siLLyDaddy
siLLyDaddy
3 min read

Categories

Projects by Ai Ho

https://github.com/j3ssie/Osmedeus

https://github.com/jaeles-project/jaeles

https://huntersuite.io


AMA with Ai Ho


  • How long have you been doing BB? Is it a hobby or a full time job? How long did it take until you started making money from BB? And what country are you from? 😁(Lots of questions… Ik 😅)

    • I’m only started doing part-time BB for about 1 year now cause I have full-time job.

    • It takes me about 3 months to find my first bug.

    • I’m from VietNam🥳


  • what were your first bug and favourite bug you found?

    • My first bug is the Jenkins RCE by Orange and my fav bug is server-side misconfigured.


  • where did you get the idea or motivation to jaeles scanner?

    • I started Jaeles because I got need a tool to automated my process of doing Repeater in Burp on a lot of target.


  • does the templates in https://vulndb.huntersuite.io only available for huntersuite?

    • Currently private signatures for Jaeles only available in @HunterSuite


  • Could you please tell us about @HunterSuite?

    • Our little startup @HunterSuite, we are trying to re-visit BlackBox security automation. We have high hopes for it🥰


  • Any tips for the people who are still struggling to find their first bug.

    • Focusing on 1 bug type first then learning a new bug type when you familiar with the previous one.


  • Tell something about how you builded your mindset for Infosec activity. Things is really so hard. So how you prepared yourself to face them and stay moving forward. 🔥

    • I love automation stuff. So when I do something many times I will find a way to automate it. Just keep learning and reading news tech🥰


  • First of all I am big fan of you, when do you think that you need to make such the best tool for BB in infosec !!! why do you think to make your work open source?

    • Thank you. I started doing BB by learning recon then I realized it has many repeated tasks then I wrote a tool for it.

    • I learn almost everything from community so I think I should contribute something to it🥰


  • How do you prioritize which vulnerability types to go after based on the program?

    • 99% of the time I only do recon by my tools and check vulnerability using my Jaeles.


  • Your burp suite secrets/tricks/extension ?

    • I don’t think I have any secret tricks in Burp Suite?

    • Extensions I use : Turbo Intruder, Taborator, Backslash,Resolver, AutoRepeater, etc


  • How to get bounty using google dorks?

    • I never got one but maybe this tweet will help


  • What about fuzzing , automation and notification ?

    • fuzzing I didn’t do much, I only some content discovery with wordlist build from BigQuery.

    • I use git for storing my result, so I only need to check diff content for notification.

    • Of course, all automation by my tools and I only review the result.


  • tips for rce and ssrf?

    • I’m mostly looking for CVE and misconfigured app leads to RCE using my Jaeles


  • Can you Guide me a Article you find best for Setting VPS for Hunting. And which one you choose Digital Ocean, Google Cloud etc..

    • I don’t know what article for that guide yet. Maybe this will help: https://github.com/nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters/blob/master/assets/setup.md

    • I’m using Google Cloud for the past year but switching to Digital Ocean recently.


  • What are future projects you are working on or thinking about?

    • Of course, improve HunterSuite. Furthermore, I have some ideas to improve Jaeles core, Jaeles Plugin on Burp, integrate it in the CI/CD process and some other ideas to for new projects :D


  • what do you think BB after few years means how quickly ML/AI is developing day by day is there will be any job left in infosec after few years? and what about BB? is there any other tool in queue which will come in future?

    • There are still many gaps and lots of room for improvement in security. So I think there still many jobs for infosec.

    • I have some ideas to improve Jaeles core, Jaeles Plugin on Burp, integrate it in the CI/CD process, and some other ideas too :D

      • if you didn’t make the legendary tools then how will you test the websites?

        • well, there are still many alternative tools out there though. But maybe I will change my focus bug type :D