NahamSec interview Naffy

Note that during these interviews I also moderate thus quality may vary.

PROFILE

  • 10yrs hacking

  • bug bounty X

  • has oscp, respectable standard

  • coding: ghetto bash, curl

TIPS

  • mentors, who’s in your corner and who can you communicate with

  • friendly helpful competition with peers

  • surround yourself with people that have the qualities you wish to attain

  • be an autodidact, ie. self teach to an extent

  • put the time in ~8+ hours a day, ie. bruteforce while watching Adventure Time

  • no one can teach you the practical skills, ie. experience

  • can’t be single-minded, ie. get a multiple of your time

  • always have multiple irons in the fire

  • multiple censys account to avoid x

  • don’t rely on tools, could have skewed results. E.g. screenshots cannot appropriately display underlying content, errors and functionality.

  • user correct host header, cname in host header

  • reading RFC’s and leveraging that knowledge a la Inti

  • requests are free

  • vhost scan

  • everything you’re doing is to extend your attack surface

  • discovery > web skills

  • fuzz interesting things

ROUTINE

  1. wake up, coffee

  2. 6-7 Verizon hosts of interest found over night

  3. nmap 80,443,xxx,xx

  4. based on that look for target to hit

  5. shodan, censys, xx over night look for interesting

  6. brute force those hosts

  7. hack those if anything interesting

WORKFLOW

Automation = dns resolution

  1. don’t rescan, assume assets don’t change every X week

  2. nmap nmap -T 4 -iL hosts -Pn --script=http-title -p80,4443,4080,443 --open

  3. filter out new stuff

  4. burp

  5. run scan

  6. fuzz while scan is running

  7. intruder

TOOLS

  • nmap

  • amass

  • ffuf

COLLABORATION

  • Would like to collab with agarri

  • Shout out to shubz, x, green hat hackers

LINKS