hacking styles

I’ve been thinking a lot lately about the different types of thinking, approach, and general mentality that different hackers bring to the table.

https://twitter.com/caseyjohnellis/status/1033966527861510145

Broadly, there are two things that come into play: The level of experience, and the overall wiring of the hacker.

It’s an interesting subject in the bug bounty space because of the model… The first to find each vulnerability gets rewarded, and the reward is bigger for issues with more impact.

This little spurt of tweets lead to the inevitable question from @0ctac0der — Someone who has been in bounty hunting for a long time and who I consider to be a particularly thoughtful person:

https://twitter.com/0ctac0der/status/1033966882951376897

The question of “best” is a fascinating one… The more QA focused testers often find a larger volume of lower criticality vulnerabilities that the Impact focused don’t have time to go and find because they’re occupied with the more complex exploitation that’s often involved in higher impact vulnerabilities.

To be continued…

Casey John Ellis

Casey John Ellis

founder bugcrowd and disclose.io, keynote speaker, security strategist

comments powered by Disqus
rss facebook twitter github gitlab youtube mail spotify lastfm instagram linkedin google google-plus pinterest medium vimeo stackoverflow reddit quora quora