Plucking the low hanging fruit of data and security breaches. How to be rewarded even if there's no bug bounty program
02-11, 15:00–15:45 (Europe/Amsterdam), Willem van Oranje

I call myself "The Lamest Hacker You Know". I don 't use Kali, 0days, Burp Suite or any tools besides Curl, A browser, and clients for existing software, combined with (semi) open data sources. Probably 90% of my findings are for companies that don't have a CISO an never even heard the term "Bug Bounty Program", In this talk I will give some tips on how to reach out to a company out-of-the-blue and not have them hate you.


I call myself "The Lamest Hacker You Know".
I don 't use Kali, 0days, burp suite or any tools besides Curl and some (semi) open data sources.

Probably 90% of my findings are for companies that don't even have a CISO and never even heard of a Bug Bounty Program and yet, I have been rewarded for finds that will make you go "yikes".

I never once got into trouble because of how I operate: Being radically open.

In this talk I will look back on some cases I never made public, show you how I work, the upsides and the downsides, and give some tips on how to reach out to a company out-of-the-blue and not have them hate you.


Language

English