Hackprenticeship Alpha

Read this first: Applications for this trial run of the Hackprenticeship are closed. 365 folks applied and only 1 can get in, so no further applications will be accepted. (Please don’t email/tweet/carrier pigeon at me asking about an exception; I’ve received so many of those already!)

Who Am I? #

I’m Cody Brocious (@daeken), an experienced hacker, developer, and educator. My work in security ranges from console hacking, to hotel locks, to web apps, and everything in between. A small selection of my work:

I head up hacker education for HackerOne, but this is not a HackerOne initiative. This is just you and I!

Goal and Process #

I want to find a hacker who is interested in learning the bug bounty ropes, who will work beside me for 6 months. For the first 3 months, we’ll work hard to get you up to speed on the basics – key vulnerability classes, requisite tools, exploitation techniques – and I’ll share all the insight I have into my own process, allowing you to shadow me and ask questions anywhere along the way. For the latter 3 months, we’ll focus exclusively on bug bounty hunting, getting you up to a master level in bug discovery and exploitation.

During the first 3 months, I’ll be paying you $1000/mo, with the expectation that you will dedicate 16 hours a week (about 2 hours each weekday and 6 hours in the weekend) to this project. I’m essentially paying you for your effort in the early days. Throughout the 6 month period (and an additional 6 months after the end of the hackprenticeship), however, I’ll receive 50% of the bounties that come from bugs you discover. My personal goal is that you will, over the course of the 6 months we’re working closely together, discover about $25k worth of bugs. This means that – between the bugs and stipend – you’ll earn somewhere around $15k, if we are able to hit that goal.

The reason I want to pay you for this opportunity is simple: bug bounty hunting is hard. It is frustrating, it takes a considerable amount of time, and it’s exceptionally easy to quit when you spend weeks or even months not finding a thing. By paying you for your effort, even a small amount, I hope to make it easier for you to continue and increase the likelihood that we both succeed.

I’m investing in you, both in terms of time and money, and I think that we’ll both be far better off for it.

To reiterate, just so everything is clear:

Requirements #

Applying #

If you meet these requirements and want to apply, fill out the form here

I look forward to hacking with you!

Happy hacking,

- Daeken


Now read this

Arbitrary File Write On Client By ADB Pull

The Android Debug Bridge, ADB, contains a long-standing vulnerability. It can have a rather severe impact, but only under some pretty unusual circumstances. Tl;dr: Executing an adb pull command against a malicious Android device or ADB... Continue →