Frans Rosén has reported hundreds of security issues using his big white hat since 2012. He have recieved the biggest bounty ever paid on HackerOne, and is one of the highest ranked bug bounty researchers of all time. He's been bug bounty hunting with an iPhone in Thailand, in a penthouse suite in Las Vegas and without even being present using automation. He'll share his stories about how to act when a company's CISO is screaming "SH******T F*CK" in a phone call 02:30 a Friday night, what to do when companies are sending him money without any reason and why Doctors without Borders are trying to hunt him down.
2. detectify
Frans Rosén
"The Swedish Ninja"
Knowledge Advisor @detectify ( twitter: @fransrosen )
Blog at labs.detectify.com
HackerOne #6 @ hackerone.com/thanks
Highest paid out bounty on H1: $30k
26. detectify
Hashed IDs publicly available
Update other users / Get user info
ID as hashes, but visible using Google.
No check if user was in another company.
Bounty $3,000
https://hackerone.com/reports/23126
58. detectify
Collect
1. Collect all subdomains
2. Sort by popularity
3. Inject www between pop2 and pop1
4. Use to scan further + deeper
5. Every day. On all targets.
80. detectify
Safari <= 8 Mixed Content UXSS
1.Find URL with Mixed Content
2.Use fragment payload to inject clickable link in console
3.SE to get user to open Inspect and click link
4.???
5.PROFI-XSS-T!!!