Hackprenticeship Alpha

Read this first: Applications for this trial run of the Hackprenticeship are closed. 365 folks applied and only 1 can get in, so no further applications will be accepted. (Please don’t email/tweet/carrier pigeon at me asking about an exception; I’ve received so many of those already!)

Who Am I? #

I’m Cody Brocious (@daeken), an experienced hacker, developer, and educator. My work in security ranges from console hacking, to hotel locks, to web apps, and everything in between. A small selection of my work:

• Hotel lock hack affecting 4-10 million locks
• Emulator for reverse-engineering the Nintendo Switch
• Online class in security

I head up hacker education for HackerOne, but this is not a HackerOne initiative. This is just you and I!

Goal and Process #

I want to find a hacker who is interested in learning the bug bounty ropes, who will work beside me for 6 months. For the first 3 months, we’ll work hard to get you up to speed on the basics – key vulnerability classes, requisite tools, exploitation techniques – and I’ll share all the insight I have into my own process, allowing you to shadow me and ask questions anywhere along the way. For the latter 3 months, we’ll focus exclusively on bug bounty hunting, getting you up to a master level in bug discovery and exploitation.

During the first 3 months, I’ll be paying you $1000/mo, with the expectation that you will dedicate 16 hours a week (about 2 hours each weekday and 6 hours in the weekend) to this project. I’m essentially paying you for your effort in the early days. Throughout the 6 month period (and an additional 6 months after the end of the hackprenticeship), however, I’ll receive 50% of the bounties that come from bugs you discover. My personal goal is that you will, over the course of the 6 months we’re working closely together, discover about $25k worth of bugs. This means that – between the bugs and stipend – you’ll earn somewhere around $15k, if we are able to hit that goal.

The reason I want to pay you for this opportunity is simple: bug bounty hunting is hard. It is frustrating, it takes a considerable amount of time, and it’s exceptionally easy to quit when you spend weeks or even months not finding a thing. By paying you for your effort, even a small amount, I hope to make it easier for you to continue and increase the likelihood that we both succeed.

I’m investing in you, both in terms of time and money, and I think that we’ll both be far better off for it.

To reiterate, just so everything is clear:

• 3 months education and shadowing - $1k/mo stipend
• 3 months hacking together
• For 12 months (total), 50% of your bounties are shared with me

Requirements #

• Must be available each day for a 2 hour period sometime between 6pm and midnight EST, so we can hack together
  • The occasional missed day is okay, of course, and life happens
• Must be conversational in English
• Competence in JavaScript and at least one of: Python, C#, Ruby
• Familiarity with HTML
• Extremely motivated to learn
• Must have made less than $15k from bug bounties
• If you are already on HackerOne, you must be in good standing with no code of conduct violations

Applying #

If you meet these requirements and want to apply, fill out the form here

I look forward to hacking with you!

Happy hacking,

- Daeken