Inside the life of a hacker by Hussein Daher

uh next up prepare for an extraordinary Journey as we embark on our most awaited tech speaker series introducing our first tech luminary Hussein d a seasoned veteran in the world of hacking who firmly believes that hacking is an art form as the Chief Executive Officer of web IM immuni Hussein has demonstrated his press by submitting more than thousand vulnerabilities through bug Bounty platforms garnering a plethora of awards successfully concurring a wide array of challenges Beyond his exceptional hacking expertise husse also finds soles in the art of travel and the Tranquility of the African tropical sea join me in welcoming Hussein d a remarkable individual who seamlessly combines the Artistry of hacking with the beauty of

leisure so last year we've done a technical talk and this year we're going to focus on something else we're going to speak about the life as a back Boni hiker back Boni Hunter so when a hiker Works into a room there is Al always this sense of mystery that he brings with him and I know that everyone of us here has your own story for why he started hacking why he started doing back bounties why he started doing uh cyber security but I want to share today my story with you and try to get uh to to explain to you my motivations for why I started hacking and giving you some explanations and tips to help you with your

journey so how did I start hacking around um 10 or 12 years ago I was playing some game on Steam with some friends I met online and it's like you don't know someone you just meet him on the internet and you start playing games together and so someday he told me listen there is a new game and it will be good if could play it together but for that I will have to help you install it on your computer so I was like okay no wor I gave him access to my computer remotely with some programs like teim viewer and uh little did I know next day I was a store on YouTube the guy just

had my computer in start the virus while while I was um while I gave him the access to my computer remotely and uh hacked me took some pictures took my uh files took my Facebook account started sending some messages to my family members so this is where Bally my way to start hi okay so uh we'll go again to talk about um what it made of me today so I'm the ofi I've work couple awards at B events I've also participated in some uh B party along the way lot of enties found a lot of companies got HED done a lot of collaboration with other hyers like sh here and other hyers which uh I enjoyed

hacking with along the way so we are going to speak today without slce I going to try to connect with you directly and let's speak about back Bounty hacking in general and what brings us here all together the same when I started back Bounty back in the days in 2014 it was like something magical happened to me I did not know why it was was why there was something like this that existed that I didn't know about and how it happened my first Bounty ever was in 20134 in the first year it was from Facebook and I remember that when I got the email saying you got uh rewarded $500 I was just so so so so extremely

happy I didn't know if it was true if it was a scam uh you don't know what's exactly behind the the thing happening because you don't understand that as a young age at a young age you can just find vulnerabilities on some programs and start getting money out of nowhere so obviously your parents start saying what are you doing on the Internet is this uh legit is this not a scam did you get it from someone else is it something you have to pay back so people don't understand and you're still young and trying to figure it out yourself and you find yourself entering into this world of B bounties and bounties at a young

age and this is where you have to have some self-control over the time to not make mistakes other other people have made so uh when we speak about back Bounties in my experience um I want to speak from my experience when I started back Bounty and started earning some money from back bound programs I was maybe 14 or a little older or younger and uh we come from a very modest family very modest uh financially speaking family and bti has basically changed my life and the life of my family because I believe that when uh family is all bonded together nothing can happen to them and so if you can help today the next day someone's going to help you too

with uh whatever you are sharing together in your home home but uh back B came to my life at a point where I needed to start making money even though I was young because you start looking at your parents and you start understanding that they are suffering to get you to school to get you to universities to pay for rent to pay for mitigations to pay for a lot of things and you start thinking that oops if I can do it myself it will be a relief for them and for myself to know that I'm doing it on my own own even though it's in young age and you might not have um have the duty to start doing it

yourself but so we started back Bounty got my first Bounty from Facebook $500 and I was really excited and I remember at the time I didn't have the age yet to get a bank account so my first challenge was not getting the Bounty even though after snd a lot of reports which got duplicated or not accepted that my first challenge in back Bounty was getting my bounty delivered to me because I didn't have the age to have any bank account so uh back in the time I was on Facebook there was this Facebook group called black mul Community I think it was one of the first back in uh in the days maybe 2014 2015 and there was this uh friend this

