Nahamsec Interviews Rhok

Note that during these interviews I also moderate thus quality may vary.

Profile 🐝

During junior year in college he signed up to drive for Uber and found a PII bug
- Signed up for HackerOne to report bug to Uber private program
  - Received couple thousand dollars and started to look more into bug bounties
Bug bounties landed him his first infosec job at Synack as security analyst
Currently works at Okta
- Provided him with vendor side insight wrt bug bounties
  - SLA etc.
- His role is to code review new functionality

First event he was invited to was h1702
- Didn’t know what to do went in head first
- met Peter Yaworski

What does it mean to you?
- Motivate each other
- Everyone has a different mindset
Often collaborates with
- ZephyrFish
- Zseano
- Jaworski

Reading things from hacking activity
Going on YouTube or just googling things
Talking to people in the community, e.g. on Twitter
Once did 120 bugs in 120 days
- Read article by Shubz doing 30 bugs in 30 days
  https://shubs.io/high-frequency-security-bug-hunting-120-days-120-bugs/
- Wanted to challenge himself
- Lessons learned
  - Really get to know your target
Started following bug bounty hunters on Twitter and their blogs
- Peter Yaworski
- Frans Rosen
- Matthias
- Jack https://hackerone.com/wkcaj
How to learn new things
- Do research
  - How did they go about it
    - Whitelist vs blacklist
  - What tools did they use
  - A lot of reading
- CTF
  - Helps you think outside of the box
  - Promotes collaboration

Codes with Python
- Not required for hunting but helps, especially with code review
- Helpful for automation

Be patient
- Don’t constantly ask for updates as it’s immature
Don’t be lazy
- Don’t immediately reach for tools such as SQLMap
  - Try to understand how it all works

Recon
- Understand what the product is about, what they have to offer
- I do more vertical recon opposed to horizontal