Whether he’s uncovering weirdness in Uber’s app, sharing savvy how-to’s in his blog, or working out issues for AirBnB, Geekboy is hot like fire. He’s number three on our leaderboard and his signal rank is in the 90th percentile!
We caught up with Geekboy in Goa at Nullcon and here are some of his thoughts on cool bugs, Burp Suite and Bountycraft, among other things. You can follow him on Twitter or take a gander at his info-packed blog.
What’s the coolest bug you’ve ever found (that you can talk about)?
The AirBnB one. It's a hell of a chain, you can find it here: http://www.geekboy.ninja/blog/airbnb-bug-bounty-turning-self-xss-into-good-xss-2/
Is there a hacker you admire the most?
Yeah, I love them all - Frans, Meals...
Why’d you come to Nullcon?
Just for networking and Bountycraft, I always love to meet friends from the bug bounty community.
Why do you choose to hack on HackerOne?
I started my bug bounty journey on HackerOne, and kind of stuck with the platform. HackerOne's reporting tool is one of reasons that I love to submit reports on H1.
Reputation points and the rankings keep me motivated to work actively on the platform, and it's very natural if you're doing well somewhere that you'll keep trying to continue that flow.
How do you decide what targets to hack?
I decide which targets to hack on based on response time, as well as the bounties they pay out.
What are some of the things you look for first when hunting for bugs?
I look for obvious ones first, XSS, CSRF, IDORs, then I look for more complex bugs.
How did you get started? What got you into hacking and bug bounties?
I have been in information security for a long time, but I shifted myself into bug bounties two years ago, just after I noticed my friends posting about earning bug bounties on Facebook.
Do you use Burp Suite? What do you love about it?
Burp! It's a must have tool for me or anyone, I've been using it since I started. Repeater, Intruder, History, Extenders, the ability to save your work... there are many things to love about Burp!
If you could give one piece of advice to someone just getting into hacking and bug bounty hunting, what would it be?
Since bug bounty is booming nowadays, competition between hackers is increasing. So, have some patience when you are first starting, and keep improving your recon skills. You have Internet, you have all the resources- keep reading from others' blogs and disclosed practical reports on HackerOne. Patience and better reporting is the KEY.
Over 700 companies -- and the U.S. government -- are investing in bug bounty programs. It’s easy to get started with your own bug bounty journey with HackerOne.
HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty program solutions encompass vulnerability assessment, crowdsourced testing and responsible disclosure management. Discover more about our security testing solutions or Contact Us today.