Note that during these interviews I also moderate thus quality may vary.
Profile 🐝
- 10yrs hacking
- bug bounty X
- has oscp, respectable standard
- coding: ghetto bash, curl
Tips 🐝
- mentors, who’s in your corner and who can you communicate with
- friendly helpful competition with peers
- surround yourself with people that have the qualities you wish to attain
- be an autodidact, ie. self teach to an extent
- put the time in ~8+ hours a day, ie. bruteforce while watching Adventure Time
- no one can teach you the practical skills, ie. experience
- can’t be single-minded, ie. get a multiple of your time
- always have multiple irons in the fire
- multiple censys account to avoid x
- don’t rely on tools, could have skewed results. E.g. screenshots cannot appropriately
display underlying content, errors and functionality. - user correct host header, cname in host header
- reading RFC’s and leveraging that knowledge a la Inti
- requests are free
- vhost scan
- everything you’re doing is to extend your attack surface
- discovery > web skills
- fuzz interesting things
Routine 🐝
- wake up, coffee
- 6-7 Verizon hosts of interest found over night
- nmap 80,443,xxx,xx
- based on that look for target to hit
- shodan, censys, xx over night look for interesting
- brute force those hosts
- hack those if anything interesting
Workflow 🐝
Automation = dns resolution
- don’t rescan, assume assets don’t change every X week
- nmap
nmap -T 4 -iL hosts -Pn --script=http-title -p80,4443,4080,443 --open - filter out new stuff
- burp
- run scan
- fuzz while scan is running
- intruder
Tools 🐝
- nmap
- amass
- ffuf
Collaboration 🐝
- Would like to collab with agarri
- Shout out to shubz, x, green hat hackers
Links 🐝
- Interview
- @TODO pull links from VOD