00:00:00
I never thought that I could look at
00:00:01
myself at 16 and say hey man like you
00:00:04
are hacking and making a
00:00:08
living it's like 30 to 50,000 people in
00:00:11
Vegas all bunch of nerds hackers black
00:00:13
jeans black t-shirts it's a select
00:00:15
number of people that get invited to
00:00:16
this you have people coming from Europe
00:00:18
North America South America you name
00:00:21
it 20 years ago they would have to have
00:00:23
committed crimes to like learn these
00:00:25
systems and now they don't have to do
00:00:26
that anymore so it's keeping all the
00:00:28
Nerds out of jail and it's get them get
00:00:30
paycheck so it's
00:00:33
fart previously a team of nine of us
00:00:35
cleared 750k in a weekend it's it's
00:00:38
colossal
00:00:40
sometimes a lot of my friends go gamble
00:00:42
like a lot of the but body money they
00:00:44
make we'll be like hey are you up or
00:00:45
down they'll be like oh we're down 4K
00:00:47
but it's a great time
00:00:49
right you start to believe that the bug
00:00:52
will pop you envision the
00:00:55
vulnerability I have like multiple
00:00:57
messages from him saying I'm actually
00:00:58
Cosmic so own a system is to have like
00:01:01
total control like full
00:01:04
everything finally you get that one
00:01:06
string that's the correct one you're
00:01:07
like yeah got it that whole experience
00:01:10
is amazing and that's what keeps me
00:01:12
going back and back and back again it's
00:01:15
fascinating it's the secret underground
00:01:17
everyone thinks so
00:01:32
[Music]
00:01:39
the week of black hat bsid Las Vegas and
00:01:42
Defcon is called the hacker summer
00:01:45
camp when that comes together and the
00:01:47
entire city is taken over by people like
00:01:50
this it's hilarious cuz you see people
00:01:52
here just for Vegas you see a bunch of
00:01:53
people in all black in the 100° heat and
00:01:56
they're like what's going on it's a very
00:01:57
welcoming Community anybody is welcome
00:01:59
to have their own Community their own
00:02:01
meetups their own Hangouts and everybody
00:02:03
from every background is accepted into
00:02:04
those for our case with the bug bounty
00:02:07
hunters it's a Next Level thing because
00:02:09
we're not just coming together to hang
00:02:11
out we're are actually hacking a real
00:02:13
company right you know you have T-Mobile
00:02:16
doing event here and you have Tik Tok
00:02:18
you have epic games and they're all
00:02:20
paying hundreds of thousands of dollars
00:02:22
if not Millions within a span of 72
00:02:25
hours
00:02:30
[Music]
00:02:33
so my name is nio I also go by specters
00:02:36
so what I like to think about bud
00:02:37
brownie is that it's very similar to
00:02:39
Wild West style bounties you know what I
00:02:40
mean where like you have like a a hunter
00:02:42
go and like hunt for a person and it Go
00:02:45
and like retrieve that thing that
00:02:46
objective there you are
00:02:49
$1,000 so historically you used to have
00:02:52
to commit crimes in order to learn
00:02:55
things about systems that were black box
00:02:57
like enclosed and stuff uh and
00:03:00
I believe Facebook is actually kind of
00:03:03
where the modern bug foundy program kind
00:03:06
of evolved from it basically allows you
00:03:08
to do real world exercises against like
00:03:10
an actual Target a company an asset and
00:03:14
uh you get paid based on the bugs that
00:03:15
you
00:03:17
playing there's different types of like
00:03:19
Bud buing owners and [ __ ] I think web is
00:03:20
like the most popular uh hardware and
00:03:23
embedded is probably like the second and
00:03:25
then you have specific sump sections of
00:03:26
that in those two categories so like for
00:03:29
haror you'll have car hacking you'll
00:03:30
have 5G hack cell phone hacking iOS and
00:03:34
then for like the web hacking side you
00:03:35
know you have web hackers you have like
00:03:38
web re hackers people that specialize in
00:03:40
game pcking or application security code
00:03:42
and Rie things of that
00:03:45
nature bug bny is a place where you can
00:03:47
take anyone on the internet who has some
00:03:49
sort of unconventional skills with
00:03:50
security and allow them to help out in a
00:03:53
way that's safe and has real impact
00:03:55
while a lot of times you find directly
00:03:57
talking to vendors out there with issues
00:03:59
can be dangerous for the researchers uh
00:04:01
threats of lawsuits lots of paperwork
00:04:03
and legal bug bounding companies allow
00:04:06
people to sign up for their platform so
00:04:07
companies come to them and say we have
00:04:09
these products we want to make sure
00:04:10
they're secure the bug buny company goes
00:04:12
and kind of casts a net out they say you
00:04:14
know anyone with these skills we can
00:04:16
promise you if you stick with XYZ rules
00:04:18
