6 Valuable Lessons I Learned Working for A Cybersecurity Startup
Ever wondered what it’s like to work at one of the fastest growing cybersecurity start ups in the world? In this blog post I share 6 life lessons I have learned from working at the #1 most popular bug bounty platform, HackerOne.
My Expense Report resulted in a Server-Side Request Forgery (SSRF) on Lyft
During a trip to a conference, I discovered that the Lyft app allowed users to create expense reports by exporting business ride history as a PDF or CSV file. Being an active Lyft user, this was excellent news to me since it made my life easier by simplifying the tedious process of work travel expenses. But it also begged the question: “Can I hack this thing?” Turned out, the answer is yes, thanks to my collaboration with Cody Brocious (@Daeken)
Shall We Play a Game?
When I hit 25,000 followers on Twitter, a few people mentioned that I should do a giveaway and make it special. Sure, I could give out random stuff for free and call it a ‘giveaway’ but I think it needs to be more personal. It should be something that will bring some value and will seem directly from me. After endless late nights of recon and brainstorming, I had an idea — create a recon CTF one I hit 30k. This CTF isn’t really that hard, it was developed with up and coming hackers in mind, but it requires you to think about how to find the right site(s) or endpoint(s) in order to complete it!
Chaining Multiple Vulnerabilities to Gain Admin Access
In April of this year I participated in a private program on HackerOne that was vulnerable to a series of IDOR that led to a complete takeover of an application. Unfortunately because this is a private program, I cannot disclose the name or company related information per their request. However I wanted to share the details on how I escalated my basic privileges from a regular “customer” account to an admin user.
Secure your Jenkins instance or hackers will force you to! (Snapchat’s $5,000 Vulnerability)
After presenting “Doing Recon Like a Boss” at levelUp and releasing a blog post on HackerOne about the same topic, I decided to start looking for a few vulnerabilities on public programs to see if that methodology is still applicable to public programs. As a part of this I decided to look at Slack and Snapchat’s bug bounty programs and preforming my recon exactly as described in the talk.