
Plucking the low hanging fruit of data and security breaches. How to be rewarded even if there's no bug bounty program (hackerhotel2024)
Chaos Computer Club - archive feed · SchizoDuckie
February 11, 202450m 21s
Audio is streamed directly from the publisher (cdn.media.ccc.de) as published in their RSS feed. Play Podcasts does not host this file. Rights-holders can request removal through the copyright & takedown page.
Show Notes
I call myself "The Lamest Hacker You Know". I don 't use Kali, 0days, Burp Suite or any tools besides Curl, A browser, and clients for existing software, combined with (semi) open data sources. Probably 90% of my findings are for companies that don't have a CISO an never even heard the term "Bug Bounty Program", In this talk I will give some tips on how to reach out to a company out-of-the-blue and not have them hate you.
I call myself "The Lamest Hacker You Know".
I don 't use Kali, 0days, burp suite or any tools besides Curl and some (semi) open data sources.
Probably 90% of my findings are for companies that don't even have a CISO and never even heard of a Bug Bounty Program and yet, I have been rewarded for finds that will make you go "yikes".
I never once got into trouble because of how I operate: Being radically open.
In this talk I will look back on some cases I never made public, show you how I work, the upsides and the downsides, and give some tips on how to reach out to a company out-of-the-blue and not have them hate you.
about this event: https://pretalx.hackerhotel.nl/hackerhotel-2024/talk/FPMLCB/
Topics
hackerhotel20241102024Talks