I call myself "The Lamest Hacker You Know". I don 't use Kali, 0days, Burp Suite or any tools besides Curl, A browser, and clients for existing software, combined with (semi) open data sources. Probably 90% of my findings are for companies that don't have a CISO an never even heard the term "Bug Bounty Program", In this talk I will give some tips on how to reach out to a company out-of-the-blue and not have them hate you.
I call myself "The Lamest Hacker You Know".
I don 't use Kali, 0days, burp suite or any tools besides Curl and some (semi) open data sources.
Probably 90% of my findings are for companies that don't even have a CISO and never even heard of a Bug Bounty Program and yet, I have been rewarded for finds that will make you go "yikes".
I never once got into trouble because of how I operate: Being radically open.
In this talk I will look back on some cases I never made public, show you how I work, the upsides and the downsides, and give some tips on how to reach out to a company out-of-the-blue and not have them hate you.