Video
Profile
33 years old Daniel Marte has only been hacking for 1 year, but has already made great strides. At the 6 month mark he decided to go full-time. He’s mostly active on BugCrowd.
He hit rock bottom when his job was made redundant. This turned out to be a blessing in disguise. He started his IT journey in the helpdesk.
During that time he got his comptia and network+ certs. This is when he saw STOK’s video, which immediately got him interested in bug bounty. He decided to attend DEFCON.
When he’s not behind a computer, he loves going to the beach.
He hasn’t collaborated a lot, but is open to it. He would collaborate with anyone, but looks forward to doing so with Nahamsec and Specters.
Learning
When he started his bug bounty journey he didn’t know anything. He had no idea what the difference between a GET and a POST request was. Or how IPv4 or IPv6 worked.
He started off on the wrong foot by jumping directly into it and by blindly using tools without a solid foundation.
Realizing his mistakes he quickly recovered. This time he went for deep knowledge. He started reading the RFC, to get a solid foundation of how HTTP works. He began asking the right questions. How do headers work? What do these cookies mean? And then he would turn to Google for the answers.
He picked up Bash, which allowed him to build one-liners for himself, and became familiar with the CLI.
Tips
- Watch others, and copy what they do, and then make it your own. Get familiar with the OWASP top 10 and focus on web security training.
- As a beginner, pick one vulnerability type. Then pull up every single resource that you can find and go through them. While you’re doing this ask yourself questions. What was the authors mindset? What was their approach? Once you become familiar with said vulnerability, start looking at the DoD program, and grind for 8-9 hours.
- When picking a program look at the bounty tables. They have to be financially positives. After that he looks at the scope and the amount of features the app has.
- When feeling burned out he goes into learning mode. He also tries to understand why it’s happening. Always make sure to take long breaks. It’s good to push yourself but don’t overdo it.
- Everyone deals with impostor syndrome. It’s okay to acknowledge that he’s a beginner.
- Certifications aren’t a requirements for bug bounty. That being said the OSCP can be valuable when you’re searching for a job, as it can get you past HR.
- Programming is beneficial, but not a requirement. However it’s a requirement for himself. He just finished a JavaScript course, and is planning to take a Golang and Python course.
Recon
Recon means to gather intelligence, it’s helpful when chaining vulnerabilities.
When approaching a single web app he performs the following steps:
- Use it as a user
- Go through sign up process and analyze requests
- Go through JavaScript automated and manually
- Waybackurls
- Take notes of interesting behavior/findings while analyzing (turns into checklist)
- Go through same process the next day while leveraging known data
The go-to VPS for bug bounty hunters. I use it for all of my own recon and automation needs, plus it also doubles as a VPN. They have every cloud resource you need at an affordable price.
- FFUF
- Waybackurls
- gau
- Burp Pro
- Auto-repeater
- Replacing auth tokens
- Changing GET to POST
- Change content type to XML
- Authorize
- Upload scanner
- Burp history
- Auto-repeater
Routine
He hacks for 8-12 hours a day. His routine consists of:
- Get up 5:00-5:30AM
- Meditate/gratitude
- cognitive benefits
- Listen to hacking related stuff
- Green juice
- Shower
- Start hacking
- Game / relax
- Hack some more (4 hours)
- While in game queue go through Burp requests
- Read write-ups
- Perform light fuzzing
- Go to bed at 10:00PM
Links
Hive Five newsletter
Sharing what matters in security. Every week I curate the InfoSec news, so you can focus on securing web apps and earning bug bounties.
As a thank you, you’ll receive 100+ InfoSec RSS feeds.