NahamSec interview Jobert Abma

Note that during these interviews I also moderate thus quality may vary.


  • cofounder HackerOne

  • 29 years old

  • started hacking at 11 years old


  • Genesis when 13 years old

  • Visual Basics book

  • Website got defaced -> learned about hacking and perform hacking

  • Started company after graduating, worked for Dutch government and companies etc.


  • deep dive

  • read docs

  • ask questions

  • always be learning

  • take a lot of notes

  • what’s interesting -> defenses that are in place

  • read up on company -> what is impact for bug besides technical

  • look for one bug type at a time (a lot of work)

  • helps you go deeper on each iteration

  • better coverage

  • use knowledge for continuous integration


  • Never stop learning

  • Be eager to understand what you’re looking at

  • Focus on learning to keep you motivated

  • Focus on one target -> leverage information to find more

  • Use what you know

  • GitLab uses similar stack as HackerOne

  • Pay for features once you feel confident in bug hunting

  • Mention it in bug report for clarity and perhaps reimburstment or bonus

  • Attack surface not always in new additions but in deleted ones

  • IDOR

  • Don’t use existing ID’s authorization is already in place

  • Beginners

  • Hack your own code

  • sunny day vs rainy day

  • write test with random input for example

  • Try all the things that you expect to go wrong

  • Try to break it

  • Think outside of the box

  • Structure it for yourself and focus on learning

  • Security is thinking about defensive programming - anticipate tampering and how you handle these cases.

  • book atomic habits


  • Burp


  • Learned how technology works

  • Spend 10 weeks on IP stack

  • Learned more about software dev and architecture

  • Made him a better hacker


  • Not needed

  • Forces you to learn a particular thing

  • HackerOne profile > certificate