Table of contents
note that during these interviews I also moderate so quality may vary.
Profile π
- Eric
- Highschool, great teachers
- Got into coding
- No college
- No certificates or training
- 42 years old
- Inspiration/mentor Frans Rosen
Bug bounty π
- Started in 2015, just left a start up
- Wanted to work from home
- Didnβt have any money, was in cc debt
- First bounty on Google
- Found out about HackerOne
- Doesnβt portscan currently
- Hobbies
- Halloween clown
Learning π
- 14 hour days
- Needed money
- HackerOne hacktivity
- Subreddit
- Subdomain takeover
- Frans Rosen
- Cloudfront run in loop
- The more you can find the better
Automation π
- $5000 CAD p/m
- 11.000 Programs
- Automated his life same way as bug bounties, when to shower, eat lunch etc.
- Anything he does a couple of times he automates
- e.g. Report template submission
- No structure, does what works
- Stack
- Golang (last 3 months)
- Python
- VB6
- PHP
- Bash
- Dropbox
- Runs servers at home
- Subdomain enumeration P2-ish
- Subdomain takeover
- All programs, doesnβt discriminate
- Information Disclosure
- Google Calendars
- Apache server status
- Own unique bugs P1-P2βs
Wordlist π
- Waybackmachine
- Pull every path and run against every domain
- subdomain
- path
- Spray-and-pray
- Once found something good add to wordlist
- Random mutations
- merge them together
- combine with common words
- 2 million line dictionary
Recon π
- Subdomain enumeration, more endpoints -> more bugs
- Spider, waybackmachine
- Reading reports and Twitter
Tools π
- ffuf
- amass + frontend + backend
- distributed tool
- favorite tool: waybackmachine
Collaboration π
- Hogart Jesse
- Neema
- DC?
- Douglas Day
Tips π
- You can be just as productive by working less
- Take breaks!
- Imposter Syndrom:
- Everyone has amazing skills in their own way
- Break everything down to smaller components so that itβs managable
Routine π
Every x weeks/month does a week of silence
- Computer/phone provides reminders
- Wake up
- Heartrate
- Shower
- Breakfast
- Go for a walk
- Meditate
- Take breaks
Links π
Hive five
A weekly newsletter where I share my 5 most interesting findings.
Subscribers receive 78 information security news resources in a helpful OPML file, ready for import.
No spam. Just pure, 100% raw, unfiltered honey.