Here is the story of a bug I found in a private bug bounty program on Hackerone. It took me exactly 12h30 -no break- to find it, exploit and report. I was able to dump the AWS credentials, this lead me to fully compromise the account of the company: 20 buckets and 80 EC2 instances (Amazon Elastic Compute Cloud) in my hands. Besides the fact that it’s one of my best bug in my hunter career, I also learnt alot during this sprint, so let’s share!
One month ago I started to chase on a new private program. Since we were in touch by mail and since their office is pretty close to my place, I proposed to meet. They immediatly accepted. We talked for an hour, about security, my job, their program. That was so interesting, question after question, we learned alot from each other. I though it would be nice to share this experience, some people probably have some of these questions in mind, so in this article I tried to resume our interview.
As a full time bug hunter, it’s important to use the tools you are confortable with, sometimes a small improvement can change your life. During the great 3 days course presented by Nicolas Grégoire, he showed us a browser called Autochrome. Combined with a tiny Burp Suite extension, it becomes very easy to visualize the things you really want to see and reduce the noise for your eyes. In this article I will show you my current configuration.
This article is the following of the previous one (obviously…) about why I love bug bounty. However I realized that that one sounds like everything is perfect in this job, but since the world is not whole pinky full of rainbows, and butterflies, and unicorns, I have to say the truth. Long time resolution, loneliness, deception, companies, there are also bad points (or maybe I’m just frustrated to get so much duplicates these days xD).
As a user I would say that I don’t care about all these Flash stuff that try to catch my eyes, most of the time I have a plugin to disable them. As a developper, it reminds me the (not so good) old time when the marketing peoples always wanted to add “movement” in the website, yeah it looks so kool! As a hacker, well… I didn’t know how nice it could be, but I recently learned how to find issue in there and it’s funny as hell. I was close to the success as I quickly found 3 XSS, but unfortunately all my reports were marked as duplicate :/