Read this first: Applications for this trial run of the Hackprenticeship are closed. 365 folks applied and only 1 can get in, so no further applications will be accepted. (Please don’t email/tweet/carrier pigeon at me asking about an exception; I’ve received so many of those already!)
Who Am I? #
I’m Cody Brocious (@daeken), an experienced hacker, developer, and educator. My work in security ranges from console hacking, to hotel locks, to web apps, and everything in between. A small selection of my work:
- Hotel lock hack affecting 4-10 million locks
- Emulator for reverse-engineering the Nintendo Switch
- Online class in security
I head up hacker education for HackerOne, but this is not a HackerOne initiative. This is just you and I!
Goal and Process #
I want to find a hacker who is interested in learning the bug bounty ropes, who will work beside me for 6 months. For the first 3 months, we’ll work hard to get you up to speed on the basics – key vulnerability classes, requisite tools, exploitation techniques – and I’ll share all the insight I have into my own process, allowing you to shadow me and ask questions anywhere along the way. For the latter 3 months, we’ll focus exclusively on bug bounty hunting, getting you up to a master level in bug discovery and exploitation.
During the first 3 months, I’ll be paying you $1000/mo, with the expectation that you will dedicate 16 hours a week (about 2 hours each weekday and 6 hours in the weekend) to this project. I’m essentially paying you for your effort in the early days. Throughout the 6 month period (and an additional 6 months after the end of the hackprenticeship), however, I’ll receive 50% of the bounties that come from bugs you discover. My personal goal is that you will, over the course of the 6 months we’re working closely together, discover about $25k worth of bugs. This means that – between the bugs and stipend – you’ll earn somewhere around $15k, if we are able to hit that goal.
The reason I want to pay you for this opportunity is simple: bug bounty hunting is hard. It is frustrating, it takes a considerable amount of time, and it’s exceptionally easy to quit when you spend weeks or even months not finding a thing. By paying you for your effort, even a small amount, I hope to make it easier for you to continue and increase the likelihood that we both succeed.
I’m investing in you, both in terms of time and money, and I think that we’ll both be far better off for it.
To reiterate, just so everything is clear:
- 3 months education and shadowing - $1k/mo stipend
- 3 months hacking together
- For 12 months (total), 50% of your bounties are shared with me
- Must be available each day for a 2 hour period sometime between 6pm and midnight EST, so we can hack together
- The occasional missed day is okay, of course, and life happens
- Must be conversational in English
- Familiarity with HTML
- Extremely motivated to learn
- Must have made less than $15k from bug bounties
- If you are already on HackerOne, you must be in good standing with no code of conduct violations
If you meet these requirements and want to apply, fill out the form here
I look forward to hacking with you!