Bug Bounty Reports Discussed

Going full-time bug bounty, privilege escalation bugs and more with Douglas Day

Aug 15, 2024

Douglas Day, a former professional turned full-time bug bounty hunter, shares his journey and innovative bug hunting methodology. He discusses the financial and personal sacrifices involved in making this transition. Listeners will be intrigued by his informal note-taking strategies and the organized approach to privilege escalation testing. Douglas also emphasizes the power of collaboration in hacking, revealing how teamwork can enhance vulnerability discovery. With insights on automation and UUID vulnerabilities, his tips are invaluable for anyone in the cybersecurity space.

01:31:16

Creator website

Episode guests

Douglas Day

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

Douglas Day transitioned to full-time bug bounty hunting after financially preparing for years, demonstrating the importance of planning before making significant career changes.

His focus on specific vulnerability types like privilege escalation highlights the need for targeted strategies in effectively identifying and resolving security risks.

Collaboration with other hackers enriches the bug bounty experience, emphasizing the value of teamwork and shared knowledge in uncovering vulnerabilities.

Deep dives

Douglas Day's Journey into Bug Bounties

Douglas Day began his bug bounty journey in October 2018 while working at New Relic, a company with a HackerOne program. Initially, he was tasked with triaging reports from external hackers and quickly became intrigued by the real-world vulnerabilities he encountered. After earning his first bounty in December 2018 for a simple rate limit bypass, he realized the potential for substantial income through bug bounties. By 2019, he matched his engineering salary purely through bounty hunting, ultimately leading him to quit his day job in July 2024 to pursue bug bounties full-time.

Intro

3min

Transitioning to Full-Time Bug Bounty Hunting

25min

Informal Note-Taking Strategies for Bug Bounty Hunting

2min

Organizing Security Testing Through Tab Management

2min

Enhancing Bug Bounty Workflows with Kaido's Features

2min

Navigating Automation in Bug Bounty Hunting

5min

Collaboration in Hacking: Strengths and Strategies

25min

UUID Vulnerabilities Uncovered

4min

Navigating Vulnerability Reporting

23min

📧 Subscribe to BBRE Premium: https://bbre.dev/premium
✉️ Sign up for the mailing list: https://bbre.dev/nl
📣 Follow me on Twitter: https://bbre.dev/tw
📣 Follow Douglas on Twitter: https://twitter.com/ArchAngelDDay
In this interview, we're talking with Douglas Day about his bug hunting methodlogy, about quitting his job to become a full-time bug bounty hunter and many more.
BBRD podcast is also available on most popular podcast platforms:
https://open.spotify.com/show/6tLoJ5foOoZPPELwrHPBO4
https://podcasts.google.com/feed/aHR0cHM6Ly93d3cuc3ByZWFrZXIuY29tL3Nob3cvNTA3Mzc4MS9lcGlzb2Rlcy9mZWVk
https://podcasts.apple.com/us/podcast/bug-bounty-reports-discussed/id1583400215?uo=4

Timestamps:
00:00 Intro
0:29 Going full-time bug bounty
9:12 Douglas' bug bounty methodology
28:13 Bug Bounty tools you need
43:04 The benefits of collaboration in bug bounty
54:23 How to deal with having a similar bug on many endpoints?
1:11:37 How to select a bug bounty program?

Get the Snipd
podcast app

Unlock the knowledge in podcasts with the podcast player of the future.

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Save any
moment

Hear something you like? Tap your headphones to save it with AI-generated key takeaways

Share
& Export

Send highlights to Twitter, WhatsApp or export them to Notion, Readwise & more

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Bug Bounty Reports Discussed

Going full-time bug bounty, privilege escalation bugs and more with Douglas Day

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Douglas Day's Journey into Bug Bounties

The Transition to Full-Time Bug Bounty Hunting

Hacking Style and Favorite Vulnerability Classes

Collaboration and Community in Bug Bounty Hunting

The Concept of Embedded Hackers

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights

Bug Bounty Reports Discussed

Going full-time bug bounty, privilege escalation bugs and more with Douglas Day

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Douglas Day's Journey into Bug Bounties

The Transition to Full-Time Bug Bounty Hunting

Hacking Style and Favorite Vulnerability Classes

Collaboration and Community in Bug Bounty Hunting

The Concept of Embedded Hackers

Get the Snipdpodcast app

AI-poweredpodcast player

Discoverhighlights

Save anymoment

Share& Export

AI-poweredpodcast player

Discoverhighlights

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights