Sep 2023
1h 25m
Episode 35: In this episode of Critical Thinking - Bug Bounty Podcast, we're thrilled to welcome Douglas Day, a bug bounty hunter known for his unique methodologies and collaborative spirit. We talk about his approach to finding new endpoints in applications, his ingenious technique of exploiting Intercom widgets, and collaboration preferences and tips at LHEs. We also touch on the struggle of justifying hobbies that don't generate income and the importance of finding enjoyment in the process.We hope you enjoy this episode as much as we did!
Follow us on twitter at: @ctbbpodcast
We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io
Shoutout to YTCracker for the awesome intro music!
------ Links ------
Follow your hosts Rhynorater & Teknogeek on twitter:
https://twitter.com/0xteknogeek
https://twitter.com/rhynorater
Today’s Guest:
https://twitter.com/ArchAngelDDay
https://hackerone.com/the_arch_angel
https://bugcrowd.com/arch_angel
100 Short Bug Bounty Rules
https://twitter.com/ArchAngelDDay/status/1661924038875435008
Blog about Intercom
https://dday.us/2021/11/03/h1vendorATO.html
Blog about Mapping Hacking
http://dday.us/2021/10/09/Mapyourhacking.html
Timestamps: (00:00:00) Introduction
(00:03:01) Douglas Day’s infosec and LHE intro
(00:10:42) Evolution and philosophy of collaboration
(00:23:08) Balancing Collaboration and Money
(00:29:43) Recap of 100 Short Bug Bounty Rules
(00:37:15) Bug-hunting Methodology
(00:45:45) Using match and replace to find new endpoints in bug hunting
(00:49:07) Exploiting Intercom widgets
(00:52:35) Facing Failure and enjoying the journey
(00:57:00) Managing work-life balance
(01:05:55) Auth-Z testing and documentation
(01:12:25) Vulnerabilities in applications
(01:17:05) Mapping Hacking Sessions