How to think out of the box with @s0md3v
Posted in Articles on April 11, 2019
Posted in Articles on April 4, 2019
Hey hackers! This is another AMA on the topic of: How to think out of the box?
If you haven’t checked out the other ones, they’re at https://pentester.land/categories/articles/.
And the podcast episode that started this whole series is The Bug Hunter Podcast 4: Bypassing email filters & Thinking out of the box. While preparing it, I wanted to include advice from different bug hunters. So I asked several hackers these 3 specific questions:
@gwendallecoguic was one of the awesome hackers who responded. Here is his advice:
Some weeks ago, someone on Twitter asked what tools we use the most for hunting.
My reply was (initial answer was french but here is the english translation):
Imagination. In #bugbounty technical knowledge is not so important, you just need to do what other peoples don’t, because they didn’t think about it or because they were lazy, success guarantee.
Being honest, it’s hard for me to think out of the box because I am a developper since a very long time now so I always think like a developper, it’s in my blood. A hunter who doesn’t have any technical background will be able to think different. For me it’s hard. What I try to do is to read (technical) security resources as much as possible and I usually get new ideas from there.
For that reason, my advice will not be exactly about thinking out the box but it’s more a general point I was able to notice several times while hunting. It’s the second point of my answer about lazyness.
That’s it :)
What I wanted to add is, often you will hear something like “root is a state of mind”. For me it’s really relevant. Hunting is like every sport, 50% about skills, 50% about spirit and 10% of luck :)
If you enjoyed reading this, please consider sharing it, leaving a comment, suggestions, questions…