When I hit 25,000 followers on Twitter, a few people mentioned that I should do a giveaway and make it special. Sure, I could give out random stuff for free and call it a ‘giveaway’ but I think it needs to be more personal. It should be something that will bring some value and will seem directly from me. After endless late nights of recon and brainstorming, I had an idea — create a recon CTF one I hit 30k. This CTF isn’t really that hard, it was developed with up and coming hackers in mind, but it requires you to think about how to find the right site(s) or endpoint(s) in order to complete it! 

In April of this year I participated in a private program on HackerOne that was vulnerable to a series of IDOR that led to a complete takeover of an application. Unfortunately because this is a private program, I cannot disclose the name or company related information per their request. However I wanted to share the details on how I escalated my basic privileges from a regular “customer” account to an admin user.

After presenting “Doing Recon Like a Boss” at levelUp and releasing a blog post on HackerOne about the same topic, I decided to start looking for a few vulnerabilities on public programs to see if that methodology is still applicable to public programs. As a part of this I decided to look at Slack and Snapchat’s bug bounty programs and preforming my recon exactly as described in the talk.