MonkeHacks #36

This week I was in Vienna to visit a friend. I’ve been here a few times and it’s always a great experience. They have their own cappucino-like coffee called a melange. The city has a rich history and great museums, so it’s one of my favourite places to visit.

Following that, I flew to the Netherlands, the last stop of my trip. I’m here for another 2-3 days, before I fly back to Scotland. I have no travel planned for November and December except for a brief stint back to Ireland to congratulate my friends on graduating from university.

On the bug bounty side, I’ve been reworking some code as I’ve not been in the mood to hack. More on that further down this issue. I’ve also started taking part in the Bugcrowd Hacker Cup - a team-based event open to the public (though the entry deadline is closed) in which hackers hack on public programs.

Weekly Ideas / Notes 

• I’ve been contemplating various codebase reworks:

  • For example, currently I bake the binaries I need into my Docker images as they’re lightweight. The alternative approach to this is that I push them to an artifact repository instead and pull them in dynamically when I’m spinning up the container. From a practical standpoint this is probably more flexible and better, but it’s not necessary at the scale I’m currently running things at.

  • These types of decisions have an enormous impact on the efficiency of the system you’re building. Sometimes, small changes can make it magnitudes faster.

  • I highly recommend that anyone who hasn’t tried building an automation system before should do so. It’s a great learning experience and the skillset is invaluable.

• I’m taking part in the Bugcrowd Hacker Cup with Kaz and Mikey96. We’re off to a good start - so here’s hoping that this momentum continues. Unfortunately I had a few findings this week marked informative when they really shouldn’t have been. That’s been a big hit to my motivation, but I’ll bounce back soon enough. This is all part of the process.

• I appeared for like, a split second in Nahamsec’s video on H1-0131. Hehehe.

• I’m going to publish a blog post in the next week detailing the lifestyle of travelling and hacking, from my perspective.

• I’ve also been contemplating a return to working at a company. It’s not that I don’t enjoy full-time bug bounty, or that I’m not making enough - I love the freedom, and I’m finding more than enough bugs - but I feel that I need more experience in the industry to eventually fulfil my long-term goal of running my own company. As such, I applied to an unnamed company (someone I know is working there) and I’m waiting for a response now.

  • Naturally Simian Security is still where the bounties are flowing into, and where I take on occasional work in pentesting and such, and it’s there as a business entity if I decide to pivot it slightly and build a platform under the name. So that doesn’t change at all.

  • I’m pretty happy with the way things are right now, so I’m not too worried about what’ll happen if this doesn’t pan out :)

  • If you’re interested in hiring me, then feel free to reach out at [email protected]. I’m looking at Senior or higher positions.

Resources

• Blaklis’s Defcon Talk: This is a wealth of experience and information. Amazing talk.