Tell us what content you want

Hey All,

We are working on some projects to bring awesome crowd and industry members in to make content for the crowd.

What do you all what to learn about? What topics do you want to see content on in the near future?

Go!

1 Like

This is a pretty entry level request, but since no one else has weighed in yet… For new researchers I would love to see content on how to validate and write POCs so fewer invalid issues are reported. Tools kick out a lot of false positives, and researchers need to know how to validate those findings have actual security impact before submitting a bug report.

The ability to validate a vulnerability and write POC will be useful for the rest of a researcher’s career as they further develop their pen testing skills.

For the advanced researchers, I think it would be interesting to hear from researchers who quit working for The Man and have started independent consulting - the good and the bad of it.

1 Like

I’d LOVE to hear stories of people who went independent. People say there is such a shortage of skilled workers but I don’t see a TON of 1099 work floating around.

1 Like

From Vyrus (‏@vyrus001):

@Jhaddix piratical SMT solving, calling convention primmers for shimming shellcode into multiple environments, modern vm detection / evade

2 Likes

There is a lot of young Bug hunters, I think it could be useful for them to have career advice from the folks already working in the industry OR even guidance in the stuff they can learn outside of the technical testing side of things, such as best practice / compliance with PCI. Even if it just is basic information it could help them understand it before going into interviews.

1 Like

I’m available 24/7 if anyone has any questions. We have a blog coming up that i wrote on finding full time gigs, plan to do one on interviewing, certs, etc, sometime down the road.

From crowd member
P> well that depens on what they want to hunt, BOFs & WebApps, being the most common branches
Pl> if they don’t have a strong comsci background, probably more webapp, it’s a little easier to learn and is honestly more fun at the beginning
P> and them from there I would make sure for webapp they knew 1) basic networking (TCP/IP), 2) Application protocols (http/ftp/etc…), hmm let me think…3) basics of webapp communications flow, introduce html, JS, and sql
3) basics of webapp communications flow, introduce html, JS, and sql
P> from there 4 and 5 would be a mix of showing the actuall vulnerabilites by example and how to use tools like P> infact, I would introduce wireshark at 1 and burpsuite at 2 and keep building on them
P> that will help with the learning curve of burp a lot