Critical Thinking - Bug Bounty Podcast

Episode 56: Using Data Science to win Bug Bounty - Mayonaise (aka Jon Colston)

Feb 1, 2024

Jon Colston, a digital marketing and data science expert, discusses his use of data science in bug bounty hunting. They explore topics like data sources, automation, working backwards from vulnerabilities, and applying conversion funnels to bug bounty. They also mention the 'Mother of All Bugs' signature.

01:47:40

Creator website

Episode guests

Jon Colston

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

Using data science is crucial in bug bounty hunting for measuring and optimizing performance.

Categorizing words and grouping them into ingredients and recipes aids in content discovery.

Measuring performance through hit rates and manual investigation helps optimize word lists and discover insights.

Automating data collection through scripts and wrappers, and analyzing the data, is essential for finding patterns and insights.

Deep dives

Data Science Approach to Bug Bounty

The speaker emphasizes the importance of using data science in bug bounty hunting. They explain that measuring and optimizing performance is crucial in bug bounty. They describe wrapping tools with scripts to collect data and log results in flat files. They highlight the significance of categorizing words and grouping them into ingredients and recipes. Manual investigation and questioning are mentioned as important aspects of the process. They also discuss the implementation of automation and the use of data sources like SecOps, XML link finder, and crawling to gather data for analysis.

Introduction

2min

Introduction and Origin of Handle Name

2min

The Importance of Organization and Data-Driven Approaches in Bug Bounty Hunting

23min

Analyzing Hit Rates and Performance

26min

Using Data Science for Bug Bounty

13min

Using Data Science for Bug Bounties: Coding Perspective and Data Sources

3min

Cost of querying API, advantages of data service, and trade-offs between recon and diving deep

2min

Automating Bug Bounty Hunting

21min

Exploring the Concept of Moabs and Finding Vulnerabilities

4min

10.

Automating Bug Bounty Reporting and Using Data Science Methodology

9min

11.

Competition, Appreciation, and Closing Remarks

2min

Episode 56: Using Data Science to win Bug Bounty - Mayonaise (aka Jon Colston)

Episode 56: In this episode of Critical Thinking - Bug Bounty Podcast, Justin sits down with Jon Colston to discuss how his background in digital marketing and data science has influenced his hunting methodology. We dive into subjects like data sources, automation, working backwards from vulnerabilities, applying conversion funnels to bug bounty, and the mayonaise signature 'Mother of All Bugs'

We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

------ Links ------

Follow your hosts Rhynorater & Teknogeek on twitter:

https://twitter.com/0xteknogeek

https://twitter.com/rhynorater

------ Ways to Support CTBBPodcast ------

WordFence - Sign up as a researcher! https://ctbb.show/wf

Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

Today’s Guest:

https://hackerone.com/mayonaise?type=user

Timestamps:

(00:00:00) Introduction

(00:12:07) Evolving Hacking Methodologies & B2B Hacking

(00:23:57) Data Science + Bug Bounty

(00:34:37) 'Lead Generation for Vulns'

(00:41:39) Ingredients and Recipes

(00:49:45) Keyword Categorization

(00:54:30) Manual Processes and Recap

(01:07:08) Data Sources

(01:19:59) Digital Marketing + Bug Bounty

(01:32:22) M.O.A.B.s

(01:41:02) Burnout Protection and Dupe Analysis

Remember Everything You Learn from Podcasts

Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.

Critical Thinking - Bug Bounty Podcast

Episode 56: Using Data Science to win Bug Bounty - Mayonaise (aka Jon Colston)

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Data Science Approach to Bug Bounty

Content Discovery

Measuring Performance and Manual Processes

Automating Data Collection and Analyzing Results

Identifying systemic vulnerabilities

Challenges of duplicate findings

Dealing with burnout in bug hunting

Remember Everything You Learn from Podcasts