Episode 40: Bug Bounty Mentoring

1
00:00:00,000 --> 00:00:04,400
All right, you guys see this?

2
00:00:04,400 --> 00:00:06,520
We have started the recording this time.

3
00:00:06,520 --> 00:00:11,000
We just got like, you know, five minutes into the episode.

4
00:00:11,000 --> 00:00:17,200
We went through our little pre-episode warm-up, pre-episode shake, and then we realized we

5
00:00:17,200 --> 00:00:20,600
are not recording the audio at all, just the video.

6
00:00:20,600 --> 00:00:24,400
So sorry about that, a little bit of a false start.

7
00:00:24,400 --> 00:00:26,480
But thanks for coming on.

8
00:00:26,480 --> 00:00:31,640
Thanks for the audience, these two guys, these two lovely gentlemen right here are some of

9
00:00:31,640 --> 00:00:36,520
my best friends from the time that I was living in Japan.

10
00:00:36,520 --> 00:00:41,400
And yeah, man, just so many good memories with you guys in Japan.

11
00:00:41,400 --> 00:00:48,400
And during, you know, being the Bug Bounty evangelist that I am, I, you know, had a conversation

12
00:00:48,400 --> 00:00:53,200
with these guys about Bug Bounty, and both of them have expressed interest, Xo has already

13
00:00:53,200 --> 00:00:59,560
gotten a job in the field, as he'll tell you in just a moment, but both of them have sort

14
00:00:59,560 --> 00:01:06,120
of expressed a desire to work in cybersecurity in general, specifically offensive cybersecurity

15
00:01:06,120 --> 00:01:09,040
and or Bug Bounty as a career path.

16
00:01:09,040 --> 00:01:14,200
So we started to do some mentorship, some training, and that sort of things.

17
00:01:14,200 --> 00:01:18,160
And that's kind of what I was thinking about, thinking we would talk about today is like,

18
00:01:18,160 --> 00:01:25,100
what is a good blueprint, what is a good a good pathway for a beginner to take coming

19
00:01:25,100 --> 00:01:30,520
into Bug Bounty and for people, the more advanced listeners that are that are here, which is

20
00:01:30,520 --> 00:01:32,280
most of our audience.

21
00:01:32,280 --> 00:01:35,960
If you have someone that you're working with that you want to help grow in Bug Bounty,

22
00:01:35,960 --> 00:01:37,720
how can you effectively do that?

23
00:01:37,720 --> 00:01:41,640
So hopefully these two have brought some good constructive criticism for me today.

24
00:01:41,640 --> 00:01:48,480
We'll see if they're able to put aside their Japanese tendencies about saying, oh, everything's

25
00:01:48,480 --> 00:01:49,480
great.

26
00:01:49,480 --> 00:01:54,560
Everything's great, you know, and and and give me some actual constructive criticism.

27
00:01:54,560 --> 00:02:01,480
But before we jump into that, let's we'll go ahead and do a an interview and since an

28
00:02:01,480 --> 00:02:07,600
intro and since on the false start, we had so start his intro, we're gonna have Kodai

29
00:02:07,600 --> 00:02:11,880
start his intro this time just to keep you on your toes.

30
00:02:11,880 --> 00:02:15,840
I mean, first of all, thanks so much for having us on this podcast.

31
00:02:15,840 --> 00:02:18,240
I'm really happy to talk to you on this.

32
00:02:18,240 --> 00:02:19,680
And my name is Kodai.

33
00:02:19,680 --> 00:02:23,640
I also go by the name of Kodai Chodai, which is my hack handle.

34
00:02:23,640 --> 00:02:27,320
And I'm currently not really working.

35
00:02:27,320 --> 00:02:28,320
Yeah.

36
00:02:28,320 --> 00:02:32,120
But I'm in search of new opportunities.

37
00:02:32,120 --> 00:02:38,320
Yeah, I'm in the process of actually applying for a couple of Japanese cybersecurity companies.

38
00:02:38,320 --> 00:02:40,240
And you've already graduated, right?

39
00:02:40,240 --> 00:02:41,240
Yeah.

40
00:02:41,240 --> 00:02:42,240
Yeah.

41
00:02:42,240 --> 00:02:43,720
I guess it's about it.

42
00:02:43,720 --> 00:02:44,720
Yeah.

43
00:02:44,720 --> 00:02:45,720
Yeah.

44
00:02:45,720 --> 00:02:50,600
So anybody who's in the Japan cybersecurity space, hit Kodai up if you've got any any

45
00:02:50,600 --> 00:02:51,600
any opportunities.

46
00:02:51,600 --> 00:02:55,920
And well, I guess maybe we'll circle around to that again after you listen to Kodai talk

47
00:02:55,920 --> 00:02:59,920
in this podcast about his experiences and what kind of stuff we've worked on together

48
00:02:59,920 --> 00:03:01,280
in the bug bounty realm.

