Critical Thinking - Bug Bounty Podcast

Episode 30: Recon Legend Shubs - From Burgers to Bounties

Aug 3, 2023

Renowned bug bounty hunter Shubs shares his journey from burgers to bugs and his love of collaboration. The podcast covers topics such as the art of debugging, ethics and economics of bug bounty hunting, the transition to Entrepreneur, and the evolution of Assetnote from a reconnaissance tool to enterprise security software suite.

01:19:25

Creator website

Episode guests

Shubs

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

Bug bounty hunters employ strategic reporting decisions to optimize earnings, considering factors like ethics, relationships, and security improvement.

Transferrable skills from bug bounty hunting to entrepreneurship include the ability to navigate diverse responsibilities and tackle different challenges.

Deep dives

Bug bounty economics and reporting

Bug bounty hunters face strategic decisions around reporting multiple vulnerabilities and optimizing their earnings. Options include reporting all vulnerabilities together, reporting one by one, or waiting to report vulnerabilities until after earlier ones have been patched. The approach depends on the bug hunter's goals, ethics, and relationship with the program. Reporting a vulnerability as a zero-day may result in less payment, so some bug hunters omit that information from their reports. The bug bounty economics are complex and involve considerations of relationships, ethics, and security improvement.

Introduction

5min

Bug Bounty Programs and the Importance of Deep Dives

22min

Approach to Finding Vulnerabilities and Proactive Research

19min

Impact of Deep Diving into Programs on Bug Reporting

5min

The Value of a Bug and Picking the Right Co-founder

15min

Building a Continuous Reconnaissance Platform: Advice for Bug Bounty Hunters

6min

Web Server Vulnerabilities and Techniques

7min

Episode 30: In this episode of Critical Thinking - Bug Bounty Podcast, we're thrilled to be joined by renowned bug bounty hunter Shubs. We kick off with him sharing his journey from burgers to bugs, and how his friendly rivalry with a fellow hacker fueled his passion for reconnaissance, as well as his love of collaboration. We then shift gears to talk about the art of debugging, ethics and economics of bug bounty hunting, the transition to Entrepreneur, and the evolution of Assetnote from a reconnaissance tool to enterprise security software suite. This one’s a banger, and we don’t want you to miss it!

We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

------ Links ------

Follow your hosts Rhynorater & Teknogeek on twitter:

https://twitter.com/0xteknogeek

https://twitter.com/rhynorater

Today’s Guest:

@infosec_au

Intro Shoutouts

https://twitter.com/bebiksior

https://cvssadvisor.com/

Assetnote