A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


How to hack all the bug bounty things automagically & reap the rewards (profit)! - Mike Baker SecureWV 2016 (Hacking Illustrated Series InfoSec Tutorial Videos)

How to hack all the bug bounty things automagically & reap the rewards (profit)!
Mike Baker
SecureWV 2016

This talk will cover how I replicated a Shodan-like functionality to make a targeted, automated active-scanning and data-replicating system that seeks out and replicates open Mongo instances, Redis instances, and Apache / $webserver open indexes amongst other things. These findings are used in bug bounty submissions, all automated, and often collected while I sleep! Time-permitting, I'll also cover some of the most memorable results both in findings and in rewards for the findings.

Mike is the Founder & Lead Researcher for BHaFSec, LLC. in Ann Arbor, and also contributes to buffing up the AppSec program at Arbor Networks. He's been involved in the infosec arena since the late 90's, and has been recognized by organizations ranging from Google, AT&T, MIT, NASA/JPL, and many others.

Back to SecureWV 2016 video list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2016, IronGeek
Louisville / Kentuckiana Information Security Enthusiast