guy because he was not a friend yet and I just messaged him you know you are 15 years old you speak other people you don't know people yet you just open to the world more and I just said okay I got a Bu from Facebook but the problem is that I don't have a bank account would you be able to get the money to your account and then you send it to me back and the guy says yes and uh it was funny because you don't know this person I've have never met him it's just your first Bounty ever you're just so excited to get it so you can uh enjoy it and then the guy says yes I can do it here's

my bank details just send it to Facebook let them send the bouny on this specific uh bank account so what happen is that I take that specific bank account I sent it to Facebook and one or two days later Facebook says uh okay it's sent so we wa one week for it to arrive to his bank account and we chat uh with that exactly that friend and after some days you know when the py was supposed to arrive to his account that guy disconnect you know nothing more no more contact no more thing sent a message on Facebook no Blu nothing the guy disappeared from Facebook and I was like okay I got scammed with that guy but little did I

know one week later this guy came back to line and he says sorry I was out of to electricity because I live in some really far um places where electricity is not um always available in fact he was from India and this guy actually sent me my money and I got my first sponsy because of him so I thank him even though he's not here that's how I got my first ever py from Facebook so when we speak about uh bounties and the life the life cyle that the hiker can have because because my has allowed us to do a lot of things let it be Financial Freedom Let It Be timing because now once you are third B bouncy

Hunter you have the ability to hack when you want where you want whenever you want you don't have to tell to anyone okay I'm online I'm not online you don't have to give any kind of um uh account to anyone so you just do what you like and when you like it but there is a lot of mistakes which make when we start and when we uh do back bounties which I want to speak about and try to give you some part of my story from it so as je said uh in his talk collaboration is really important when you do collaboration with other hackers but you have to know how you are collaborating with because if you just rest anyone uh

you might learn it uh on your own so there is two ways to learn it you either learn it the hard way or you learn it the very hard way either you will learn the hard way or the very hard way in my experience 9% of the persons they they be learning the very hard way so I've learned it the hard the very hard way so you just find someone start collaborating with him give him some uh an points give him some domains give him some access to your accounts maybe so that he can send reports and this guy starts sending the reports on his own without you included one week later you see that that asset specific asset is

down so you don't understand what's happening this asset was online for 10 years now I just sent it to this guy and it's down so you don't know what's happening that's because you can't trust any anybody um without knowing him for some time and knowing that he's a good person but thankfully uh I've had some B experiences with um this kind of thing and collaboration but I finally met some people which I always collaborate with I always spend time hiking with them and I have none issues ever ever ever ever with these guys and I can say that I made more more money with these people that I ever made and without see them so

imagine you are in some part of the world and you make money with someone that's another part of the world and you never met you don't know this person even maybe you haven't spoke on any call ever you just texting okay this is the on point this is availability try to explo it let's do it and you make more money with these persons than persons you know for years in your real life like your real friends so this is crazy because it builds some really good Bing with people it builds some really um good um characteristics uh with other people because obviously it's really hard nobodys to get this kind of B with other persons even if you

know some person in real life it's not always the same thing that you get when you hack with someone and get too closer to someone so another thing is uh I want to talk about what technically hiking is for me when we talk about hiking think most of the people think about computers think about um systems think about vulnerabilities but I think that hacking itself is a way of thinking it's just just only related to computers related to web assets related to variabilities but it's mostly the way of thinking trying to always get the a way to do what you want to achieve so you might uh be hiker in other different um places not

necessarily hiking computers not necessarily hiking web targets not necessarily hiking um mobile phones or anything like that but it's a way of thinking now uh this this way of thinking leads us to uh thinking a lot because I know that most haers overthink a lot have um a lot of moments where they love being alone from they love being alone because that's where they feel like that they are the most uh there the most connected with themselves when there is no people around them no s around them no lights maybe just computer is screen and they dream and what's interesting about that is that when you meet people like you you you know that you are not crazy

