Using Data Science to win Bug Bounty - Mayonaise (aka Jon Colston) (Ep. 56)
ฝัง
- เผยแพร่เมื่อ 8 มิ.ย. 2024
- Episode 56: In this episode of Critical Thinking - Bug Bounty Podcast, Justin sits down with Jon Colston to discuss how his background in digital marketing and data science has influenced his hunting methodology. We dive into subjects like data sources, automation, working backwards from vulnerabilities, applying conversion funnels to bug bounty, and the Mayonaise signature 'Mother of All Bugs'
Follow us on twitter at: / ctbbpodcast
We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io
Shoutout to YTCracker for the awesome intro music!
====== Links ======
Follow your hosts Rhynorater & Teknogeek on twitter:
/ 0xteknogeek
/ rhynorater
====== Ways to Support CTBBPodcast ======
WordFence - Sign up as a researcher! ctbb.show/wf
Sign up for Caido using the referral code CTBBPODCAST for a 10% discount.
Hop on the CTBB Discord at ctbb.show/discord!
We also do Discord subs at $25, $10, $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.
Today’s Guest:
hackerone.com/mayonaise?type=...
Timestamps:
(00:00:00) Introduction
(00:12:07) Evolving Hacking Methodologies & B2B Hacking
(00:23:57) Data Science + Bug Bounty
(00:34:37) 'Lead Generation for Vulns'
(00:41:39) Ingredients and Recipes
(00:49:45) Keyword Categorization
(00:54:30) Manual Processes and Recap
(01:07:08) Data Sources
(01:19:59) Digital Marketing + Bug Bounty
(01:32:22) M.O.A.B.s
(01:41:02) Burnout Protection and Dupe Analysis - วิทยาศาสตร์และเทคโนโลยี
I've heard of the myth, man & legend--and his accomplishments, but I've never seen him interviewed. Just one of the coolest guys on the planet...and humble at the same time. Talk about "thinking outside the box"! Perfection hosting the interview and thanks for sharing it with us!
Mayonaise !
Amazing episode, I just wish Mayonaise made more tweets and content to read, lots of cool ideas but I suppose finding and reporting bugs comes first :P
nice talk
Good stuff this guy is great I spoke with him when i was a noob doing a yahoo live event Mayo U still the shit bro. Your boy wabafet
Not there yet 🤯
Hello Justin, I have one question.
I am tired about tutorial hell, and feel like I don't know enough ..
There are many tutorials about cybersecurity but I don't know how we can practice properly and learn and show the world we have build something. Because of that, we don't get to sit also job interviews ..
If you are a developer, it is easier. But for cybersecurtiy, who does not exactly know if he likes blue team or read team roles, how we can practice? CTFs can be good option, I know but except that? Bug Bounty can be another option but I am just still suck at them, and it is not motivating :)
Basically, how can we learn better? Practice is the key probably but how exactly?
TryHackMe its a very good platform to practice all cybersecurity branches: pentesting, blue team, red team, SOC... But when it comes to talk about web bug bounty, I recommend you PortSwigger academy + bug bounty to check your knowledge. Thats my hacker background and I can say its a good learning path
So fuck the scope right ? Is that how it works ?