Gal Nagli: The Israeli Million-Dollar Hacker (Ep. 15)
In this episode of Critical Thinking - Bug Bounty Podcast we talk with the latest Million-Dollar bug bounty hunter: @naglinagli . He talks about his climb from $1,000 in bounties to $1,000,000, recon tips and tricks, and some bug reports that made the news and landed him the "Best Bug" award at a H1 Live Hacking event. Follow us on twitter at: / ctbbpodcast We're new to this podcasting thing, so feel free to send us any feedback here: [email protected] Shoutout to YTCracker for the awesome intro music! ====== Links ====== Follow your hosts Rhynorater & Teknogeek on Twitter: / 0xteknogeek / rhynorater Follow Nagli and his new startup Shockwave: / naglinagli / shockwave_sec HackMD Collaborative Notes: https://hackmd.io/ Ian Carroll's ( / iangcarroll ) Airline Miles Website: https://seats.aero Nagli's Tweet in ChatGPT Web Cache Deception: / 1639343866313601024 ====== Timestamps ====== 00:00:00 Intro 00:04:40 Nagli’s Climb 00:05:40 What kind of vulns do you look for? 00:09:25 Working with other hackers 00:10:20 Bug Bounty Hunter’s Guild 00:12:35 Shockwave product 00:14:12 Outsourcing tool development 00:18:46 What got you started? 00:21:13 Manual hacking vs recon suite + LHE focus 00:25:00 How do you take notes 00:29:42 Biggest things that you’ve learned over the past 2 years 00:31:29 How do you ingest new techniques? 00:31:50 Collaboration 00:37:20 Justin Ranting about “Trained Eyes” 00:40:18 Time spent coding vs hacking 00:45:28 Travel and spending habits 00:54:16 “Grep” is Nagli’s database 00:56:20 Nagli’s ChatGPT Web Cache Deception 00:58:44 What does your alerting look like? 01:01:50 Nagli’s “Most Critical” SSRF 01:04:30 Burp Active Scan

The Hacker's Toolkit (Ep. 16)

Shubham Shah: From Burgers to Bounties (Ep. 30)

Brainfood Live On Air Ep393 Fixing Hiring Manager vs Recruiter Mis Alignm

Finding criticals on well-tested targets - Victor “doomerhunter” Poucheret

500k/yr as Full-Time Bug Hunter & Content Creator - Nahamsec (Ep. 53)

The Informant's Gambit - A Darknet Mystery

The secret to finding many Criticals - Alex Chapman

Stop using TryHackMe.

Bug Bounty Gadget Hunting & Hacker's Intuition (Ep. 59)

I hacked time to recover $3 million from a Bitcoin software wallet

What Does a Former Black Hat Hacker Carry Everyday?

This Hacker Kept Embarrassing the FBI

Youssef Sammouda - Client-Side & ATO War Stories (Ep. 58)

Rating Your Glow-Ups…

Going full-time bug bounty, privilege escalation bugs and more with Douglas Day

Zero to LHE in 9 Months (feat gr3pme) (Ep. 91)

Eliminating False Assumptions in Bug Bounties - Frans Rosén @fransrosen

Rhynorater Talks About Grafana SSRF, Picking Bug Bounty Targets, and His Favorite Hacking Tools!

How Russia Recruits and Trains Its Hackers