so you understand that you are not the only one doing this kind of stuff you are not the only one that loves spending too much time alone you're not the only one that can spend maybe 10 hour streight in front of your computer speaking to a terminal with a green font so you just start realizing that there is a lot of people like you and you are a lot similars in a lot of things so when I started uh doing back bounties for a couple years I have done fulltime back boun for maybe 6 or seven years now I'm not in anymore doing b b full time but uh when I was doing back Bounty full time I was going too hard

and I know that a lot of people do the same mistake going too hard into it spending too much time in front of computers without taking rest without taking some other activities doing other things than hicking so I used to spend maybe 15 16 hours per day in front of the computer trying to hack trying to find vities on companies trying to prove to myself that I can hack this company and prove to my friends that I can get bounties from these companies and the the principal effect of that is burnout after a couple of months you just start feel burned out you don't know why you don't know where you don't know how it happened but the reasons are

here you don't want to hack but you're forcing yourself to ha hacking just because you're wir that that way if you are not doing hacking you're are not doing anything else if you're not pursuing some bounties you are not having fun if you're not getting that that little peak of Happiness when you fight super Bri is you are not anymore happy with um anything else so it's like uh it's it's it's like a shot of AD adrenaline that you start getting one finding bugs that you're always going to push you again and again and again and uh even when you don't feel like it you just sit there trying to find like want to spend time the

computer and it's most of the time ends badly because you haven't had the time to do anything else you're are only doing the same thing but after a couple of time understood that your should always always always HCK when you feel like it and not when you feel like you have duties to get bounties to get some stuffff but always ha when you feel like it and not force yourself to hacking because when you force yourself you're are just forcing your mind to thinking a lot and maybe your mind is not uh really concentrated enough to think about anything else sometimes we have to take some rest travel a bit change um change some places change some uh habitudes

that you have see other people see friends and do other stuff and Hiking so uh I want to talk about something that's important to me too because I've realized that a lot of people don't pay attention to bounties when there are earning bounties so we are getting bounties nowadays from companies um we're enjoying it right but who of you knows how much time this is going to last who knows how many years is this going to last by going to find B and get paid for it you can't know it might stop in a year you don't know what happens it might stop in 2 10 years you don't know what's happening and uh when I started I

made this mistake that all my bounes I was spending uh I was spending my bounties without really thinking about the future and now after a couple of years when you look back and you start thinking okay uh it's been like 5 years of working I haven't saved anything I'm spending other money and I'm not taking care of uh my future even though you have made a lot of money along the way but still you have span it you start realizing that there is an issue and I tell you when this happens this starts happening when you go on vacations for one month or uh two weeks and you start thinking oops if I don't hack right now I'm not going to P get

paid this month so you are just thinking like if I'm not doing back Bounty constantly I'm not having any input of money coming uh into my accounts so you are being uh attached to B Bounties in general however B boun is like a very very very uh sensible part because you don't know what happens there's chances of duplicates you have chance es of programs not liking your report you have chances of um being out of school you have a lot of chances you don't have the B is 100% going to get to your account there's a lot of different aspects of it but once you realize that uh you have to take care of what you are earning and

your bounes and that you have to have a plan for the future for 10 years from now because obviously I don't think that everyone can last more than 20 years in the cyber security company in the cyber security field sorry I think that it's really hard for anyone to keep doing back bounties for 20 years 25 years so it might be uh really really good to start thinking about what you want to do in the future with any boun that you might be earning right now so uh hacking brings us to another point where when you meet a lot of people from from the community this gives you chances to go right on other kind of um kind

of other places not only hacking so you might meet someone today that's from some spe specific uh community that does some specific work and you are able to just work with them in the future because you've met them through hiking and when you already have that Bond of um connection with these people it's always easier for it to take to go to another place because you're already connected with these people you know these people you have done work and job and businesses with them through b in the past and uh it's easier for you to connect and try to adapt with these people let's talk about consistency in back pares uh so most of the time when

