We hear about hackers all the time but very rarely get a glimpse into the world of what they actually do when exploiting applications. Douglas Day is a top grossing hacker on the HackerOne platform and a Senior Security Engineer at Elastic. In this episode, we dive into all things bug bounties and ethical hacking. How does Douglas find entry points, differences between defensive and offensive security, and escalating user permissions to find deep vulnerabilities are all covered. We also talk about common attack patterns for Douglas and other hackers and why WAFs are more annoying then useful.
Where to Find Douglas:
· Twitter: https://twitter.com/ArchAngelDDay
· LinkedIn: https://www.linkedin.com/in/douglas-day-39baa8108/
Where to Find Shomik:
· Twitter: https://twitter.com/shomikghosh21
· LinkedIn: https://www.linkedin.com/in/shomik-ghosh-a5a71319/
· Podcast: Apple Podcasts, Spotify, YouTube.
In this episode, we cover:
(00:40) – Douglas’ Journey into Ethical Hacking
(05:11) – Winning Most Value Hacker at HackerOne Event
(08:03) – Bug Bounties vs Pen-testing
(11:08) – Utilizing Hacking Exploits for Defensive Security
(12:34) – Proliferation of Open Source Attacking Tools
(14:44) – Flipping from Offensive to Defensive Security
(15:27) – Working with a Team of Hackers
(18:02) – Finding a Vulnerable Entry Point to an Application
(21:16) – Utilizing User Permissions to Hack an App
(25:48) – How Does Multi-Factor Auth Help Be More Secure
(27:45) – Leveraging an Entry Point into Escalations
(29:20) – Phishing As An Attack Vector (Red Teaming vs Bug Bounties)
(31:15) – A Hacker’s Spidey Sense for Common Vulnerabilities
(34:15) – Random Number Generators for Security
(36:07) – APIs as an Attack Vector
(37:32) – Why Exposed Secrets are a Common Entry Point
(41:20) – Why Web Application Firewalls are Not That Effective for Stopping Hackers
(43:30) – How Hackers are Using LLMs in Their Attack Workflows
(45:48) – Utilizing AI Agents in Hacking
(46:30) – Why Ethical Hackers are Assets to Security Teams
(50:30) – Wrap Up
How to Subscribe:
Available on Apple Podcasts, Spotify, YouTube.
A OneTrust Deep Dive - Kumar Gautam (Partner, Sands Capital)
Enterprise Tech Behind Digital Banking - James Barney (Director Cloud Platform Eng, Ally Financial)
Nvidia, Groq, HBM & What's Ahead for Semis (Doug O'Laughlin, Founder of Fabricated Knowledge)
Scaling Product & Operational Excellence - Charles Zedlewski (COO, Temporal & GM, Cloudera)
AI Agent-Assisted Flow Engineering - Itamar Friedman (CEO, CodiumAI)
State of Developer Tooling - Redmonk (James Governor & Kate Holterhoff)
Time Management for Knowledge Workers - Matt Martin (CEO, Clockwise)
Health 101 for Entrepreneurs - Ben Canning (Founder, We Hack Health)
Replay: Doug O'Laughlin (Founder, Fabricated Knowledge) - A Detailed Primer on the Semiconductor Industry
Nick Schrock (Founder, Dagster Labs & Co-Creator, GraphQL) - Facebook Eng Culture & Modern Data Stack Consolidation
Zack Urlocker (Exec - Duo Security, MySQL, Zendesk, Gatsby/Netlify) - Driving Operational Excellence Across Four $1B+ Outcomes From $6-100M ARR+
Utkarsh Ohm (Director of AI, Thoughtspot) - The Future of AI Powered Search & Analytics
Hank Taylor (Fractional CMO & Former VP Marketing, Vercel) - How to Automate the SDR Function & Hiring Product Advocates
Swati Raju (Head of Eng, Confluence Cloud, Atlassian) - AI's Impact on Workflows, On Prem to Cloud Transitions, Building Effective Remote Eng Teams
Bobby Pinero (CEO, Equals) - Why Freemium Doesn't Always Work
Fergal Reid (VP AI, Intercom) - Applied AI Insights from Shipping Fin (an LLM enabled chatbot)
Chris Huskey (Partner, Octahedron Capital) - A Databricks Deep Dive
#26 - Marten Mickos (CEO, HackerOne & prev CEO, MySQL & Eucalyptus Software) - The OG of Open Source, Lessons Learned Scaling Multiple Enterprise Software Startups, Tactical Leadership Learnings
#25 - Kunal Agarwal (CEO, Dope Security) & Emilio Escobar (CISO, Datadog) - Deep Dive into SSE & SASE Security, The Convergence of Networking & Security
Create your
podcast in
minutes
It is Free
The Commercial Edge: Unleash the Power of People
The emPOWERed Half Hour
Organic Marketing Simplified: Master podcast marketing, fuel podcast growth, and make money podcasting!
THE GO BIZ GUY
The Sigma Femme Podcast
The Prof G Pod with Scott Galloway
The Money Mondays