At DEFCON 23 this year we interviewed a few members of the Bugcrowd Researcher community, getting their impressions of DEFCON and gathering some tips & tricks for bug bounty hunters.
On the Saturday of DEFCON I had a chance to catch up with Mathias “avlidienbrunn” Karlsson and we chatted about his approach to bug hunting.
Mathias also joined the Bugcrowd Forum for an AMA interview with the community. His AMA gives tips and suggestions for researchers that are just getting started, includes his strategy for evading duplicates and maximizing payouts, and how he approaches a target.
Here’s a small excerpt of the AMA interview, but go to the forum for the full interview text.
Q: How do you keep up your skills?
Randomly fiddle around with stuff. Sometimes I find myself just trying to understand something new that I use myself or that I think is cool. Learn how it works and then try to break it. Maybe that’s a cliché but I don’t know how to explain this part otherwise. I feel like its a significant part of my training so I need to include it.
Interview with Scott Robinson:
While at DEFCON we also got the chance to chat with Scott Robinson and his friend Rob. Scott’s a student at MIT and currently an intern at Twitter on their security team.
Thank you to the many researchers who stopped by the Bugcrowd Ops AMA Lounge at DEFCON this year, we had a blast meeting you all. We’re already looking forward to next year!