Nahamsec interviews Jason Haddix – securibee

   April 8, 2023  Posted in Mix


Video

Note that during these interviews I also moderate so quality may vary.

Profile

Very active, always giving back, and spearheaded Bugcrowd university bugcrowd.com/university/

His BBHM was my intro to recon. It was invaluable and made me fall in love with it.

  • 2005 Started hacking
  • 2009 Vulnerability Assessment → Pentester at Redspin
  • 2010 HP Pentest – on forefront of mobile
  • 2014 Bugcrowd leaderboard #1 or #2, battle with bitcork
  • 2016 Head of Trust and Security at Bugcrowd
  • Head of Security and Risk Management at Ubisoft

How to shot web origin

  • Having a methodology is always better
  • A checklist prevents you from missing/overlooking things

Recon methodology

  1. Check out scope for project
    • Check clauses in scope, e.g. Tesla even if not in scope tell us.
  2. Amass, Subfinder, MassDNS
  3. GitHub dork while tools above are running
  4. Look at acquisitions last 3 years
    1. Chrunchbase
  5. … Re-watch stream

The go-to VPS for bug bounty hunters. I use it for all of my own recon and automation needs, plus it also doubles as a VPN. They have every cloud resource you need at an affordable price.

  • Aquatone
  • Amass
  • Nmap
  • Burp
  • turbo intruder
    • faster than any other
    • not recursive
    • lacking capabilities vs CLI
  • Masscan

Routine

  • If invite is brand I know it sparks my interest
  • Put on EDM
  • Make sure tools are updated

Learning

  • Twitter
  • Put fuzzing strings, links into Evernote under each Bug Type
  • Google

Videos

  • Jason Haddix – How to Shot Web: Web and mobile hacking in 2015
  • Methodology 1, 2 and 3
  • Pentesterlab
  • Hacker101
  • Bugcrowd University
  • OWASP vulnerable machines collection

Tips

  • Web applications handbook
  • Test new tools on VDP with wildcard scopes

Coding

  • You don’t need to know how to code
  • Coding ≠ finding bugs
  • Programming ≠ scripting
  • Know basics, e.g. html, js etc

Wish he knew

  • Report write up is more important than the bug itself
    • Assume you’re writing it for someone who doesn’t know anything
    • What is the impact for the company in specific?
      • Make templates for each bug type being contextual risk for a company
        • Data disclosure
        • Explain how you found the bug
  • Take a video or screenshot showing the exploitation of the bug
  • Automation, know what to automate

Future

  • All distributed
  • Less heavy handed approach
  • More in the hands of hackers

Hive Five newsletter

Sharing what matters in security. Every week I curate the InfoSec news, so you can focus on securing web apps and earning bug bounties.

As a thank you, you’ll receive 100+ InfoSec RSS feeds.



Source link