YESWEHACK PROPHILE ON EBODA

1
2
3┌▄──────────────────────────────────────────────────────────────────────▄┐
4├■▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄■[ YESWEHACK PROPHILE ON EBODA ]■▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄■┤
5├■──────────────────────────────────────────────────────────────────────■┤
6├■▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀■┤
7└▀──────────────────────────────────────────────────────────────────────▀┘
8Wed, 11 Dec 2019 12:04:26 +0100 (CET)
9╔══════════════════════════════════ WHOIS ═══════════════════════════════╗
10║              Handle: eboda                                             ║
11║       Handle origin: first name + last name (i'm very creative :>)     ║
12║                       or maybe: 'adobe'[::-1], who knows...            ║
13║    Age of your body: 29                                                ║
14║         Produced in: Germany                                           ║
15║                Urlz: https://bugscale.ch / @eboda_                     ║
16║           Computers: Just got the new Thinkpad X1 extreme              ║
17║                      (I am part of the cult worshipping                ║
18║                       the Thinkpad nipple)                             ║
19║         Superpowers: I can fly                                         ║
20║  Life in a sentence: Eat Sleep Pwn Repeat (höhö)                       ║
21╚════════════════════════════════════════════════════════════════════════╝
22
23QUOTES
24╔════════════════════════════════════════════════════════════════════════╗
25║ Any man who must say "I am king" is no true king at all                ║
26╚════════════════════════════════════════════════════════════════════════╝
27
28ARMORY
29╔════════════════════════════════════════════════════════════════════════╗
30║ Mostly just Burp                                                       ║
31║  I do not do any automated testing or crazy recon, so I don't use many ║
32║ other specific tools.                                                  ║
33╚════════════════════════════════════════════════════════════════════════╝
34
35▀▄█▓▒░ Hello, what's your background?:
36│  ───────────────────────────────────────────────────────────────────
37└─  Hi! Professionally I was working as a pentester in Switzerland
38    before starting to do bug hunting and research full-time.
39    Less professionally, I used to play a lot of CTFs with my team Eat
40    Sleep Pwn Repeat.
41
42
43▀▄█▓▒░ How did you come to Bug Bounty ?
44│  ───────────────────────────────────────────────────────────────────
45└─  I did a bit of bug bounty hunting on and off a few years back.
46    This year I quit my pentesting job and decided to pursue bug hunting
47    as a full-time career. Now that it's up to me to choose targets to
48    work on, I can spend all my time doing cool research on targets
49    I personally am interested in or that use some cool tech :)
50
51
52▀▄█▓▒░ You have practiced others BB platforms, what are the Pro & Cons,
53│  with your experience on those platforms? / What are your
54│  expectations?
55│  ───────────────────────────────────────────────────────────────────
56└─  I am active on multiple platforms because it allows me to reach
57    more targets. When it comes to choosing a program to work on I am
58    quite nit-picky, so the more choice the better!
59
60    Some things I'm looking for in a program:
61    - Great payout (obviously, who are we kidding...)
62    - Well defined scope. I don't like recon at all, so I prefer
63    to be given a small list of applications to pwn
64    - Does it have source code available? HUGE plus
65    - Responsive and fair team. Can't really know that before your
66    first reports
67
68    My expectations to programs are pretty straight-forward. I took the
69    time and effort to test your application and (hopefully) report a
70    bug, in return I expect fair treatment according to the rules you
71    have published :)
72
73    Fool me once shame on you, fool me twice shame on me. If you try
74    to pull some tricks I will just move on to another target.
75
76    As to BB platforms themselves, it is very important for me that the
77    communication is efficient. It's just so much more pleasant to report
78    bugs when you have professional triagers who understand what you
79    are talking about and can intervene if you face problems with
80    programs.
81
82
83▀▄█▓▒░  Appart from Bug Bounty you seem to collaborate on a lot of hacker
84|   events, what is your feeling on how the community is evolving?
85│  ───────────────────────────────────────────────────────────────────
86└─  Recently, together with some friends we have created a company
87    called Bugscale to participate in bug bounties and do security
88    research in general. It allows us to collaborate on our work
89    efficiently, since we all chill in the same office.
90
91    In Switzerland the BB community is still in its infancy, as there is
92    not many BB programs and you can probably count the hunters living
93    from it on one hand. As far as we know, we are the first company
94    in Switzerland to actually make a living off of Bug Bounties.
95
96    This year has seen enormous change for us though. Not only did
97    YesWeHack create a subsidiary in Switzerland, but additionally BB
98    programs are becoming more mainstream with conferences dedicating
99    their theme to BB (see Swiss Cyber Storm for example)
100    and Swiss companies actively trying to launch their BB programs.
101
102    The future is definitely bright for us and especially in Switzerland
103    the community will evolve immensely in the upcoming years!
104
105
106▀▄█▓▒░  What was your first computer?
107│  ───────────────────────────────────────────────────────────────────
108└─  My first computer was mostly used to play CS1.6 and Warcraft 3 :D
109    Didn't do much hacking back then...
110
111
112▀▄█▓▒░  Do you remember your first successful exploitation?
113│  ───────────────────────────────────────────────────────────────────
114└─  Not really to be honest... I guess it wasn't worth remembering :D
115    When I was younger I was very much into something I would describe
116    SQL injection "competitions". Basically, someone would post a
117    website with a SQLi vuln and a WAF and the challenge was to dump
118    all table names with a single query for example. You would end up
119    with these huge SQL queries that bypass the WAF, concat results
120    into variables and then dump those. It was kind of the thing that
121    got me interested in security in the first place (that and CTFs).
122
123
124▀▄█▓▒░  What keeps you going / What turns you down?
125│  ───────────────────────────────────────────────────────────────────
126└─  The thrill of finding a cool vuln and writing an exploit for it.
127
128    Doing things I don't enjoy turns me down (who would have thought :D).
129    In the BB context this might include things like recon or writing
130    reports :>>
131
132
133▀▄█▓▒░  Is there a life AFK?
134│  ───────────────────────────────────────────────────────────────────
135└─  No of course not! jk... I have relocated to beautiful Switzerland
136    some time ago, so there is no shortage of AFK life outside in
137    the mountains.
138    Depending on the season, I like to hike, ski or fly with my
139    paraglider :)
140    Also I'm into CS:GO, but that's technically not AFK I guess :D
141
142
143▀▄█▓▒░  What is the future?
144│  ───────────────────────────────────────────────────────────────────
145└─  In Europe and Switzerland specifically I think we will see a sharp
146    increase in companies adopting bug bounty programs. With YesWeHack
147    being in Switzerland itself now, it will make it easier for
148    companies to overcome initial hesitation or uncertainty regarding
149    bug bounties.
150
151    In any case, there will always be bugs, so in one way or another
152    we will be able to keep busy ;)
153
154
155--------[ EOF
156
157