we'll keep you safe you know it's all
00:04:20
good legally but you're allowed to kind
00:04:21
of hack on these programs and then
00:04:23
whatever you find you're rewarded
00:04:25
for on the black market you could
00:04:28
definitely get paid more for a lot of
00:04:29
these bugs like major benefit is that
00:04:32
there's a what's called A Safe Harbor
00:04:34
rule where like any of the research that
00:04:36
you're conducting as long as it's being
00:04:37
done in good faith uh you will not get
00:04:41
prosecuted for it so it's keeping all
00:04:43
the Nerds out of jail and it's getting
00:04:44
them a good paycheck so it's
00:04:46
[Music]
00:04:53
fed I I really wanted to do like a
00:04:55
professional skateboard career and I was
00:04:57
like homeless at the time so it's was
00:04:58
like oh you know
00:05:00
uh I got to make money somehow and
00:05:02
skateboarding is not working out for
00:05:04
sure and I took a mega bus up to
00:05:06
Michigan I learned how to hack cars
00:05:08
there people were like oh you like hack
00:05:10
cars and [ __ ] like what else have you'd
00:05:12
hack I'll be like oh yeah i' like I've
00:05:14
hack satellites can do like boats spray
00:05:18
there's like a bunch of different
00:05:19
targets hack I mostly go for like
00:05:20
whatever the interesting Target
00:05:22
is when I was really little my dad would
00:05:25
bring me with him to It Centers my first
00:05:27
memor is looking at a tape drive sorting
00:05:29
robot but I was exposed to that very
00:05:30
young Started Loving that met a bunch of
00:05:33
friends turned into his whole career I
00:05:34
did a lot of Automotive hacking for a
00:05:36
little while from the team that I work
00:05:38
with we've done everything satellites
00:05:40
cars planes casinos telecom companies
00:05:44
everything you could think of it's so
00:05:46
cool to be able to see all of those
00:05:47
different facets too my name is Sam
00:05:49
Curry I've been hacking for like 10
00:05:51
years is I'm from Omaha Nebraska and I
00:05:54
was working at like a fast food job like
00:05:55
not making a lot of money so when I was
00:05:57
like 15 I discovered bug Bounty I spent
00:05:59
like 80 hours just trying to find a bug
00:06:01
on this one thing and when I got paid
00:06:04
like 2 weeks later it's like 500 bucks
00:06:05
that was kind of my whole start with bug
00:06:07
bounding but for hacking it's like more
00:06:08
of like a really deep kind of passion
00:06:11
for pretty much like 80% of the cars you
00:06:13
could just take a license plate of
00:06:15
anybody plug it into a system and then
00:06:17
like remotely track that user forever
00:06:20
see their historic tracking history
00:06:22
remotely start their car honk their
00:06:24
car they they have no idea and like
00:06:26
you're just kind of there behind the
00:06:27
scenes with your phone like and you do
00:06:31
that and you see that the car Roll by or
00:06:35
you walk by and you see the company's
00:06:36
name and an ad or something you just
00:06:37
think like wow I've been there you know
00:06:39
I've seen the inside of it um it's cool
00:06:41
seeing what you're not supposed to is
00:06:42
what drove me also a lot of these years
00:06:44
it's fascinating it's the kind of the
00:06:46
the secret underground everyone thinks
00:06:55
of but when I was a kid I was really
00:06:58
into video games played a lot of pokot
00:07:00
right and it's basically where I learned
00:07:03
that a video game is just a computer and
00:07:05
it turns out you can hack computers so I
00:07:07
learned had a hack video games like 9
00:07:09
years old now that it's legal to do that
00:07:11
I can then report to a company oh this
00:07:13
is the thing I did you should probably
00:07:15
fix that and they'll fix it so I'm being
00:07:18
useful it can be really frustrating at
00:07:21
first because you could try a whole
00:07:23
bunch of different types of strings and
00:07:25
they're not working they're not working
00:07:26
and you're like I know that it's
00:07:27
definitely here because why did I get
00:07:28
that error earlier if it's not here and
00:07:30
then finally you get that one string
00:07:32
that's the correct one you're like yeah
00:07:33
I got it and then I usually do like a
00:07:35
phoenix was here on the alert box so
00:07:40
when you're out hunting for for bucks
00:07:42
you find something that this smells
00:07:45
vulnerable you want to go down the route
00:07:47
right you're excited you're figuring it
00:07:49
out but you can't really solve the
00:07:50
puzzle one of the best ways to solve
00:07:52
that is to get into a shower and get
00:07:54
that Epiphany shower moment because
00:07:56
that's when it's happening then you
00:07:57
filing a report and you're exced did
00:08:00
like wow this is so cool you're almost
00:08:02
not going to want to dry yourself off
00:08:04
just run through the computer and get