49
00:03:01,280 --> 00:03:02,280
All right.

50
00:03:02,280 --> 00:03:04,440
So you're up next.

51
00:03:04,440 --> 00:03:09,280
So my name is So and my hack one account is Mokuso.

52
00:03:09,280 --> 00:03:12,880
I started bug bounty and cybersecurity stuff from three years ago.

53
00:03:12,880 --> 00:03:13,880
Thanks to Justin.

54
00:03:13,880 --> 00:03:22,280
Also, now I'm working as a full time security engineer at the GMO Japanese company.

55
00:03:22,280 --> 00:03:25,200
Would you say would you say that it's a security engineer position?

56
00:03:25,200 --> 00:03:27,720
It's pretty much entirely offensive security, right?

57
00:03:27,720 --> 00:03:29,440
It's like a web application tester.

58
00:03:29,440 --> 00:03:30,440
Web application tester.

59
00:03:30,440 --> 00:03:31,440
Yeah.

60
00:03:31,440 --> 00:03:34,120
Also doing a bit of like bug bounty as a hobby.

61
00:03:34,120 --> 00:03:35,120
Nice.

62
00:03:35,120 --> 00:03:36,520
Trying to find some CVs and stuff.

63
00:03:36,520 --> 00:03:37,520
Nice.

64
00:03:37,520 --> 00:03:38,520
It's also another hobby.

65
00:03:38,520 --> 00:03:39,520
Very cool, man.

66
00:03:39,520 --> 00:03:40,520
Very cool.

67
00:03:40,520 --> 00:03:45,800
So I guess let's since So has already got the mic.

68
00:03:45,800 --> 00:03:51,120
When did you start getting interested in bug bounties?

69
00:03:51,120 --> 00:03:55,960
And give us a little background, education background, and then how you switched sort

70
00:03:55,960 --> 00:03:57,960
of what?

71
00:03:57,960 --> 00:04:02,240
How you changed paths into bug bounty.

72
00:04:02,240 --> 00:04:05,000
I think that was exactly three years ago.

73
00:04:05,000 --> 00:04:06,000
Oh, really?

74
00:04:06,000 --> 00:04:07,000
Yeah.

75
00:04:07,000 --> 00:04:08,000
Yeah, pretty much.

76
00:04:08,000 --> 00:04:09,000
Yeah.

77
00:04:09,000 --> 00:04:10,000
Pretty much this day, right?

78
00:04:10,000 --> 00:04:11,000
Yeah.

79
00:04:11,000 --> 00:04:12,000
This season.

80
00:04:12,000 --> 00:04:17,640
So I was a senior of a university in Japan and my major was French regional studies.

81
00:04:17,640 --> 00:04:21,880
So I was studying French and also do some like.

82
00:04:21,880 --> 00:04:24,400
What university was that in Japan?

83
00:04:24,400 --> 00:04:25,400
Tokyo University.

84
00:04:25,400 --> 00:04:27,320
Tokyo University.

85
00:04:27,320 --> 00:04:30,000
Top University in Japan.

86
00:04:30,000 --> 00:04:31,920
So let's just put that out.

87
00:04:31,920 --> 00:04:34,200
The Harvard of Japan of sorts.

88
00:04:34,200 --> 00:04:35,200
Let's put that out there.

89
00:04:35,200 --> 00:04:36,200
All right.

90
00:04:36,200 --> 00:04:37,200
Continue.

91
00:04:37,200 --> 00:04:38,200
Yeah.

92
00:04:38,200 --> 00:04:42,640
So I wanted to be like I didn't have like a specific dreams, but that time I kind of

93
00:04:42,640 --> 00:04:44,920
want to be a diplomat because I thought it's cool.

94
00:04:44,920 --> 00:04:49,760
Also, I was studying English and French, so I thought would be a great fit for me.

95
00:04:49,760 --> 00:04:50,760
Right.

96
00:04:50,760 --> 00:04:51,880
So that was like three years ago.

97
00:04:51,880 --> 00:04:59,840
And then I met Justin at a like a Bible study of my church in Yokohama and started to hang

98
00:04:59,840 --> 00:05:01,440
out with him.

99
00:05:01,440 --> 00:05:06,840
And so one day we went on a trip together and they're like he kind of introduced me

100
00:05:06,840 --> 00:05:10,680
about like what he does, also like his job and background and stuff.

101
00:05:10,680 --> 00:05:14,280
And I got interested and that's how I got started.

102
00:05:14,280 --> 00:05:15,280
Yeah, man.

103
00:05:15,280 --> 00:05:20,600
So I just I think that experience is a little bit kind of crazy to me looking back on it

104
00:05:20,600 --> 00:05:25,720
because I remember the time the conversation so and I had when he you know and at this

105
00:05:25,720 --> 00:05:28,440
point you had no IT experience at all.

