This week we’re putting the Spotlight on Justin Gardner, a Bugcrowd Ambassador in Richmond, Virginia.
Feel free to follow Justin on Twitter @Rhynorater
Justin was around 12 years old when he first started learning about computers and how to bypass parental controls. By the age of 14, programming to hack had become an interest and he started teaching himself how to code Python, Java, and C++. Justin found that learning to program helped him understand how applications were built, which, in turn, helped in exploiting their weaknesses. However, he didn’t feel that he had a safe environment to practice these skills and ended up taking a break at the risk of performing potentially illegal activity.
Years later while in college, Justin’s passion caught up with him. He formed a security club and met others who would test in safe environments, including another one of our Bugcrowd ambassadors, Tommy DeVoss. Tommy showed Justin more about the hacking space along with bug bounty hunting, emphasizing it as a way to build up his portfolio when applying for jobs.
Taking Tommy’s advice, by the age of 21 years old, Justin was hired as a penetration tester thanks, in part, to his bug bounty experience. He even received inbound interest just by adding his bug bounty experience to his LinkedIn profile.
Justin has now been hacking for about 10 years and has one year as a pentester under his belt. He also builds tools on the side to assist with bug bounty hunting.
Check out our full Q&A with Justin here:
How did you get into Cybersecurity?
- “I started in security when I was quite young – I was interested in becoming a hacker. I would read and contribute to forums about hacking and python programming. From there, I started to create my own custom malware. After switching my focus to programming for several years, I started hacking again when I was in college. That was when I met Tommy DeVoss (dawgyg). He came to the Cyber Security club that I started and told us about bug bounties. From there, I read everything I could and started making friends in the community. My background in programming helped me to develop useful tools and automation flows to help me discover bugs.”
How do you manage your personal life, work, and bug bounties?
- “While I have a strong passion for both my work as a Penetration Tester and bug bounty, my personal life is where I put my priority. I was married in 2017 to my wonderful wife, Mariah, who will often attend hacking events and conferences with me despite not working in a technical field. Mariah and I are both Christians and find our joy and fulfillment in Jesus.
On a more practical note – I balance my work/bug bounty life with my personal life by scheduling certain times each week to hack. During these times, Mariah is normally hanging out with friends or pursuing her personal interests (she is a great artist and loves to play League of Legends). If work/bug bounty and time with my wife or friends ever conflict, I try to always side with the friends or family.”
What are a few of your favorite hacking/security tools? Why should others use those?
- “Literally anything by TomNomNom (waybackurls, unfurl, gron, meg, concurl, ect.)
GoBuster (fastest directory bruteforcer that I know of)
MassScan (fastest port scanner that I know of)
MassDns (fastest subdomain bruteforcer that I know of)
SubFinder
Amass
goAltDns (fastest permutation scanner that I know of)
gowitness/eyewitness/aquatone
gitrob
Burp Suite (Obviously)
The reason why I recommend these tools are because they are very fast, or do the job the best (Amass/Subfinder/*witness).
I would also recommend using something like Jobert’s recon.sh to monitor your recon over time. I’ve got a custom solution for this that I will likely release someday once I clean up the code – but you should do whatever works for you. Just make sure you’re saving your data in some sort of searchable format for when you need to resurface something.”
What is a quick hacking tip or technique that you recommend?
- “Travis-CI repos leak a lot of stuff. However, the logs are super long. I’ve got a tool I’ll be releasing shortly to help others audit them, but in the meantime search the top 10 or so build logs for each repo to see if any gems are leaked.
Also – for the love of everything good – escalate your bugs. If you find an XSS write an exploit for it that steals personal information or escalate it to account takeover by changing a user’s email or password, stealing an API key, or adding another user to an organization. This simple practice can bring P3 bugs to P2 or even P1 bugs.
If you don’t want to run the risk of getting duped while you are writing your exploit then write the report and in the report tell them you will write an exploit to steal information or escalate the bug. Then, come back later and comment to give your exploit. The simple format for writing an exploit for an XSS is this:
1. (Optional) Load an external script so the payload isn’t messy
2. Find a page with a sensitive action
3. Iframe that page using the XSS
4. Since you are on the same domain, you can access the DOM of the iframe. Use JavaScript to insert values into fields (ie, set new password and confirm password)
5. Use JavaScript to click the submit button.
Here is a gist with a basic template for this kind of escalation: https://gist.github.com/Rhynorater/dfff0569e66cf068493b57ed34051113 ”
What advice would you give to someone who is starting out as a beginner in bug bounties?
- “I would recommend reading Pete Yaworski’s “Web Hacking 101” book, read/watch everything from Bugcrowd University, and watch the talks from all of the LevelUp conferences. “
How have bug bounties impacted your life?
- “Bug bounties have impacted my life by giving me a passion for hacking that I never had before. There is something amazing about hacking with some friends, then being thanked profusely by companies, then being paid thousands of dollars. It’s amazing. It has enabled me to start my life with no debt, as well as invest in retirement with maximum compound interest potential. Starting your life with an extra 100K really sets you up for a positive financial future. Also, bug bounty allowed me to land my first full-time job as a Penetration Tester right out of college. This would have been a very difficult feat otherwise.”
What do you like to do in your free time, when you’re not doing bug bounties or working?
- “I love to hang out with Mariah, play League of Legends, play volleyball, workout, hang out with family, play board games (particularly Dominion), help my friends with business ventures, brainstorm entrepreneurial strategies, teach cybersecurity and programming, clean, and work on cars and houses.”
Thank you so much to Justin Gardner for his time and for his great contributions to the bug bounty community!
Interested in becoming an ambassador? Apply to become a Bugcrowd Ambassador today! If you have any questions, please Twitter direct message @ChloeMessdaghi