someone messages me or talk with me he goes like okay I have tried everything on this program but I'm not finding any bug so the first question is how much time have you spent hiking on this specific Target and most of the time response that I get is two days 3 days maybe one week at most so this is not enough because you should know that you you need to spend at least one month on the target to think that you really know it perfectly and that you are spending uh some quality time with that program because uh in one day or one to two days or two 3 days or one week you can't know

exactly how a program uh works you don't know about how a program structures you can't know the Technologies program is using you don't know a lot of things you are not knowing anything about it so it's not like two days and or 3 days and you're done and you you would know about all these things we need to spend at least one months on these um programs so that you can get the max uh output after out of them I remember uh seven months ago we decided to go and try to find some BS on FIS on the code the bank program and when we came in and started hiking on this specific program the program had around

1,000 uh vulnerabilities result and at this point you just think that oops this is going to be too hard for me because this is a public program everyone's hiking on it everyone spending time hiking on it and it would be impossible to find some bugs and uh of course my first 10 bugs went uh duplicates and out of s unfortunately but kept going and trying to have persistency and after two or three months of Ling on it finally was able to find some bugs and now I think that I still heard the first um I'm top one on that program in in a time span of maybe three months so uh consistency is always going to beat

anything else when you spend much time trying to understand your target when you spend a lot of time trying to know how things are wired you have more chances to find BS because you know what you're are talking about you know the programs you know the Technologies you know how things works you know how things are connected so uh B bount has changed my life in a lot of ways in in a lot of different parts of um of my of casual life through b b have been able to travel a lot through b have been able to meet a lot of great people through b have been able to launch we minifi which is a ping

company through b Bounty I have been able to open other kind of um businesses outside up the feet for a backup plan if anything happens to cyber security so uh I'm really grateful to that Journey that I've had I'm really grateful to be here and I would like to thank you all for uh being here today and uh listening to my T thank you before leaving I'd like to know if there's any questions yes

sorry how AI is changing the world of play right so I think that AI might be able to find some verab in Source codes by if you supply some source code it might be able to find a variabilities but there will still be the business logic erors which can be found unless you have some humans thinking about this mind be that way and this might be that way and if I can do that maybe it's not uned so I think that um there's still room to go AI is not going to take over any soon maybe some kind of durabilities might be um taken over but most of them will still be something rant for

us there any questions yes here yeah how do you deal with like sorry how you hello how do you deal like with big scoop like f how how did you deal with big scois like pleas so that's a question that you come back to every time and and then so on big Scopes mostly what is going to give you more chances of winning is having good reconnaissance game because the more your attack surface is Big the more you can hit and if you find some hidden assets which someone hasn't yet found going to find some BS which uh other people don't haven't found so what I usually do is that I'm going to hard Recon for the CP weeks maybe

months reconing BR foring again and against subd domains um Vos trying to get some um bths that are unique looking into JavaScript files so when it comes to Big Scopes the the big key is trying to spend a lot of time during Recon before getting into the Target and be sure being sure that the bugs are going to get the the assets you are going to get are not found by many people before okay one more question uh few days ago I uh report a P1 B on fe uh in their requisition they accept they say this is their acquisition but they did not uh maintain this domain in this case uh what can I

do so the the sound is very low can we H it I mean few days ago I make a report on Fe B1 par but uh they says this is their acquisition but they didn't maintain this domain oh so if they don't own this domain right they own this domain but they didn't maintain this domain right now they me m this domain yeah so did it get accepted or not they didn't accept it why I don't know they say this is uh our Inquisition but right now we don't maintain this domain so they're not maintaining this domain right so maybe it's was it out of scope no it wasn't out of scope so I think your best guess would be messaging

backs super Channel and trying to get them prev buts because if it's in scope I think that you should get world for it okay thank you thank you do we have any other questions

