Humans are wired to consume, process, and act on large amounts of information. Every day – often without knowing – we take cues and signals from our environment, recall our past experiences, mix it all together, and make decisions.
As bug bounty hunters we are often faced with many decisions, such as “where do I look next?”, “where do I start”, “how can I maximize impact”, “how can I escalate this finding”, and “how do I understand what this means”.
A well-tuned decision making process is essential to maximizing impact and ensuring success while hunting bugs.
This talk draws on my experience in various emergency service roles – where the outcome of decisions are critical and thinking several steps ahead is required, mixes it with walkthroughs of the decision-making process I have followed when finding high-paying bugs, adds in a bit of psychology*, and details focus areas that will assist bug bounty hunters in being able to make better decisions.
Attendees will not only get walkthroughs of hard-hitting bugs, but also learn the basics of a decision making model that will hopefully lead them to bigger scopes and larger rewards.
Rhys Elsmore(@rhyselsmore) is a deputized internet mall cop who has a passion for breaking computers in weird and wonderful ways. By day he helps secure a large blue cloud, and by night he hunts bugs in other people’s clouds.
Outside of the internet he likes to overdo it at CrossFit (People who do CrossFit are legally required to tell you that they do CrossFit), gets his butt kicked at Brazilian Jiu-Jitsu, cooks new and exciting food, looks after two Australian Shepherds, and serves his community as a Retained Firefighter with Fire + Rescue NSW.
Get Started with Bugcrowd
Every minute that goes by, your unknown vulnerabilities leave you more exposed to cyber attacks.