The Bug Hunter's Methodology - Application Analysis | Jason Haddix
Рет қаралды 82,864
Жыл бұрынJason is the Head of Security for a leading videogame company. Previously he was VP of Trust and Security at Bugcrowd and currently holds the 29th all-time ranked researcher position. Before that, Jason had a distinguished 10-year career as a penetration tester and was Director of Penetration Testing for HP. He is a hacker and bug hunter through and through and currently specializes in recon and web application analysis. He has also held positions doing mobile penetration testing, network/infrastructure security assessments, and static analysis. Jason lives in Colorado with his wife and three children. Jason has presented all over the world teaching ethical hacking, including speaking and keynotes at conferences such as DEFCON, BlackHat, RSA, Rootcon, NullCon, B-sides, and SANS.
This H@cktivitycon talk was given at the H1-702 Live Hacking Event in Las Vegas!
Follow Jason: / jhaddix
▼ Keep up with us ▼
◇ Twitter → / hacker0x01
◇ Twitch → / hackeronetv
◇ Instagram → hacker0x01...
@AnthonyMcqueen1987 3 ай бұрын
Unlike most top researchers out there who do nothing but flex their bounties and give cryptic generic advise or how they got those bugs to me those people add nothing to the community. But people like Haddix who doesnt show off how much he has made or flex his bounties actually explains in detail what he does. He also updates his style and methodology and its not for everyone but he does give detail to how he finds bugs and does his recon unlike most out there and i respect that. Researchers who flex their bounties offer nothing to the community Researchers like Haddix offer a lot to the community.
@auwalsalisu7889 3 ай бұрын
you said nothing but pure 100% truth, you literally spoke my mind
@AnthonyMcqueen1987 3 ай бұрын
@auwalsalisu7889 I am just sick of researchers out there who do nothing and show off their bounties. These people make the profession worse IMO and add nothing. Haddix on the other hand I respect.
@shiiswii4136 2 ай бұрын
@@AnthonyMcqueen1987look up Ryan John and ippsec, these guys are pure fundamentals and no nonsense in the videos
@madcane13 Жыл бұрын
json headache... utterly... no words can explain how brilliant he is... you rock
@rynomas4948 Жыл бұрын
He is haddix bro, not headache. 😆
@viralledshow7079 Жыл бұрын
@@rynomas4948might be auto correct error brother....!😂
@wk8173 10 ай бұрын
@@rynomas4948 grateful he didn't go for json headless💀
@SankizTime 10 ай бұрын
Lmao😂
@skysunset877 5 ай бұрын
I'm deeply grateful that you explained this specific procedure for bugbounty. As a beginner, it helped me a lot with my studies.
@goohaver 2 ай бұрын
same here. good luck homie
@iqyou-gw4kd Жыл бұрын
Thank you everyone for helping the community evolve
@popo_hack Жыл бұрын
Thank you Jason for this amazing presentation, it was very fruitful with alot of knowledge. I think it's very important to know where to start testing and what are the tools that can help you doing that😀
@AlecMaly Жыл бұрын
Great presentation! Thank you for sharing your expertise!
@eyephpmyadmin6988 9 ай бұрын
Took notes on everything, every tool, all the methodology
@MdMilonHossainNil Жыл бұрын
❤❤Oh my God, this is what I've been waiting for!! It looks beautiful!!❤❤
@fp1036 Ай бұрын
Thank you for your passionate sharing Sir!
@emanuelepicariello 9 ай бұрын
Great video thanks, it’s time to build a proper methodology now 🕵🏽♂️
@william_ade Жыл бұрын
This is brilliant !
@wise.wanderer.00 Жыл бұрын
Very informative talk
@Khal_Rheg0 3 ай бұрын
Thank you!
@samgold9151 Жыл бұрын
Thank you
@AmineAb Жыл бұрын
Really informative talk, but at the end he wasn’t using Notion for the note-taking part as stated, it was Obsidian.
@esamlasheen453 Жыл бұрын
hhh i see it too
@sapienshack1711 4 ай бұрын
Jason Haddix you are awesome
@bugs-lk3jf 11 ай бұрын
Great Content , like a Boss
@william_ade Жыл бұрын
how can we get the slides ??
@reactivicky Жыл бұрын
Nice tips.
@actuallyclover 2 ай бұрын
I went to college with Corben! Super smart guy
@4liraah 5 ай бұрын
Thanks for the talk! Any chance we can get a link to the slides?
@Booom1444-_- 4 ай бұрын
Slides?
@Ln0rag 11 ай бұрын
where to find the slides file ?
@0xfsec Жыл бұрын
Can I get the slide presentation?
@godzab Жыл бұрын
I second this!
@hamidrahamaabakar7995 6 ай бұрын
Good morning I'm very appreciate you
@thehackr7 Жыл бұрын
nyc one
@TheCyberWarriorGuy Жыл бұрын
Legend :)
@ExploitDeveloper Жыл бұрын
thats good
@anasshaikh5778 Жыл бұрын
Rustscan might not be helpful Since most of the programs have speed limitations like 10 req/s etc..
@esamlasheen453 Жыл бұрын
45:36 Jason It's obsidian not notion!
@awanakb4867 Жыл бұрын
how can i find these word lists
@AmineAb Жыл бұрын
Everthing is on the talk.. if you can’t find those wordlists, I don’t know how you will find bugs
@awanakb4867 Жыл бұрын
@@AmineAb i found them already. it just needed some attention.
@mariarahelvarnhagen2729 Жыл бұрын
The Financial Instruments Game
@shantanusharma5624 Жыл бұрын
Woah!! I'm the 1Kth liker of this video
@garywilburn7384 Жыл бұрын
I'll give you a dollar if you learn to pronounce "obligatory" properly 😂
@ll-ruby..gloom-ll 5 ай бұрын
he did
@bountyproofs Ай бұрын
if you don't CREATE your own METHODOLOGY this is worth NOTHING for YOU
@CaseyStrouse Жыл бұрын
jsnice is the best tool I've found for making sense of obfuscated js. Definitely check it out.
SANS Offensive Operations
Рет қаралды 3,5 М.
BSides Ahmedabad
Рет қаралды 2,8 М.
NahamSec
Рет қаралды 62 М.
Bug Bounty Reports Explained
Рет қаралды 24 М.
Bug Bounty Reports Explained
Рет қаралды 136 М.
NahamSec
Рет қаралды 144 М.
Rozetked
Рет қаралды 497 М.