Updated on

Nahamsec interviews Todayisnew

Eric crossed $2M in bounties. His handle is a reminder to focus on the gift we are given with each new day. His friendly demeanor, and automation are highly sought after.

Tags that this post has been filed under.

Table of contents

Interview 🐝

note that during these interviews I also moderate so quality may vary.

Profile 🐝

  • Eric
  • Had great teachers in high school
    • Got into coding
  • No college
  • No certificates or training
  • 42 years old
  • Inspiration/mentor Frans Rosen

Bug bounty 🐝

  • Started in 2015, just left a start up
  • Wanted to work from home
  • Didn’t have any money, was in cc debt
  • First bounty on Google
  • Found out about HackerOne
  • Doesn’t portscan currently
  • Hobbies
    • Halloween clown

Learning 🐝

Books 🐝

Has difficulty focusing attention to memory, so decided to write apps to help him with these tasks.

  • iOS Flash - learning how to make iOS apps in flash.
  • Cydia jailbreaking

Automation 🐝

  • $5000 CAD p/m
  • 11.000 Programs
  • Automated his life same way as bug bounties, when to shower, eat lunch etc.
  • Anything he does a couple of times he automates
    • e.g. Report template submission
  • No structure, does what works
  • Stack
    • Golang (last 3 months)
    • Python
    • VB6
    • PHP
    • Bash
    • Dropbox
  • Runs servers at home
  • Uses Linode for subdomain enumeration (P2)
  • Subdomain takeover
  • All programs, doesn’t discriminate
  • Information Disclosure
    • Google Calendars
  • Apache server status
  • Own unique bugs P1-P2’s
digitalocean logo
Get $100 to try DigitalOcean

The go-to VPS for bug bounty hunters. I use it for all of my own recon and automation needs, plus it also doubles as a VPN. They have every cloud resource you need at an affordable price.

Wordlist 🐝

  • Waybackmachine
  • Pull every path and run against every domain
    • subdomain
    • path
  • Spray-and-pray
    • Once found something good add to wordlist
  • Random mutations
    • merge them together
    • combine with common words
  • 2 million line dictionary

Recon 🐝

  • Subdomain enumeration, more endpoints -> more bugs
  • Spider, waybackmachine
  • Reading reports and Twitter

Tools 🐝

  • ffuf
  • amass + frontend + backend
  • distributed tool
  • favorite tool: waybackmachine

Collaboration 🐝

  • Hogart Jesse
  • Neema
  • DC?
  • Douglas Day

Tips 🐝

  • You can be just as productive by working less
  • Take breaks!
  • Imposter Syndrome:
    • Everyone has amazing skills in their own way
  • Break everything down to smaller components so that it’s manageable

Routine 🐝

Every x weeks/month does a week of silence

  • Computer/phone provides reminders
    • Wake up
    • Heart rate
    • Shower
    • Breakfast
    • Go for a walk
    • Meditate
    • Take breaks

Enjoy my content?

You can support me in a couple of ways:

Buy me a Coffee or share it with your friends

Select links throughout the site are affiliates. They give me a small kickback, don't cost you anything extra and are always curated.

Don't bee a stranger

If you want to work together, have a question, or if you just want to say hi, feel free to reach out!

You can find me on Twitter, Discord, and Instagram.