Hacker1

No explicit questions like "how do I hack xxx.com" please!
Post Reply
User avatar
ph0bYx
Staff Member
Staff Member
Posts: 2026
Joined: 22 Sep 2008, 16:00
12
Contact:

Hacker1

Post by ph0bYx »

Anyone tried out www.hackerone.com? I was thinking on, now as an experienced developer, to dip my toes in the security/bug bounty space :)
That place seems like a good to try out :-k

User avatar
ayu
Staff
Staff
Posts: 8066
Joined: 27 Aug 2005, 16:00
15
Contact:

Re: Hacker1

Post by ayu »

Did a quick try a while back, but being too easily stressed I had to stop :lol:. I would pick something obscure to play around with OR like some other people have been doing, focus on automating it : D.
"The best place to hide a tree, is in a forest"

User avatar
ph0bYx
Staff Member
Staff Member
Posts: 2026
Joined: 22 Sep 2008, 16:00
12
Contact:

Re: Hacker1

Post by ph0bYx »

Oh yes, love to automate stuff nowadays :D
That's probably what I'll focus on - create new tooling / automation.
Any pointers there? Like what would you like to see being automated or having a tool for?

User avatar
ayu
Staff
Staff
Posts: 8066
Joined: 27 Aug 2005, 16:00
15
Contact:

Re: Hacker1

Post by ayu »

ph0bYx wrote:
26 Mar 2021, 04:21
Oh yes, love to automate stuff nowadays :D
That's probably what I'll focus on - create new tooling / automation.
Any pointers there? Like what would you like to see being automated or having a tool for?
Well, I would do my research first.
Start by picking 10-20 sites from HackerOne that you want to focus on.
Research what vulns they accept, and automate that (like XSS).
Of course others are probably doing this, so maybe not want to jump straight to automating, but first finding your "thing" :-k.

When I did bug bounty hunting my biggest mistake was to not research about the company first. I found a number of vulns, but only one of the companies actually paid me for it (which I would have known if I read their documentation on Hacker1 first properly).
"The best place to hide a tree, is in a forest"

User avatar
ph0bYx
Staff Member
Staff Member
Posts: 2026
Joined: 22 Sep 2008, 16:00
12
Contact:

Re: Hacker1

Post by ph0bYx »

I'll snoop around, thanks! *thumb*

User avatar
maboroshi
Dr. Mab
Dr. Mab
Posts: 1610
Joined: 28 Aug 2005, 16:00
15

Re: Hacker1

Post by maboroshi »

Haha talk about coincidences, just yesterday I sent a link to bb

Code: Select all

https://hackerone.com/fetlife?type=team
saying that he was probably one of the reasons for their website bug bounty. :-P :-)
One cannot possess knowledge, but one can be possessed by knowledge

User avatar
bad_brain
Site Owner
Site Owner
Posts: 11564
Joined: 06 Apr 2005, 16:00
16
Location: The zone.
Contact:

Re: Hacker1

Post by bad_brain »

maboroshi wrote:
26 Mar 2021, 13:40
Haha talk about coincidences, just yesterday I sent a link to bb

Code: Select all

https://hackerone.com/fetlife?type=team
saying that he was probably one of the reasons for their website bug bounty. :-P :-)
l might submit a bug, using RoR counts as one, right? :lol:

but seriously, until mab told me about that site I had never heard of it. might be a good way to make some bucks, but on the other hand it's kinda pathetic that companies raking in a huge amount of money obviously don't even have their own security department for quality assurance.... :-k
Image

User avatar
maboroshi
Dr. Mab
Dr. Mab
Posts: 1610
Joined: 28 Aug 2005, 16:00
15

Re: Hacker1

Post by maboroshi »

bad_brain wrote:
27 Mar 2021, 17:28
but seriously, until mab told me about that site I had never heard of it.
I have never heard of it until the other day as well, which is why the coincidence. :-)
One cannot possess knowledge, but one can be possessed by knowledge

Post Reply