#NahamCon2024

Reconnaissance and Asset Discovery:
[00:01:16] Discusses the importance of reconnaissance in bug bounty hunting, particularly finding assets to attack within the scope of a bounty.
Application Analysis:
[00:01:37] Covers the application analysis phase, where the application is broken down to understand it deeply and find potential attack vectors.
Exploitation:
[00:01:51] Talks about the exploitation phase, which is similar to any red team practitioner’s work, such as penetration testing.
Reporting Vulnerabilities:
[00:01:59] Explains the process of reporting vulnerabilities to the client and the importance of taking care of one’s tools.
AI Methodology:
[00:02:35] Introduces an abbreviated AI methodology necessary for setting up AI for various tasks, not just hacking.
Model Choice:
[00:03:07] Discusses the need to choose an appropriate model for AI tasks, highlighting the strengths and limitations of different models.
RAG and System Prompting:
[00:04:46] Describes the choice between using retrieval augmented generation (RAG) or system prompting to build AI helpers.
Agents:
[00:05:27] Talks about the concept of agents in AI, which are defined as small minibots that perform specific tasks.
Temperature Control:
[00:06:10] Explains the concept of temperature in AI, which controls the level of creativity of the AI bots.
Context and Prompting:
[00:06:49] Emphasizes the importance of providing context to AI bots to make them smarter and more effective.
Prompting Framework:
[00:09:11] Discusses the prompting skill and the use of a framework to improve interactions with AI models.
Building Prompts:
[00:10:31] Provides insights into building effective system prompts for AI bots to enhance their performance.
Subdomain Discovery:
[00:15:47] Introduces a bot called Subdomain Ninja, which helps in finding subdomains by building permutations.
Acquisition Research:
[00:17:19] Describes a bot designed to find acquisitions during the reconnaissance phase of bug bounty hunting.
Application Code Analysis:
[00:20:39] Talks about using AI to analyze application code and identify potential vulnerabilities.
Vulnerability Checks:
[00:33:39] Discusses how AI can be used to build quick vulnerability checks and automate parts of the bug hunting process.

Cool to hear Jason validating some of my suspicions. I tried making a “custom GPT” with a bunch of math texts & Knuth’s AoCP series uploaded into it. That seemed to make it much more effective as a learning tool for more advanced/technical topics. Its a difficult thing to quantify, but I can say that the custom model had no issue counting the ‘r’s in ‘strawberry’

I loved this talk, Ben. Thanks for having him on!

lol! I am the AI bot operating at 40%

Jhaddix is the best

thank you for the upload! :)

:)

🧘🏿‍♂️

You're dope man!

niceeee 🎉🎉🎉

Sup Bee?

Wow

Nice

jhaddix FTW!