siLLyDaddy
siLLyDaddy
8 min read

Categories

AMA with Ozgur Alp


About Ozgur Alp 😎 and His Success 💪

  • what is your story how you entered in bug hunting?

    • My story: https://ozguralp.com. I entered bug hunting after I was feeling suffocated from over-working of my consultancy job. I resigned from my job without finding a new one and while I was interviewing with other companies, registered @SynackRedTeam and journey started!


  • your fav tools

    • @Burp_Suite and @Google are my favorite tools.


  • do you use any automation in your findings?

    • Not too much, just a few custom scripts.


  • What is that one bug which gives you a great sense of satisfaction when you find it on the target?

    • Complex authentication bypasses are my favorites to find for.


  • While learning a bugs what is your approach and methodology..?

    • Learning the technologies in deep in terms of that type of bug is the key.


  • What is your recon work flow or methodology..?

    • I just proxy applications and analyze the http requests/responses on the back-end :)


  • How do you manage learning time and hunting time Example like 4 days reading ( to stay up to date), 3 days hunting

    • 1 hour reading twitter/blogs every day after I wake up & before starting working on weekdays. Prefer splitting into all days rather than having “learning days”.


  • What keeps you Happy everyday or the thing which mitigates the Stress?!

    • Which stress? I love the job that I am doing which does not stress me at all. Not-finding bugs sometimes could be a little bit disappointing, however I set my goals for both per months/years and not evaluate my performance day by day, which is really helping.


  • What are the things you do when you are not bug hunting to free up your mind and come with fresh mindset?

    • Spending time with my wife & friends, Traveling & discovering new places, Watching movies/tv series, Screenwriting,


  • Which vulnerabilities do you look for ? Do you use automation ?

    • Looking for all kinds of vulnerabilities but mostly authorization, authentication and business logic related ones. Already answered lots of questions regarding automation, but mostly no.


  • What is your recon methodology ?

    • I analyze http requests/responses and look for weird stuff!


  • Your favourite websites ( you use during bug bounty Hunting)

    • google.com


  • What was your first bug?

    • The first valid bug which is accepted and not duplicated on a bug bounty program was an IDOR with a complex syntaxed ID parameter. Enumerated those ID values from public facing user pages and used to gather sensitive PII data.


  • How long it took you to reach where you are standing now since you started and what difficulties you faced during your learning days and hunting days .

    • Started offensive security area 7 years ago within in addition to 5 year bachelors focused on information systems. Worked really hard especially for the first year started my career (Maybe 10-12 hours per day, but with joy) and for the first a few months started full time hunting


  • Do you face any difficulty or demotivation in the beginning of your journey ? How do you deal with that ?

    • Having goals keeps people motivated all the time, not just for bug bounty or work but for life. Have some both compelling and reachable goals for your life and you will find motivation on yourself!


Tips For Beginners 🔰

  • Do you think #oscp #oswe will help in #bugbounty hunting ? Would you recommend it for a beginner in bugbounty ?

    • While OSCP/OSWE trainings does not serve the same discipline within the bug bounty, the mentality and technical approaches to the every case is actually really helps for any job. Offensive security courses increases research skills very well, which is essential to bug hunting


  • What guideline will you give to the current beginners to become a crowdsourced pentester and red teamer?

    • Well, for being successful at offensive cyber security area, the first thing to achieve that finding/creating your own guidelines instead of asking people directly :) research skills is one of the most important thing to have at this area, so need to sharpen it


  • While learning a bugs what is your approach and methodology..?

    • Learning the technologies in deep in terms of that type of bug is the key.


  • What is your recon work flow or methodology..?

    • I just proxy applications and analyze the http requests/responses on the back-end :)
  • Any Tips for beginners..?

    • Do not focus to find only a few bugs (such as XSS, SQLi etc.) but focus to understand the technologies at first and try to understand the application flows from both the attacker/company sides. E.g. how an attacker can misuse this app & how the business could be affected.


  • How do you manage learning time and hunting time Example like 4 days reading ( to stay up to date), 3 days hunting

    • 1 hour reading twitter/blogs every day after I wake up & before starting working on weekdays. Prefer splitting into all days rather than having “learning days”.


