community
YESWEHACK PROPHILE ON EBODA
December 11, 2019
┌▄──────────────────────────────────────────────────────────────────────▄┐
├■▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄■[ YESWEHACK PROPHILE ON EBODA ]■▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄■┤
├■──────────────────────────────────────────────────────────────────────■┤
├■▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀■┤
└▀──────────────────────────────────────────────────────────────────────▀┘
Wed, 11 Dec 2019 12:04:26 +0100 (CET)
╔══════════════════════════════════ WHOIS ═══════════════════════════════╗
║ Handle: eboda ║
║ Handle origin: first name + last name (i'm very creative :>) ║
║ or maybe: 'adobe'[::-1], who knows... ║
║ Age of your body: 29 ║
║ Produced in: Germany ║
║ Urlz: https://bugscale.ch / @eboda_ ║
║ Computers: Just got the new Thinkpad X1 extreme ║
║ (I am part of the cult worshipping ║
║ the Thinkpad nipple) ║
║ Superpowers: I can fly ║
║ Life in a sentence: Eat Sleep Pwn Repeat (höhö) ║
╚════════════════════════════════════════════════════════════════════════╝
QUOTES
╔════════════════════════════════════════════════════════════════════════╗
║ Any man who must say "I am king" is no true king at all ║
╚════════════════════════════════════════════════════════════════════════╝
ARMORY
╔════════════════════════════════════════════════════════════════════════╗
║ Mostly just Burp ║
║ I do not do any automated testing or crazy recon, so I don't use many ║
║ other specific tools. ║
╚════════════════════════════════════════════════════════════════════════╝
▀▄█▓▒░ Hello, what's your background?:
│ ───────────────────────────────────────────────────────────────────
└─ Hi! Professionally I was working as a pentester in Switzerland
before starting to do bug hunting and research full-time.
Less professionally, I used to play a lot of CTFs with my team Eat
Sleep Pwn Repeat.
▀▄█▓▒░ How did you come to Bug Bounty ?
│ ───────────────────────────────────────────────────────────────────
└─ I did a bit of bug bounty hunting on and off a few years back.
This year I quit my pentesting job and decided to pursue bug hunting
as a full-time career. Now that it's up to me to choose targets to
work on, I can spend all my time doing cool research on targets
I personally am interested in or that use some cool tech :)
▀▄█▓▒░ You have practiced others BB platforms, what are the Pro & Cons,
│ with your experience on those platforms? / What are your
│ expectations?
│ ───────────────────────────────────────────────────────────────────
└─ I am active on multiple platforms because it allows me to reach
more targets. When it comes to choosing a program to work on I am
quite nit-picky, so the more choice the better!
Some things I'm looking for in a program:
- Great payout (obviously, who are we kidding...)
- Well defined scope. I don't like recon at all, so I prefer
to be given a small list of applications to pwn
- Does it have source code available? HUGE plus
- Responsive and fair team. Can't really know that before your
first reports
My expectations to programs are pretty straight-forward. I took the
time and effort to test your application and (hopefully) report a
bug, in return I expect fair treatment according to the rules you
have published :)
Fool me once shame on you, fool me twice shame on me. If you try
to pull some tricks I will just move on to another target.
As to BB platforms themselves, it is very important for me that the
communication is efficient. It's just so much more pleasant to report
bugs when you have professional triagers who understand what you
are talking about and can intervene if you face problems with
programs.
▀▄█▓▒░ Appart from Bug Bounty you seem to collaborate on a lot of hacker
| events, what is your feeling on how the community is evolving?
│ ───────────────────────────────────────────────────────────────────
└─ Recently, together with some friends we have created a company
called Bugscale to participate in bug bounties and do security
research in general. It allows us to collaborate on our work
efficiently, since we all chill in the same office.
In Switzerland the BB community is still in its infancy, as there is
not many BB programs and you can probably count the hunters living
from it on one hand. As far as we know, we are the first company
in Switzerland to actually make a living off of Bug Bounties.
This year has seen enormous change for us though. Not only did
YesWeHack create a subsidiary in Switzerland, but additionally BB
programs are becoming more mainstream with conferences dedicating
their theme to BB (see Swiss Cyber Storm for example)
and Swiss companies actively trying to launch their BB programs.
The future is definitely bright for us and especially in Switzerland
the community will evolve immensely in the upcoming years!
▀▄█▓▒░ What was your first computer?
│ ───────────────────────────────────────────────────────────────────
└─ My first computer was mostly used to play CS1.6 and Warcraft 3 :D
Didn't do much hacking back then...
▀▄█▓▒░ Do you remember your first successful exploitation?
│ ───────────────────────────────────────────────────────────────────
└─ Not really to be honest... I guess it wasn't worth remembering :D
When I was younger I was very much into something I would describe
SQL injection "competitions". Basically, someone would post a
website with a SQLi vuln and a WAF and the challenge was to dump
all table names with a single query for example. You would end up
with these huge SQL queries that bypass the WAF, concat results
into variables and then dump those. It was kind of the thing that
got me interested in security in the first place (that and CTFs).
▀▄█▓▒░ What keeps you going / What turns you down?
│ ───────────────────────────────────────────────────────────────────
└─ The thrill of finding a cool vuln and writing an exploit for it.
Doing things I don't enjoy turns me down (who would have thought :D).
In the BB context this might include things like recon or writing
reports :>>
▀▄█▓▒░ Is there a life AFK?
│ ───────────────────────────────────────────────────────────────────
└─ No of course not! jk... I have relocated to beautiful Switzerland
some time ago, so there is no shortage of AFK life outside in
the mountains.
Depending on the season, I like to hike, ski or fly with my
paraglider :)
Also I'm into CS:GO, but that's technically not AFK I guess :D
▀▄█▓▒░ What is the future?
│ ───────────────────────────────────────────────────────────────────
└─ In Europe and Switzerland specifically I think we will see a sharp
increase in companies adopting bug bounty programs. With YesWeHack
being in Switzerland itself now, it will make it easier for
companies to overcome initial hesitation or uncertainty regarding
bug bounties.
In any case, there will always be bugs, so in one way or another
we will be able to keep busy ;)
--------[ EOF