This week’s Researcher Spotlight is actually on two researchers which make up a team. Internetwache is one of the most active groups in the bug bounty researcher scene, finding vulnerabilities in Facebook, eBay, Apple, Twilio and many others. The team consists of Sebastian Neef and Tim Schäfers, and they were both kind of enough to participate in this week’s spotlight interview.
The main suggestion is to have a plan on how to approach a target. For
example our methodology is like picking fruits from a tree. First of all
you see the tree and you have no clue what tree it is or what fruits are
going to mature. You’ll have to take a broad look at the target and get
a feeling for it. What functionality does it contain? How does the
target react to unintended usage? How do developers want you to use the
target and how is it not meant to be used?