Gal Nagli: The Israeli Million-Dollar Hacker (Ep. 15)

In this episode of Critical Thinking - Bug Bounty Podcast we talk with the latest Million-Dollar bug bounty hunter: @naglinagli . He talks about his climb from $1,000 in bounties to $1,000,000, recon tips and tricks, and some bug reports that made the news and landed him the "Best Bug" award at a H1 Live Hacking event. Follow us on twitter at:   / ctbbpodcast   We're new to this podcasting thing, so feel free to send us any feedback here: [email protected] Shoutout to YTCracker for the awesome intro music! ====== Links ====== Follow your hosts Rhynorater & Teknogeek on Twitter:   / 0xteknogeek     / rhynorater   Follow Nagli and his new startup Shockwave:   / naglinagli     / shockwave_sec   HackMD Collaborative Notes: https://hackmd.io/ Ian Carroll's (  / iangcarroll  ) Airline Miles Website: https://seats.aero Nagli's Tweet in ChatGPT Web Cache Deception:   / 1639343866313601024   ====== Timestamps ====== 00:00:00 Intro 00:04:40 Nagli’s Climb 00:05:40 What kind of vulns do you look for? 00:09:25 Working with other hackers 00:10:20 Bug Bounty Hunter’s Guild 00:12:35 Shockwave product 00:14:12 Outsourcing tool development 00:18:46 What got you started? 00:21:13 Manual hacking vs recon suite + LHE focus 00:25:00 How do you take notes 00:29:42 Biggest things that you’ve learned over the past 2 years 00:31:29 How do you ingest new techniques? 00:31:50 Collaboration 00:37:20 Justin Ranting about “Trained Eyes” 00:40:18 Time spent coding vs hacking 00:45:28 Travel and spending habits 00:54:16 “Grep” is Nagli’s database 00:56:20 Nagli’s ChatGPT Web Cache Deception 00:58:44 What does your alerting look like? 01:01:50 Nagli’s “Most Critical” SSRF 01:04:30 Burp Active Scan