We’re joined by Fredrik “Almroot” Almroth, a Bugcrowd community member and highly skilled security researcher. Fredrik has been active in bug bounties since 2010, when he found his first Google vulnerability. Fredrik and his team at Detectify have found vulnerabilities in many of the top bug bounties in the world, including Google and Facebook. He’s one of the most prolific security researchers in the community and it was great to get Fredrik to share some of his tips and tricks.
When asked how he gets started with a bounty, Fredrik says:
“I always have a trick up my sleeve [laughs]. A good example was last year, we were short on cash and were going on a road trip. Me and [my friend, also a researcher] decided we needed cash for the trip and we should go for the highest paying bounties, which at that point it was Facebook and Google, and we went with Google. We found an external entity injection in Google Toolbar and made $10,000. “
Watch Fredrik’s interview to learn more about how he approaches bounties, how he chooses what to work on, what tools he uses, and what are some of his best practices and techniques when bug bounty hunting.
Please share your comments, questions or discuss the interview on the Bugcrowd Forum. We’ll be doing more of these interviews in the future, stay tuned for more!