Nahamsec interviews Todayisnew – securibee

   April 1, 2023  Posted in Mix


Interview

note that during these interviews I also moderate so quality may vary.

Profile

  • Eric
  • Had great teachers in high school
  • No college
  • No certificates or training
  • 42 years old
  • Inspiration/mentor Frans Rosen

Bug bounty

  • Started in 2015, just left a start up
  • Wanted to work from home
  • Didn’t have any money, was in cc debt
  • First bounty on Google
  • Found out about HackerOne
  • Doesn’t portscan currently
  • Hobbies

Learning

Books

Has difficulty focusing attention to memory, so decided to write apps to help him with these tasks.

  • iOS Flash – learning how to make iOS apps in flash.
  • Cydia jailbreaking

Automation

  • $5000 CAD p/m
  • 11.000 Programs
  • Automated his life same way as bug bounties, when to shower, eat lunch etc.
  • Anything he does a couple of times he automates
    • e.g. Report template submission
  • No structure, does what works
  • Stack
    • Golang (last 3 months)
    • Python
    • VB6
    • PHP
    • Bash
    • Dropbox
  • Runs servers at home
  • Uses Linode for subdomain enumeration (P2)
  • Subdomain takeover
  • All programs, doesn’t discriminate
  • Information Disclosure
  • Apache server status
  • Own unique bugs P1-P2’s

The go-to VPS for bug bounty hunters. I use it for all of my own recon and automation needs, plus it also doubles as a VPN. They have every cloud resource you need at an affordable price.

Wordlist

  • Waybackmachine
  • Pull every path and run against every domain
  • Spray-and-pray
    • Once found something good add to wordlist
  • Random mutations
    • merge them together
    • combine with common words
  • 2 million line dictionary

Recon

  • Subdomain enumeration, more endpoints -> more bugs
  • Spider, waybackmachine
  • Reading reports and Twitter
  • ffuf
  • amass + frontend + backend
  • distributed tool
  • favorite tool: waybackmachine

Collaboration

  • Hogart Jesse
  • Neema
  • DC?
  • Douglas Day

Tips

  • You can be just as productive by working less
  • Take breaks!
  • Imposter Syndrome:
    • Everyone has amazing skills in their own way
  • Break everything down to smaller components so that it’s manageable

Routine

Every x weeks/month does a week of silence

  • Computer/phone provides reminders
    • Wake up
    • Heart rate
    • Shower
    • Breakfast
    • Go for a walk
    • Meditate
    • Take breaks

Hive Five newsletter

Sharing what matters in security. Every week I curate the InfoSec news, so you can focus on securing web apps and earning bug bounties.

As a thank you, you’ll receive 100+ InfoSec RSS feeds.



Source link