We’re joined by Fredrik “Almroot” Almroth (@phpmyadmin), a Bugcrowd community member and highly skilled security researcher. Fredrik and his team at Detectify have found vulnerabilities in many of the top bug bounties in the world, including Google and Facebook.
When asked how he approaches a bounty, Fredrik said:
“I always have a trick up my sleeve [laughs]. A good example was last year, we were short on cash and were going on a road trip. Me and [my friend, also a researcher] decided we needed cash for the trip and we should go for the highest paying bounties, which at that point it was Facebook and Google, and we went with Google. We found an external entity injection in Google Toolbar and made $10,000. “
Watch Fredrik’s interview to learn more about how he approaches bounties, how he chooses what to work on, what tools he uses, and what are some of his best practices and techniques when bug bounty hunting.
Please comment below with any questions or to discuss the interview. We’ll be doing more of these interviews in the future, so stay tuned for more!