NahamSec interview Jobert Abma

PROFILE

• cofounder HackerOne

• 29 years old

• started hacking at 11 years old

HACKERONE

• Genesis when 13 years old

• Visual Basics book

• Website got defaced -> learned about hacking and perform hacking

• Started company after graduating, worked for Dutch government and companies etc.

WORKFLOW

• deep dive

• read docs

• ask questions

• always be learning

• take a lot of notes

• what’s interesting -> defenses that are in place

• read up on company -> what is impact for bug besides technical

• look for one bug type at a time (a lot of work)

• helps you go deeper on each iteration

• better coverage

• use knowledge for continuous integration

TIPS

• Never stop learning

• Be eager to understand what you’re looking at

• Focus on learning to keep you motivated

• Focus on one target -> leverage information to find more

• Use what you know

• GitLab uses similar stack as HackerOne

• Pay for features once you feel confident in bug hunting

• Mention it in bug report for clarity and perhaps reimburstment or bonus

• Attack surface not always in new additions but in deleted ones

• IDOR

• Don’t use existing ID’s authorization is already in place

• Beginners

• Hack your own code

• sunny day vs rainy day

• write test with random input for example

• Try all the things that you expect to go wrong

• Try to break it

• Think outside of the box

• Structure it for yourself and focus on learning

• Security is thinking about defensive programming - anticipate tampering and how you handle these cases.

• book atomic habits

TOOLS

• Burp

SCHOOL

• Learned how technology works

• Spend 10 weeks on IP stack

• Learned more about software dev and architecture

• Made him a better hacker

CERTIFICATES

• Not needed

• Forces you to learn a particular thing

• HackerOne profile > certificate

LINKS

• Twitter