Episode 15: The Israeli Million-Dollar Hacker

Critical Thinking - Bug Bounty Podcast - A podcast by Justin Gardner (Rhynorater) & Joel Margolis (teknogeek) - Thursdays

Categories:

Episode 15: In this episode of Critical Thinking - Bug Bounty Podcast we talk with the latest Million-Dollar bug bounty hunter: @naglinagli . He talks about his climb from $1,000 in bounties to $1,000,000, recon tips and tricks, and some bug reports that made the news and landed him the "Best Bug" award at a H1 Live Hacking event.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: [email protected] to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynoraterFollow Nagli and his new startup Shockwave:https://twitter.com/naglinaglihttps://twitter.com/shockwave_secHackMD Collaborative Notes:https://hackmd.io/Ian Carroll's Airline Miles Website:https://seats.aeroNagli's Tweet in ChatGPT Web Cache Deception:https://twitter.com/naglinagli/status/1639343866313601024Timestamps:(00:00:00) Intro(00:04:40) Nagli’s Climb(00:05:40) What kind of vulns do you look for?(00:09:25) Working with other hackers(00:10:20) Bug Bounty Hunter’s Guild(00:12:35) Shockwave product(00:14:12) Outsourcing tool development(00:18:46) What got you started?(00:21:13) Manual hacking vs recon suite + LHE focus(00:25:00) How do you take notes(00:29:42) Biggest things that you’ve learned over the past 2 years(00:31:29) How do you ingest new techniques?(00:31:50) Collaboration(00:37:20) Justin Ranting about “Trained Eyes”(00:40:18) Time spent coding vs hacking(00:45:28) Travel and spending habits(00:54:16) Grep is Nagli’s database(00:56:20) Nagli’s ChatGPT Web Cache Deception(00:58:44) What does your alerting look like?(01:01:50) Nagli’s “Most Critical” SSRF(01:04:30) Burp Active Scan