00:08:06
through it and what's going to happen
00:08:07
after that is you're going to start to
00:08:08
get this kind of like Bounty fever you
00:08:11
don't know if it's going to be duplicate
00:08:12
which means you get nothing or if it's
00:08:14
going to be triage and you get a
00:08:16
shitload of
00:08:21
money my name is benore most people
00:08:24
online know me as my hacker handle on
00:08:25
the homek I've been doing bug bounties
00:08:27
for over a decade now but when when I
00:08:29
first started doing this there wasn't a
00:08:31
lot of resources there wasn't any
00:08:33
content creators not a lot of platforms
00:08:35
and I wanted to become that person hi my
00:08:39
name is benore your host and your friend
00:08:42
naham so let's do it I never thought
00:08:44
that I could look at myself at 16 and
00:08:46
say hey man like you are hacking and
00:08:48
making a living from it it is a based on
00:08:52
hunch the hunch that you have you
00:08:54
investigate it and then it's a rabbit
00:08:56
hole you can get really lost in like
00:08:58
rabbit holes I think sometimes I'll
00:09:00
spend like a week and a half two weeks
00:09:02
where it's just like wake up hack bed a
00:09:04
lot of people are the same way where
00:09:05
it's just like a really intense Focus
00:09:07
you'll have like one particular Target
00:09:08
one thing and like you want to own it
00:09:10
and there's like nothing else that's
00:09:11
like real like everything's just drawn
00:09:13
out I guess the third little hun for me
00:09:15
is like trying to chain like multiple
00:09:16
books together to create like something
00:09:18
crazy that nobody's seen the most like
00:09:20
previous was like a couple months ago I
00:09:22
was like going down this like crazy rce
00:09:24
chain path and like a bunch of routers
00:09:26
and [ __ ] and I was just trying to like
00:09:28
figure out how to and connect these two
00:09:30
dots for like so long and then once I
00:09:32
did it it was like oh finally shell the
00:09:34
thing and that was like $200,000 cash
00:09:36
just for that like one bug I was like oh
00:09:39
my God this ising
00:09:41
crazy you started to believe that the
00:09:44
bug will pop like you envisioned the
00:09:46
vulnerability and then you tried to get
00:09:48
there no matter what with different
00:09:49
techniques or the most stupid techniques
00:09:51
or the most complex techniques and then
00:09:53
sometimes you pop like some
00:09:56
unimaginable it's like Neo who in The
00:09:58
Matrix
00:10:02
I know Kung
00:10:05
Fu
00:10:12
sure I know one of the programs one of
00:10:14
the big bugs was $150,000 for the one
00:10:17
bug uh previously a team of nine of us
00:10:19
cleared 750k in a weekend it's it's
00:10:22
colossal sometimes like we made like
00:10:24
800k when like a 4 day span you know
00:10:27
like a team of like 10 people was like
00:10:29
80k split like that first bug I found
00:10:31
was like 10K each person so it's like
00:10:34
30k the second time we had it we made
00:10:36
like 50k between like five people it's a
00:10:39
good amount of money heard of people
00:10:40
making like billions of dollars from it
00:10:42
and they're just like said you know what
00:10:44
I
00:10:47
mean I spend about 5 to 10% of my
00:10:50
earnings in Vegas I don't go and gaml it
00:10:52
but I do experiences I go to a nice
00:10:54
dinner you know I go to maybe a club I
00:10:56
want to see some DJ that's in you know
00:10:57
in Vegas that I want to see that allows
00:10:59
me to do it responsibly but I also like
00:11:01
to save my money so I I go maybe I'll
00:11:04
spend 5 to 10% of it to enjoy the hard
00:11:06
work that I've done the past two weeks
00:11:07
yeah I love that bug boun is in Vegas
00:11:09
cuz it's kind of like a center coin for
00:11:11
everyone to meet up right get to hang
00:11:12
out with your friends and [ __ ] uh Vegas
00:11:14
also gives you like ton of cond
00:11:15
different things to do right like a lot
00:11:17
of my friends go gamble like a lot of
00:11:18
the butt body money they make for they
00:11:20
go like straight to get high roller
00:11:22
tables and [ __ ] literally the bug body
00:11:23
bunny just goes like Street get some
00:11:25
form of activities right I've seen a
00:11:27
friend of mine put up 5K for a blackjack
00:11:29
hand and turning into 50k seeing
00:11:32
somebody take 5K throw it down because
00:11:34
they made a crap ton of money and then
00:11:36
making another 30k from it was
00:11:41
incredible like my house is paid off ton
00:11:43
of money in the bank invested like
00:11:44
everything chill and I feel like very
00:11:46
secure the rest of my life so like it's
00:11:48
really nice to have that foundation and
00:11:49
I wouldn't have had it otherwise the
00:11:51
money is a big enabler we all use it in
00:11:54
different ways cool helps the lifestyle
00:11:55
but the biggest investment is tools it's
