Episode 31: Alex Chapman - The Man of Many Crits
Critical Thinking - Bug Bounty Podcast - A podcast by Justin Gardner (Rhynorater) & Joel Margolis (teknogeek) - Thursdays
Categories:
Episode 31: In this episode of Critical Thinking - Bug Bounty Podcast, we're thrilled to be joined by Alex Chapman, a seasoned InfoSec hacker and bug bounty hunter. We kick off with Alex sharing his hacking journey, from a guest lecturer that inspired him, to working on internal Red Teams, to his transition to working with HackerOne, and finally as a bug bounty hunter focusing on searching out those few, high impact bugs. We also discuss the power of collaboration, the challenges of balancing hacking with other responsibilities, and the necessity of flexibility and taking breaks in bug bounty work. Don't miss this episode where we explore the depths of bug bounty with Alex Chapman!Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: [email protected] to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynoraterToday’s Guest:https://twitter.com/ajxchapman@[email protected]://ajxchapman.github.io/https://hackerone.com/ajxchapman?type=userPerforce RCEhttps://hackerone.com/reports/1830220 https://ajxchapman.github.io/bugreports/2019/04/04/perforce-local-file-disclosure.html (00:00:00) Introduction(00:01:50) Alex Chapman's InfoSec journey and evolution(00:05:55) Real-world experience vs. chasing degrees, and the pivot into Bug Bounty(00:13:12) The benefit of programming knowledge(00:16:50) Experience in Internal Red Team and hacker mentalities.(00:23:35) Transitioning to HackerOne and full time Bug Bounty(00:33:37) Bug Bounty tips, time management, and best practices(00:41:00) The importance of note-taking and organizational tools(00:46:27) Hunting Methodologies and focusing on Critical Exploitations(01:02:37) Collaboration in the hacking community(01:06:00) Binary Exploitation and Source Code Review(01:10:59) Configuration file injections(01:17:38) Justin vs. Alex at a LHE