The Bug Hunter's Methodology - Application Analysis | Jason Haddix
Рет қаралды 81,901
Жыл бұрынJason is the Head of Security for a leading videogame company. Previously he was VP of Trust and Security at Bugcrowd and currently holds the 29th all-time ranked researcher position. Before that, Jason had a distinguished 10-year career as a penetration tester and was Director of Penetration Testing for HP. He is a hacker and bug hunter through and through and currently specializes in recon and web application analysis. He has also held positions doing mobile penetration testing, network/infrastructure security assessments, and static analysis. Jason lives in Colorado with his wife and three children. Jason has presented all over the world teaching ethical hacking, including speaking and keynotes at conferences such as DEFCON, BlackHat, RSA, Rootcon, NullCon, B-sides, and SANS.
This H@cktivitycon talk was given at the H1-702 Live Hacking Event in Las Vegas!
Follow Jason: / jhaddix
▼ Keep up with us ▼
◇ Twitter → / hacker0x01
◇ Twitch → / hackeronetv
◇ Instagram → hacker0x01...
@AnthonyMcqueen1987 2 ай бұрын
Unlike most top researchers out there who do nothing but flex their bounties and give cryptic generic advise or how they got those bugs to me those people add nothing to the community. But people like Haddix who doesnt show off how much he has made or flex his bounties actually explains in detail what he does. He also updates his style and methodology and its not for everyone but he does give detail to how he finds bugs and does his recon unlike most out there and i respect that. Researchers who flex their bounties offer nothing to the community Researchers like Haddix offer a lot to the community.
@auwalsalisu7889 2 ай бұрын
you said nothing but pure 100% truth, you literally spoke my mind
@AnthonyMcqueen1987 2 ай бұрын
@auwalsalisu7889 I am just sick of researchers out there who do nothing and show off their bounties. These people make the profession worse IMO and add nothing. Haddix on the other hand I respect.
@shiiswii4136 2 ай бұрын
@@AnthonyMcqueen1987look up Ryan John and ippsec, these guys are pure fundamentals and no nonsense in the videos
@madcane13 Жыл бұрын
json headache... utterly... no words can explain how brilliant he is... you rock
@rynomas4948 Жыл бұрын
He is haddix bro, not headache. 😆
@viralledshow7079 Жыл бұрын
@@rynomas4948might be auto correct error brother....!😂
@wk8173 10 ай бұрын
@@rynomas4948 grateful he didn't go for json headless💀
@SankizTime 10 ай бұрын
Lmao😂
@popo_hack Жыл бұрын
Thank you Jason for this amazing presentation, it was very fruitful with alot of knowledge. I think it's very important to know where to start testing and what are the tools that can help you doing that😀
@MdMilonHossainNil Жыл бұрын
❤❤Oh my God, this is what I've been waiting for!! It looks beautiful!!❤❤
@iqyou-gw4kd Жыл бұрын
Thank you everyone for helping the community evolve
@AlecMaly Жыл бұрын
Great presentation! Thank you for sharing your expertise!
@eyephpmyadmin6988 9 ай бұрын
Took notes on everything, every tool, all the methodology
@skysunset877 5 ай бұрын
I'm deeply grateful that you explained this specific procedure for bugbounty. As a beginner, it helped me a lot with my studies.
@goohaver 2 ай бұрын
same here. good luck homie
@emanuelepicariello 9 ай бұрын
Great video thanks, it’s time to build a proper methodology now 🕵🏽♂️
@fp1036 Ай бұрын
Thank you for your passionate sharing Sir!
@william_ade Жыл бұрын
This is brilliant !
@AmineAb Жыл бұрын
Really informative talk, but at the end he wasn’t using Notion for the note-taking part as stated, it was Obsidian.
@esamlasheen453 Жыл бұрын
hhh i see it too
@wise.wanderer.00 Жыл бұрын
Very informative talk
@Khal_Rheg0 2 ай бұрын
Thank you!
@4liraah 4 ай бұрын
Thanks for the talk! Any chance we can get a link to the slides?
@Booom1444-_- 4 ай бұрын
Slides?
@samgold9151 Жыл бұрын
Thank you
@sapienshack1711 4 ай бұрын
Jason Haddix you are awesome
@bugs-lk3jf 11 ай бұрын
Great Content , like a Boss
@william_ade Жыл бұрын
how can we get the slides ??
@actuallyclover 2 ай бұрын
I went to college with Corben! Super smart guy
@reactivicky Жыл бұрын
Nice tips.
@Ln0rag 11 ай бұрын
where to find the slides file ?
@0xfsec Жыл бұрын
Can I get the slide presentation?
@godzab Жыл бұрын
I second this!
@hamidrahamaabakar7995 6 ай бұрын
Good morning I'm very appreciate you
@esamlasheen453 Жыл бұрын
45:36 Jason It's obsidian not notion!
@thehackr7 Жыл бұрын
nyc one
@ExploitDeveloper Жыл бұрын
thats good
@anasshaikh5778 Жыл бұрын
Rustscan might not be helpful Since most of the programs have speed limitations like 10 req/s etc..
@awanakb4867 Жыл бұрын
how can i find these word lists
@AmineAb Жыл бұрын
Everthing is on the talk.. if you can’t find those wordlists, I don’t know how you will find bugs
@awanakb4867 Жыл бұрын
@@AmineAb i found them already. it just needed some attention.
@mariarahelvarnhagen2729 Жыл бұрын
The Financial Instruments Game
@TheCyberWarriorGuy Жыл бұрын
Legend :)
@shantanusharma5624 Жыл бұрын
Woah!! I'm the 1Kth liker of this video
@bountyproofs Ай бұрын
if you don't CREATE your own METHODOLOGY this is worth NOTHING for YOU
@garywilburn7384 Жыл бұрын
I'll give you a dollar if you learn to pronounce "obligatory" properly 😂
@ll-ruby..gloom-ll 5 ай бұрын
he did
@CaseyStrouse Жыл бұрын
jsnice is the best tool I've found for making sense of obfuscated js. Definitely check it out.
EZ Tech Class
Рет қаралды 4
SANS Offensive Operations
Рет қаралды 3,4 М.
Bug Bounty Reports Explained
Рет қаралды 135 М.
NahamSec
Рет қаралды 144 М.