00:11:57
the biggest self-fulfilling prophecy
00:11:59
more money better tools more access more
00:12:01
hacking more money better tools more
00:12:03
access more hacking I mean we all do it
00:12:05
because we love it so I'm a big fan of
00:12:07
trying to figure out your life balance
00:12:09
because life is too short not to take
00:12:11
care of yourself like we can either work
00:12:13
super hard for a very long time then
00:12:15
hopefully get some retirement you done
00:12:17
for me finding a good life balance I'm
00:12:20
using bug mounties as one of those
00:12:22
things that satisfy my curiosity but
00:12:25
also give me a chance to earn it back on
00:12:26
the way
00:12:31
a lot of my fellow compatriots in this
00:12:35
game like are way way more intellig it
00:12:37
would take me like five or six lifetimes
00:12:39
to be as smart as they are in the things
00:12:42
that they're doing and so to get like
00:12:44
this distilled espresso version of the
00:12:47
type of work that they're doing and how
00:12:49
they're finding it and because we share
00:12:51
like a lot of methods and tactics and
00:12:53
techniques and procedures and uh so it's
00:12:55
a very collaborative uh environment like
00:12:58
if you find the right people to
00:13:00
interface with and uh it's helps elevate
00:13:03
your own game and next thing you know
00:13:05
you're you're celebrating high-fiving
00:13:07
because you know you're making $30,000
00:13:09
20,000 $5,000 for all I care but you
00:13:11
have everybody there where you can show
00:13:13
things to each other talk about your you
00:13:15
know you can type it in but it's just
00:13:16
easier when I have this right and we get
00:13:19
to you know live collaborate on
00:13:22
something together and the money is a
00:13:24
very big part of it but I think the
00:13:26
friendships and the collaboration that
00:13:28
come out of this it's Way Beyond the
00:13:30
money because that becomes a thing for
00:13:31
the next event the next event and the
00:13:33
next event and the next event you know I
00:13:35
think there's a lot of like really
00:13:37
lonely feelings sometimes when you're
00:13:38
kind of inside on your computer all the
00:13:40
time you've got your friends you know
00:13:41
over Discord but like to actually go rub
00:13:43
shoulders like shake hands with people
00:13:45
it makes everything so much more like
00:13:47
there you know like there is an industry
00:13:49
that does exist and like there's always
00:13:50
people who share the same interest and
00:13:52
like you know you'll make jokes that
00:13:53
don't really hit the same way unless the
00:13:55
other person's like a hacker so it's
00:13:56
nice to kind of relate and be with
00:13:57
people I can unequip Al say bug bounty
00:14:00
has brought me the closest friendships
00:14:01
of my entire life we grew up together
00:14:03
we've been through many different life
00:14:05
circumstances huge different phases in
00:14:06
our lives so these people have always
00:14:08
been there we've always split stuff
00:14:09
equally it's never been about the money
00:14:10
with us these are true friends and it's
00:14:13
it's really a group of people that get
00:14:14
it we all have our own weird ways we're
00:14:16
all motivated by different things but
00:14:17
everyone gets it it's the shared burning
00:14:19
passion and there's there's no friend
00:14:22
group like
00:14:23
it we are at a point with bug bounties
00:14:26
and hacking that is very very similar IL
00:14:29
to where gaming used to be 5 to 10 years
00:14:31
ago when a lot of people didn't
00:14:33
understand streaming people didn't
00:14:35
understand why do you play games who
00:14:37
make money from this for me like when I
00:14:40
see the internet and I see computers and
00:14:41
I see this like I don't see like you
00:14:43
know Facebook as Facebook it's like
00:14:45
Facebook is this place where there's
00:14:46
like this huge Battleground for every
00:14:48
country in the world trying to steal
00:14:50
this data and there's this ecosystem of
00:14:52
like vulnerability Brokers and data
00:14:53
Brokers and access control you know this
00:14:56
huge world right when you participate in
00:14:58
that and you become become like someone
00:14:59
who can contribute to this world you
00:15:01
know like people say like cyber arms
00:15:02
dealer or things like that but like
00:15:04
you're participating in what is like
00:15:05
this Global Battleground for like
00:15:07
everything right you are really are the
00:15:09
master of your own destiny and you know
00:15:11
it's a meritocracy there's something
00:15:12
here for everybody it's the it's the
00:15:14
best job anybody could ever ask for
00:15:19
[Music]
![Bro, manage test data like a pro! (Mikalai Alimenkou, Ukraine) [RU]](https://ruhnrawpgxrzdrgaohnf.supabase.co/storage/v1/object/public/images/video/bd1l1rK8S8o/thumbnail.jpg)
