Playback speed
undefinedx
Share post
Share post at current time
0:00
/
0:00
2

A Peek Behind the Hacker Curtain - Douglas Day (Top Grossing Hacker, HackerOne & Sr Security Eng, Elastic)

Shomik Ghosh
Apr 02, 2024
2
Share
Transcript

No transcript...

We hear about hackers all the time but very rarely get a glimpse into the world of what they actually do when exploiting applications. Douglas Day is a top grossing hacker on the HackerOne platform and a Senior Security Engineer at Elastic. In this episode, we dive into all things bug bounties and ethical hacking. How does Douglas find entry points, differences between defensive and offensive security, and escalating user permissions to find deep vulnerabilities are all covered. We also talk about common attack patterns for Douglas and other hackers and why WAFs are more annoying then useful.

Where to Find Douglas:

·       Twitter: https://twitter.com/ArchAngelDDay

·       LinkedIn: https://www.linkedin.com/in/douglas-day-39baa8108/

Where to Find Shomik:

·       Twitter: https://twitter.com/shomikghosh21

·       LinkedIn: https://www.linkedin.com/in/shomik-ghosh-a5a71319/

·       Podcast: Apple Podcasts, Spotify, YouTube.

In this episode, we cover:

(00:40) – Douglas’ Journey into Ethical Hacking

(05:11) – Winning Most Value Hacker at HackerOne Event

(08:03) – Bug Bounties vs Pen-testing

(11:08) – Utilizing Hacking Exploits for Defensive Security

(12:34) – Proliferation of Open Source Attacking Tools

(14:44) – Flipping from Offensive to Defensive Security

(15:27) – Working with a Team of Hackers

(18:02) – Finding a Vulnerable Entry Point to an Application

(21:16) – Utilizing User Permissions to Hack an App

(25:48) – How Does Multi-Factor Auth Help Be More Secure

(27:45) – Leveraging an Entry Point into Escalations

(29:20) – Phishing As An Attack Vector (Red Teaming vs Bug Bounties)

(31:15) – A Hacker’s Spidey Sense for Common Vulnerabilities

(34:15) – Random Number Generators for Security

(36:07) – APIs as an Attack Vector

(37:32) – Why Exposed Secrets are a Common Entry Point

(41:20) – Why Web Application Firewalls are Not That Effective for Stopping Hackers

(43:30) – How Hackers are Using LLMs in Their Attack Workflows

(45:48) – Utilizing AI Agents in Hacking

(46:30) – Why Ethical Hackers are Assets to Security Teams

(50:30) – Wrap Up

How to Subscribe:

Available on Apple Podcasts, Spotify, YouTube.

2 Comments
Software Snack Bites
Software Snack Bites
A podcast series exploring all things enterprise software. We'll interview experts from all areas of company building, the enterprise buyer perspective, investors viewpoints and deep dive into specific technology trends.
Listen on
Substack App
RSS Feed
Appears in episode
Shomik Ghosh
Recent Episodes
Enterprise Tech Behind Digital Banking - James Barney (Director Cloud Platform Eng, Ally Financial)
 • Shomik Ghosh
Nvidia, Groq, HBM & What's Ahead for Semis (Doug O'Laughlin, Founder of Fabricated Knowledge)
 • Shomik Ghosh
Scaling Product & Operational Excellence - Charles Zedlewski (COO, Temporal & GM, Cloudera)
 • Shomik Ghosh
AI Agent-Assisted Flow Engineering - Itamar Friedman (CEO, CodiumAI)
 • Shomik Ghosh
State of Developer Tooling - Redmonk (James Governor & Kate Holterhoff)
 • Shomik Ghosh
Time Management for Knowledge Workers - Matt Martin (CEO, Clockwise)
 • Shomik Ghosh
Health 101 for Entrepreneurs - Ben Canning (Founder, We Hack Health)
 • Shomik Ghosh