Critical Thinking - Bug Bounty Podcast

Episode 69: Johan Carlsson - 3 Month Check-in on Full-time Bug Bounty.

May 2, 2024
Johan Carlsson, a dedicated bug bounty hunter, shares his journey transitioning to full-time bug hunting. He discusses the thrill of discovering vulnerabilities like a CSP bypass in GitHub and a critical flaw in GitLab. Johan highlights his focus on complex bug types like ReDoS and OAuth, emphasizing the unpredictability that accompanies bug hunting. He also offers insights into balancing personal life with his bug bounty career, navigating financial challenges, and the importance of community support in this unique profession.
Ask episode
AI Snips
Chapters
Transcript
Episode notes
ANECDOTE

Johan's Career Path

  • Johan Carlsson's career path took a turn from art to computer science after an 8-year break.
  • His thesis project on GitLab introduced him to bug bounty hunting.
ANECDOTE

First Bug Bounty Experience

  • Johan learned about bug bounties through an ethical hacking course where finding bugs earned extra credit.
  • He found his first bug by accident, a simple XSS, after a code change on GitLab.
ANECDOTE

GitHub CSP Bypass Collaboration

  • Sooty found an injection point in GitHub, which Johan Carlsson used to bypass a strict CSP.
  • It involved an unfiltered injection in an input field, leading to an error message rendering user input.
Get the Snipd Podcast app to discover more snips from this episode
Get the app