  • Is javascript Python Go etc language is necessary to bug hunting ?

    • Not necessary but always knowing at least one programming language helps a lot for custom tasks/exploitations.


  • Is there any advice you can give to young bug bounty hunter? ( Bu arada merhaba Ozgur Hocam)

    • Never give up!


  • How to pick my first program?

    • It is not actually too much thing to focus on in my opinion. Just pick a program and if you dont like it move it to the next one.


  • your approach for XXE?

    • https://owasp.org/www-community/vulnerabilities/XML_External_Entity_(XXE)_Processing https://gist.github.com/staaldraad/01415b990939494879b4


  • How much time did it take you to find once you started?

    • Found it in a week after started full time hunting. Over-working really kills your both physical/mental life and on my first consultancy job we were really over-working so I can suggest that finding balance between your social life/hobbies and work is really important.


  • How long it took you to reach where you are standing now since you started and what difficulties you faced during your learning days and hunting days .

    • Started offensive security area 7 years ago within in addition to 5 year bachelors focused on information systems. Worked really hard especially for the first year started my career (Maybe 10-12 hours per day, but with joy) and for the first a few months started full time hunting


  • any advice for finding bugs on small single scope domain ?

    • No difference than a huge scope in my opinion. Just try to understand the logic and flow of the app and try to brake it with attackers perspective.


  • Do you face any difficulty or demotivation in the beginning of your journey ? How do you deal with that ?

    • Having goals keeps people motivated all the time, not just for bug bounty or work but for life. Have some both compelling and reachable goals for your life and you will find motivation on yourself!


  • what books have you read that make you better at web hacking?

    • I read “The Web Application Hacker’s Handbook” when I first started my career - still one of the best books on the market - and not read any information security related books afterwards.


Tips For Logical Bugs ❓

  • Do you search for many different kinds of bugs or just focused on logical bugs?

    • It depends to both the targets I am testing + my daily mood :) if I feel adventurous, I only look for different logical bugs. If I feel lazy, then sometimes only looking for simple XSS’es


  • Your approach about Second Order Issues & looking/researching for new logical stuff. Big Fan btw.

    • Sending random input via parameters and following those inputs on the responses are good for second order issues. For researching new logical stuff, just thinking all different cases that could be misused by attacker and trying to manipulate the applications for having them.


Tips For IDOR’S 🆔

  • What are the tools or extensions U use while searching idors.(to save time)

    • I do not use any other tool rather than Burp and manual analysis in terms of finding IDOR’s.


  • Can we combine idor with another vuln to increase the impact.

    • Of course! For example if you can find self-stored XSS vulns, within the help of IDOR’s, you can increase the impact to stored XSS from self ones.


  • I came to know that finding endpoints are important while finding idors is it true..?

    • finding endpoints are important for all kind of bugs Blog post: https://blog.usejournal.com/a-less-known-attack-vector-second-order-idor-attacks-14468009781a


Tips for Fuzzing 🌀

  • Tips for fuzzing ?

    • It depends on what you need to fuzz, however most of the times I am using Burp Intruder with the hex payloads starting from 00 to FF with prefix %


  • Why hex payloads?

    • They are URL encoded ASCII characters, nearly similar sending all characters one by one with wordlist. Sometimes also URL decode the payloads for different results, if it is a relevant one.


Advice’s 👍

  • Do you think #oscp #oswe will help in #bugbounty hunting ? Would you recommend it for a beginner in bugbounty ?

    • While OSCP/OSWE trainings does not serve the same discipline within the bug bounty, the mentality and technical approaches to the every case is actually really helps for any job. Offensive security courses increases research skills very well, which is essential to bug hunting


  • How to transition to a full time bounty hunter? Currently a student and unemployed. Gonna graduate soon.

    • If you are unemployed, then that’s a perfect match for you! Transition from a full time job to full time hunter is hard because of living guaranteed salary. However if you are already no having job, I can suggest go for it before you find a job!


  • Guide to be in srt

    • The answer exist on the job application’s itself: https://boards.greenhouse.io/synacksrt/jobs/150860