• Hive Five
  • Posts
  • NahamSec interview Jason Haddix

NahamSec interview Jason Haddix

Note that during these interviews I also moderate so quality may vary.

Profile

Very active, always giving back, and spearheaded Bugcrowd university bugcrowd.com/university/

His BBHM was my intro to recon. It was invaluable and made me fall in love with it.

  • 2005 Started hacking

  • 2009 Vulnerability Assessment → Pentester at Redspin

  • 2010 HP Pentest - on forefront of mobile

  • 2014 Bugcrowd leaderboard #1 or #2, battle with bitcork

  • 2016 Head of Trust and Security at Bugcrowd

  • Head of Security and Risk Management at Ubisoft

How to shot web origin

  • Having a methodology is always better

  • A checklist prevents you from missing/overlooking things

Recon methodology

  1. Check out scope for project

  • Check clauses in scope, e.g. Tesla even if not in scope tell us.

  1. Amass, Subfinder, MassDNS

  2. GitHub dork while tools above are running

  3. Look at acquisitions last 3 years

  4. Chrunchbase

  5. … Re-watch stream

Tools

  • Aquatone

  • Amass

  • Nmap

  • Burp

  • turbo intruder

  • faster than any other

  • not recursive

  • lacking capabilities vs CLI

  • Masscan

Routine

  • If invite is brand I know it sparks my interest

  • Put on EDM

  • Make sure tools are updated

Learning

  • Twitter

  • Put fuzzing strings, links into Evernote under each Bug Type

  • Google

Videos

  • Jason Haddix - How to Shot Web: Web and mobile hacking in 2015

  • Methodology 1, 2 and 3

  • Pentesterlab

  • Hacker101

  • Bugcrowd University

  • OWASP vulnerable machines collection

Tips

  • Web applications handbook

  • Test new tools on VDP with wildcard scopes

Coding

  • You don’t need to know how to code

  • Coding ≠ finding bugs

  • Programming ≠ scripting

  • Know basics, e.g. html, js etc

Wish he knew

  • Report write up is more important than the bug itself

  • Assume you’re writing it for someone who doesn’t know anything

  • What is the impact for the company in specific?

  • Make templates for each bug type being contextual risk for a company

  • Data disclosure

  • Explain how you found the bug

  • Take a video or screenshot showing the exploitation of the bug

  • Automation, know what to automate

Future

  • All distributed

  • Less heavy handed approach

  • More in the hands of hackers