Episode 31: Alex Chapman - The Man of Many Crits
Critical Thinking - Bug Bounty Podcast10 Aug 2023

Episode 31: Alex Chapman - The Man of Many Crits

Episode 31: In this episode of Critical Thinking - Bug Bounty Podcast, we're thrilled to be joined by Alex Chapman, a seasoned InfoSec hacker and bug bounty hunter. We kick off with Alex sharing his hacking journey, from a guest lecturer that inspired him, to working on internal Red Teams, to his transition to working with HackerOne, and finally as a bug bounty hunter focusing on searching out those few, high impact bugs. We also discuss the power of collaboration, the challenges of balancing hacking with other responsibilities, and the necessity of flexibility and taking breaks in bug bounty work. Don't miss this episode where we explore the depths of bug bounty with Alex Chapman!

Follow us on twitter at: @ctbbpodcast

We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

------ Links ------

Follow your hosts Rhynorater & Teknogeek on twitter:

https://twitter.com/0xteknogeek

https://twitter.com/rhynorater

Today’s Guest:

https://twitter.com/ajxchapman

@ajxchapman@infosec.exchange

https://ajxchapman.github.io/

https://hackerone.com/ajxchapman?type=user

Perforce RCE

https://hackerone.com/reports/1830220

https://ajxchapman.github.io/bugreports/2019/04/04/perforce-local-file-disclosure.html

(00:00:00) Introduction

(00:01:50) Alex Chapman's InfoSec journey and evolution

(00:05:55) Real-world experience vs. chasing degrees, and the pivot into Bug Bounty

(00:13:12) The benefit of programming knowledge

(00:16:50) Experience in Internal Red Team and hacker mentalities.

(00:23:35) Transitioning to HackerOne and full time Bug Bounty

(00:33:37) Bug Bounty tips, time management, and best practices

(00:41:00) The importance of note-taking and organizational tools

(00:46:27) Hunting Methodologies and focusing on Critical Exploitations

(01:02:37) Collaboration in the hacking community

(01:06:00) Binary Exploitation and Source Code Review

(01:10:59) Configuration file injections

(01:17:38) Justin vs. Alex at a LHE

Avsnitt(166)

Episode 134: XBOW - AI Hacking Agent and Human in the Loop with Diego Djurado

Episode 134: XBOW - AI Hacking Agent and Human in the Loop with Diego Djurado

Episode 134: In this episode of Critical Thinking - Bug Bounty Podcast we’re joined by Diego Djurado to give us the scoop on XBOW. We cover a little about its architecture and approach to hunting, the...

4 Aug 20251h 53min

Episode 133: Building Hacker Communities - Bug Bounty Village, getDisclosed, and the LHE Squad

Episode 133: Building Hacker Communities - Bug Bounty Village, getDisclosed, and the LHE Squad

Episode 133: In this episode of Critical Thinking - Bug Bounty Podcast we’re joined by Harley and Ari from H1 to talk some about community management roles within Bug Bounty, as well as discuss the ev...

31 Juli 20251h 16min

Episode 132: Archive Testing Methodology with Mathias Karlsson

Episode 132: Archive Testing Methodology with Mathias Karlsson

Episode 132: In this episode of Critical Thinking - Bug Bounty Podcast, Justin Gardner is joined by Mathias Karlsson to discuss vulnerabilities associated with archives. They talk about his new tool, ...

24 Juli 20251h 49min

Episode 131: SL Cyber Writeups, Bug Bounty Metastrategy, and Orphaned Github Commits

Episode 131: SL Cyber Writeups, Bug Bounty Metastrategy, and Orphaned Github Commits

Episode 131: In this episode of Critical Thinking - Bug Bounty Podcast we're covering Christmas in July with several banger articles from Searchlight Cyber, as well as covering things like Raycast for...

17 Juli 202550min

Episode 130: Minecraft Hacks to Google Hacking Star - Valentino

Episode 130: Minecraft Hacks to Google Hacking Star - Valentino

Episode 130: In this episode of Critical Thinking - Bug Bounty Podcast Justin is joined by Valentino, who shares his journey from hacking Minecraft to becoming a Google hunter. He talks us through sev...

10 Juli 20251h 8min

Episode 129: Is this how Bug Bounty Ends?

Episode 129: Is this how Bug Bounty Ends?

Episode 129: In this episode of Critical Thinking - Bug Bounty Podcast we chat about the future of hack bots and human-AI collaboration, the challenges posed by tokenization, and the need for cybersec...

3 Juli 202536min

Episode 128: New Research in Blind SSRF and Self-XSS, and How to Architect Source-code Review AI Bots

Episode 128: New Research in Blind SSRF and Self-XSS, and How to Architect Source-code Review AI Bots

Episode 128: In this episode of Critical Thinking - Bug Bounty Podcast we talking Blind SSRF and Self-XSS, as well as Reversing massive minified JS with AI and a wild Google Logo Ligature BugFollow us...

26 Juni 202558min

Episode 127: Drama, PDF as JS Chaos, Bounty Profile Apps, And More

Episode 127: Drama, PDF as JS Chaos, Bounty Profile Apps, And More

Episode 127: In this episode of Critical Thinking - Bug Bounty Podcast we address some recent bug bounty controversy before jumping into a slew of news itemsFollow us on XShoutout to YTCracker for the...

19 Juni 20251h 7min

Populärt inom Teknik

uppgang-och-fall
elbilsveckan
market-makers
rss-elektrikerpodden
rss-laddstationen-med-elbilen-i-sverige
skogsforum-podcast
bilar-med-sladd
rss-technokratin
har-vi-akt-till-mars-an
natets-morka-sida
rss-veckans-ai
gubbar-som-tjotar-om-bilar
developers-mer-an-bara-kod
rss-uppgang-och-fall
ai-sweden-podcast
bli-saker-podden
rss-it-sakerhetspodden
rss-en-ai-till-kaffet
rss-snacka-om-ai
rss-ai-med-katarina-gospic-och-viggo-cavling