so decided to write apps to help him with these tasks.
- iOS Flash - learning how to make iOS apps in flash.
- Cydia jailbreaking
- $5000 CAD p/m
- 11.000 Programs
- Automated his life same way as bug bounties, when to shower, eat lunch etc.
- Anything he does a couple of times he automates
- e.g. Report template submission
- No structure, does what works
- Golang (last 3 months)
- Runs servers at home
- Uses Linode for subdomain enumeration (P2)
- Subdomain takeover
- All programs, doesn’t discriminate
- Information Disclosure
- Google Calendars
- Apache server status
- Own unique bugs P1-P2’s
- Pull every path and run against every domain
- Once found something good add to wordlist
- Random mutations
- merge them together
- combine with common words
- 2 million line dictionary
- Subdomain enumeration, more endpoints -> more bugs
- Spider, waybackmachine
- Reading reports and Twitter
- amass + frontend + backend
- distributed tool
- favorite tool: waybackmachine
- Hogart Jesse
- Douglas Day
- You can be just as productive by working less
- Take breaks!
- Imposter Syndrome:
- Everyone has amazing skills in their own way
- Break everything down to smaller components so that it’s manageable
Every x weeks/month does a week of silence
- Computer/phone provides reminders
- Wake up
- Heart rate
- Go for a walk
- Take breaks
Enjoy my content?
You can support me in a couple of ways:
Select links throughout the site are affiliates. They give me a small kickback, don't cost you anything extra and are always curated.
Sharing what matters in security. Every week I curate the InfoSec news, so you can focus on securing web apps and earning bug bounties.
As a thank you, you'll receive 85+ InfoSec RSS feeds.
No spam. Unsubscribe at any time.
What does it look like?