Critical Thinking - Bug Bounty Podcast

Episode 15: The Israeli Million-Dollar Hacker

Apr 13, 2023

01:08:28

Creator website

Episode guests

Nagli

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

Automation and coding are crucial in bug hunting, helping to refine scripts and deal with large domain lists.

Collaboration with other hackers is valuable for sharing insights and improving bug detection.

Nagli discovered and reported high-impact vulnerabilities, showcasing the importance of finding bugs in AI systems and investigating callback requests thoroughly.

Deep dives

Focus on Automation and Collaboration

Nagli emphasizes the importance of automation in his bug hunting process, spending most of his time coding and refining his scripts. He mentions the challenges of maintaining and fixing the codes, as well as dealing with large domain lists when hacking. Nagli also highlights the value of collaboration, sharing insights and findings with other hackers in order to improve and find better bugs.

Introduction

6min

EC2 IP Takeovers

6min

How to Build a Community of Hackers

2min

How to Put a GUI on a Product

3min

How to Be a Successful Entrepreneur

2min

The Path to Bug Bounty

3min

How Much Time Should You Spend on Manual Hacking?

2min

How to Keep Track of Your Hacks

2min

How to Collaborate on Shockwave

2min

10.

How to Take Good Notes

2min

11.

How to Use Twitter to Find Bugs and Fix Them

3min

12.

How to Find New Bugs and Add Them to Your Automation

2min

13.

How to Collaborate With Joel on Podcasts

2min

14.

How to Collaborate Effectively

4min

15.

How Much Time Do You Spend Coding Versus Hacking, Ugly?

2min

16.

The Importance of Coding

2min

17.

How to Integrate AI Into Your Product

2min

18.

How to Live Hack on a Long Flight

2min

19.

The Cost of a Business Class Flight

2min

20.

How to Get the Super Economy's Saver Deals

2min

21.

How to Hack on United Airlines

2min

22.

The Importance of Bash in Automation

2min

23.

How to Hack a Chat GPT Account With Grep

3min

24.

How to Use Cloudflare to Accelerate Your Automation

2min

25.

SSRF: A Vuln Type Bug

4min

26.

How to Create Custom Scan Profiles

2min

27.

How to Promote Your Hacker Chat Podcast

2min

Episode 15: In this episode of Critical Thinking - Bug Bounty Podcast we talk with the latest Million-Dollar bug bounty hunter: @naglinagli . He talks about his climb from $1,000 in bounties to $1,000,000, recon tips and tricks, and some bug reports that made the news and landed him the "Best Bug" award at a H1 Live Hacking event.

We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

------ Links ------

Follow your hosts Rhynorater & Teknogeek on twitter:

https://twitter.com/0xteknogeek

https://twitter.com/rhynorater

Follow Nagli and his new startup Shockwave:

https://twitter.com/naglinagli

https://twitter.com/shockwave_sec

HackMD Collaborative Notes:

https://hackmd.io/

Ian Carroll's Airline Miles Website:

https://seats.aero

Nagli's Tweet in ChatGPT Web Cache Deception:

https://twitter.com/naglinagli/status/1639343866313601024

Timestamps:

(00:00:00) Intro

(00:04:40) Nagli’s Climb

(00:05:40) What kind of vulns do you look for?

(00:09:25) Working with other hackers

(00:10:20) Bug Bounty Hunter’s Guild

(00:12:35) Shockwave product

(00:14:12) Outsourcing tool development

(00:18:46) What got you started?

(00:21:13) Manual hacking vs recon suite + LHE focus

(00:25:00) How do you take notes

(00:29:42) Biggest things that you’ve learned over the past 2 years

(00:31:29) How do you ingest new techniques?

(00:31:50) Collaboration

(00:37:20) Justin Ranting about “Trained Eyes”

(00:40:18) Time spent coding vs hacking

(00:45:28) Travel and spending habits

(00:54:16) Grep is Nagli’s database

(00:56:20) Nagli’s ChatGPT Web Cache Deception

(00:58:44) What does your alerting look like?

(01:01:50) Nagli’s “Most Critical” SSRF

(01:04:30) Burp Active Scan

Get the Snipd
podcast app

Unlock the knowledge in podcasts with the podcast player of the future.

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Save any
moment

Hear something you like? Tap your headphones to save it with AI-generated key takeaways

Share
& Export

Send highlights to Twitter, WhatsApp or export them to Notion, Readwise & more

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Critical Thinking - Bug Bounty Podcast

Episode 15: The Israeli Million-Dollar Hacker

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Focus on Automation and Collaboration

Balancing Business and Hacking

Managing Finances and Future Goals

Discovering Web Cache Deception Vulnerability

The Significance of Collaboration and SSRF Exploitation

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights

Critical Thinking - Bug Bounty Podcast

Episode 15: The Israeli Million-Dollar Hacker

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Focus on Automation and Collaboration

Balancing Business and Hacking

Managing Finances and Future Goals

Discovering Web Cache Deception Vulnerability

The Significance of Collaboration and SSRF Exploitation

Get the Snipdpodcast app

AI-poweredpodcast player

Discoverhighlights

Save anymoment

Share& Export

AI-poweredpodcast player

Discoverhighlights

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights