Episode 31: Alex Chapman - The Man of Many Crits
Critical Thinking - Bug Bounty Podcast10 Aug 2023

Episode 31: Alex Chapman - The Man of Many Crits

Episode 31: In this episode of Critical Thinking - Bug Bounty Podcast, we're thrilled to be joined by Alex Chapman, a seasoned InfoSec hacker and bug bounty hunter. We kick off with Alex sharing his hacking journey, from a guest lecturer that inspired him, to working on internal Red Teams, to his transition to working with HackerOne, and finally as a bug bounty hunter focusing on searching out those few, high impact bugs. We also discuss the power of collaboration, the challenges of balancing hacking with other responsibilities, and the necessity of flexibility and taking breaks in bug bounty work. Don't miss this episode where we explore the depths of bug bounty with Alex Chapman!

Follow us on twitter at: @ctbbpodcast

We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

------ Links ------

Follow your hosts Rhynorater & Teknogeek on twitter:

https://twitter.com/0xteknogeek

https://twitter.com/rhynorater

Today’s Guest:

https://twitter.com/ajxchapman

@ajxchapman@infosec.exchange

https://ajxchapman.github.io/

https://hackerone.com/ajxchapman?type=user

Perforce RCE

https://hackerone.com/reports/1830220

https://ajxchapman.github.io/bugreports/2019/04/04/perforce-local-file-disclosure.html

(00:00:00) Introduction

(00:01:50) Alex Chapman's InfoSec journey and evolution

(00:05:55) Real-world experience vs. chasing degrees, and the pivot into Bug Bounty

(00:13:12) The benefit of programming knowledge

(00:16:50) Experience in Internal Red Team and hacker mentalities.

(00:23:35) Transitioning to HackerOne and full time Bug Bounty

(00:33:37) Bug Bounty tips, time management, and best practices

(00:41:00) The importance of note-taking and organizational tools

(00:46:27) Hunting Methodologies and focusing on Critical Exploitations

(01:02:37) Collaboration in the hacking community

(01:06:00) Binary Exploitation and Source Code Review

(01:10:59) Configuration file injections

(01:17:38) Justin vs. Alex at a LHE

Episoder(165)

Episode 141: Hacking the Pod - Google Docs 0-day & React CreateElement Exploits with Nick Copi (7urb0)

Episode 141: Hacking the Pod - Google Docs 0-day & React CreateElement Exploits with Nick Copi (7urb0)

Episode 141: In this episode of Critical Thinking - Bug Bounty Podcast Justin sits down with Nick Copi to talk about CSPT, React, CSS Injections and how Nick hacked the pod.Follow us on twitter at: ht...

25 Sep 20251h 23min

Episode 140: Crit Research Lab Update & Client-Side Tricks Galore

Episode 140: Crit Research Lab Update & Client-Side Tricks Galore

Episode 140: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joseph give an update from The Crit Research Lab, as well as some writeups on postMessage vulnerabilities, Cookie Chao...

18 Sep 202557min

Episode 139: James Kettle - Pwning in Prod & How to do Web Security Research

Episode 139: James Kettle - Pwning in Prod & How to do Web Security Research

Episode 139: In this episode of Critical Thinking - Bug Bounty Podcast Justin finally sits down with the great James Kettle to talk about HTTP Proxys, metagaming research, avoiding burnout, and why HT...

11 Sep 20252h 21min

Episode 138: Caido Tools and Workflows

Episode 138: Caido Tools and Workflows

Episode 138: In this episode of Critical Thinking - Bug Bounty Podcast We’re talking Caido tools and workflows. Justin gives us a list of some of the Caido tools that have caught his interest, as well...

4 Sep 202522min

Episode 137: How We Do AI-Assisted Whitebox Review, New CSPT Gadgets, and Tools from SLCyber

Episode 137: How We Do AI-Assisted Whitebox Review, New CSPT Gadgets, and Tools from SLCyber

Episode 137: In this episode of Critical Thinking - Bug Bounty Podcast Justin Gardner and Joseph Thacker reunite to talk about AI Hacking Assistants, CSPT and cache deception, and a bunch of tools lik...

28 Aug 202549min

Episode 136: Hacking Cluely, AI Prod Sec, and How To Not Get Sued with Jack Cable

Episode 136: Hacking Cluely, AI Prod Sec, and How To Not Get Sued with Jack Cable

Episode 136: In this episode of Critical Thinking - Bug Bounty Podcast, Joseph Thacker sits down with Jack Cable to get the scoop on a significant bug in Cluely’s desktop application, as well as the r...

21 Aug 202550min

Episode 135: Akamai's Ryan Barnett on WAFs, Unicode Confusables, and Triage Stories

Episode 135: Akamai's Ryan Barnett on WAFs, Unicode Confusables, and Triage Stories

Episode 135: In this episode of Critical Thinking - Bug Bounty Podcast Justin sits down with Ryan Barnett for a deep dive on WAFs. We also recap his Exploiting Unicode Normalization talk from DEFCON, ...

14 Aug 20251h 26min

Episode 134: XBOW - AI Hacking Agent and Human in the Loop with Diego Djurado

Episode 134: XBOW - AI Hacking Agent and Human in the Loop with Diego Djurado

Episode 134: In this episode of Critical Thinking - Bug Bounty Podcast we’re joined by Diego Djurado to give us the scoop on XBOW. We cover a little about its architecture and approach to hunting, the...

4 Aug 20251h 53min

Populært innen Teknologi

lydartikler-fra-aftenposten
romkapsel
smart-forklart
teknisk-sett
tomprat-med-gunnar-tjomlid
energi-og-klima
nasjonal-sikkerhetsmyndighet-nsm
rss-impressions-2
elektropodden
rss-ki-praten
shifter
rss-praktisk-proptech
pedagogisk-intelligens
hans-petter-og-co
rss-ki-til-kaffen
i-loopen
kunstig-intelligens-med-morten-goodwin
rss-heis
teknologi-og-mennesker
rss-nerding-med-netlife