yes so if I'm working on a Target

yes so I will be exploring the the domain need trying to understand JavaScript trying to understand the business of the website trying to read the documentations I I always spend time trying to understand my the application more than anything else so once I know that I understand what's the purpose of the application and what every functionality is used for then at this point I can start hiking because I have more knowledge around this specific thing but if you don't know your target it doesn't make sense to HCK on it right if you don't know a car you can't drive it so it's kind of the same for me so I would spend much time trying to

understand how the application works let it be documentation let it be some YouTube video explaining how the product works let it be anything some blogs explaining how it works just spend time looking at how it draws

so this this gets us back to Recon which uh there is a lot of um methods to doing recon there is a lot of different ways to do it Recon because each of us maybe I might have some ways of M to do Recon uh a would have some other ways to to do Recon CHS would have some ways to do Recon or would have his own way to the Recon I think these are techniques that you you develop on your own like with the time even though maybe I I can show you how I do it it might not make sense for you you might think that this is too complicated or this is not so good so

what I would suggest is that you just I made a talk with n that is on YouTube where I talk about Recon a lot it's like one hour something long I think that uh there is also a lot of other videos which are available for Recon if you don't just take the time to watch them all take some notes and then start doing it yourself and try to adapt to what works best for you because my techniques might not be rant for you at all and your techniques might not be rant for me same thing with everyone else just how you like doing it then you will do it and it would work for you but there's

some kind of specific Pace that is command to everyone like Ding and stuff and so this is like some stuff that are come on

so I am ad I'm in 11th standard right now I have approximately submitted 60 bucks up till now so some days before I submitted a bug on sp53 so they are constantly telling me that they need some more info I have already the sent them three video pocs and two times I sent s them pure return demonstration so what can we do now can you repeat the last part please uh I I have submitted three video P to them up and four times I have submitted a pure written description of the bug and the all the steps to reproduce they constantly are telling me that he need some more info more info what can we do

now yeah so if you can get more info I think it's done but I think that there is always way to get more informations uh more impact in right it is all it is fully exploited it is fully exploited nothing can be done more than that so if you are sure that it's all good and that it's the Maximum Impact I think you should reach the support CH either let be on back and have them help you towards that you yeah can I last question yeah we take one last person yeah so uh my question is how do we F fight for like do you have any idea like the or like how do you go for

or so are you asking how how to we byass that this needs a torque on its own so there is a lot of ways to get region IPS so I think that what you should spend is trying to develop the techniques to trying to find Orion IPS so let me give you an example pretty simple example of that let's say for example you have yaho which is behind aam for example so what I would do is that I would go on some uh websites and try to get all the ASN owned by Yahoo I would take all of it I would elimate all the IPS inside all the ranges IP ranges I would request uh the

the the IPS I will send the request and I will compare the titles with titles of the website I'm looking for the Orion IP of so there's a lot of techniques which um can pick to try to byass but uh I think that trying to find that Orion IP makes more sense than trying to bypass the W actually of the PS that are blocked uh you are trying to say like you you find origin IPS so that it there's no W over there right yeah so what I will do is that I will take all the IPS own by the specific company I will try to request them and get titles and then I would search if there is

tighter that but like uh if we have the original Ip it's actually behind the Lord balance or something and there's a reverse proxy running over it so we have to do virtual Lo inertion over there to bypass it am I right or wrong yeah okay okay so there is no clear way to First my for these things like that yeah like there's no pretty straightforward way to you know first web are using W like Akamai because a is a big issue like I have seen no it's not straightforward there is always some working ated in that so basically uh in your case you actually try to find the IPS and contact the vendors who owns those IPS so yeah

take the IPS request all get titles try to find a tit title that matches the title of the main target yeah but of course you have to take the IPS of the company you know so that you can match with the things the IP range okay yeah thank you yeah good thank you everyone uh I'm going to pass uh the place to another one thank you thank you H for describing in simple language how the life of the hacker look