Last month, the Singapore Ministry of Defence (MINDEF) concluded their 2nd bug bounty program with HackerOne ; Eugene Lim, a 24 year old Singaporean hacker, was the top hacker in the program.
He spends about 10 hours weekly hacking, shares that Bug hunting is about 80% reconnaissance and discovery and 20% exploitation.
Best practices:
Bug hunting is about 80% reconnaissance and discovery and 20% exploitation. This is because most targets are black-box, meaning you can't see or analyse the source code, requiring bug hunters to figure out how the applications work from the outside.
In most cases, once you have found the vulnerability, exploitation is relatively straightforward and requires just a little bit of creative thinking to get past certain defences. Most of the work is spent analysing web traffic and Javascript code to discover the vulnerabilities.
Tips:
He learned by reading HackerOne’s e-book about web hacking and joined Hacker101’s Mini-Capture the Flag (CTF) exercises and Discord.
Eugene will be donating $10,000 prize money to the Community Chest, a non-profit organisation that channels resources to the social service sector in Singapore, and saving / investing the rest!
He spends about 10 hours weekly hacking, shares that Bug hunting is about 80% reconnaissance and discovery and 20% exploitation.
Best practices:
Bug hunting is about 80% reconnaissance and discovery and 20% exploitation. This is because most targets are black-box, meaning you can't see or analyse the source code, requiring bug hunters to figure out how the applications work from the outside.
In most cases, once you have found the vulnerability, exploitation is relatively straightforward and requires just a little bit of creative thinking to get past certain defences. Most of the work is spent analysing web traffic and Javascript code to discover the vulnerabilities.
Tips:
He learned by reading HackerOne’s e-book about web hacking and joined Hacker101’s Mini-Capture the Flag (CTF) exercises and Discord.
Eugene will be donating $10,000 prize money to the Community Chest, a non-profit organisation that channels resources to the social service sector in Singapore, and saving / investing the rest!
Web Hacking 101 Ebook |
Comments