106
00:05:28,440 --> 00:05:29,440
Yeah, zero.

107
00:05:29,440 --> 00:05:32,680
Not even really using the computer for anything besides just schoolwork.

108
00:05:32,680 --> 00:05:33,680
Right.

109
00:05:33,680 --> 00:05:34,680
Yeah.

110
00:05:34,680 --> 00:05:35,680
Yeah.

111
00:05:35,680 --> 00:05:38,920
And so you know for him to be like yeah, you know what?

112
00:05:38,920 --> 00:05:40,160
Actually I'm really interested in that.

113
00:05:40,160 --> 00:05:43,040
I would like to learn how to do that.

114
00:05:43,040 --> 00:05:47,720
My first reaction is like of course you know this guy is smart because he's at this university

115
00:05:47,720 --> 00:05:50,320
and because I've had conversations with him.

116
00:05:50,320 --> 00:05:56,920
But the chances of you actually doing that were very slim in my opinion in my experience.

117
00:05:56,920 --> 00:05:57,920
Right.

118
00:05:57,920 --> 00:06:03,360
And so when you said that I was like OK I'm going to give you some reading material.

119
00:06:03,360 --> 00:06:04,360
OK.

120
00:06:04,360 --> 00:06:05,360
Yeah.

121
00:06:05,360 --> 00:06:09,800
And I gave you some reading material and what was something amazing happened which was that

122
00:06:09,800 --> 00:06:14,600
the next time I talked to you you had read it all.

123
00:06:14,600 --> 00:06:16,720
Right.

124
00:06:16,720 --> 00:06:19,560
Which doesn't sound that crazy but it but it really is.

125
00:06:19,560 --> 00:06:24,480
You had read it all and you not only had you done that but I remember you came back to

126
00:06:24,480 --> 00:06:30,440
me and you said hey so at this one point in this one piece of material it references application

127
00:06:30,440 --> 00:06:33,000
JSON and I didn't know what that was.

128
00:06:33,000 --> 00:06:34,000
So it is.

129
00:06:34,000 --> 00:06:35,000
Yeah.

130
00:06:35,000 --> 00:06:41,440
And so I was looking that up and then like you know you had some question about JSON structure.

131
00:06:41,440 --> 00:06:47,080
So it showed that you went another layer deeper in the learning material as well which really

132
00:06:47,080 --> 00:06:50,440
made it made an impact on me and really impressed me with that.

133
00:06:50,440 --> 00:06:55,560
So you know that's that's why we kind of moved forward with the with the bug bounty I think

134
00:06:55,560 --> 00:07:01,040
piece for you or at least with the more active hands on mentorship because that was a that

135
00:07:01,040 --> 00:07:04,680
was a really impressive moment moment for me.

136
00:07:04,680 --> 00:07:08,620
And so diving into that first I don't know how clear remember you have of this but diving

137
00:07:08,620 --> 00:07:11,960
into that first material how was that.

138
00:07:11,960 --> 00:07:16,000
I mean do you remember being particularly lost or how did you how did you take that

139
00:07:16,000 --> 00:07:18,440
first step because the first step is a big one.

140
00:07:18,440 --> 00:07:25,680
So so first so first of all I think one thing I really remember is like because Justin told

141
00:07:25,680 --> 00:07:31,920
me that he's doing bug bounty and seems like you know he's good at it.

142
00:07:31,920 --> 00:07:39,120
So I checked hack on the website and I saw him ranking at like 11th or like 12th at annual

143
00:07:39,120 --> 00:07:45,720
ranking yeah and that was like probably one of the most like like like the biggest things

144
00:07:45,720 --> 00:07:50,760
to me and I was like if you know if you're good at something that's good if you're good

145
00:07:50,760 --> 00:07:56,480
at like if you ranks at like 11th in the world that's impressive like not just impressive

146
00:07:56,480 --> 00:07:59,560
that's like a pretty good super good.

147
00:07:59,560 --> 00:08:05,640
And if your friend ranks at 11th in the world at something that you got to learn that right.

148
00:08:05,640 --> 00:08:11,160
You got to at least know like that's a very weird way of thinking about like like yeah

149
00:08:11,160 --> 00:08:15,000
because that's such a precious opportunity there are like only 11 people right at the

150
00:08:15,000 --> 00:08:16,000
same level.

151
00:08:16,000 --> 00:08:21,680
So that's how I got interested and for the material that you gave me that's like really

152
00:08:21,680 --> 00:08:28,880
hard because like like you said I didn't know what Jason is I didn't know what PHP is like

153
00:08:28,880 --> 00:08:36,120
I really have no idea what like any concept of anything in the books were but so that's

154
00:08:36,120 --> 00:08:41,520
really hard but also I was like this looks pretty like interesting because I know nothing

155
00:08:41,520 --> 00:08:42,800
about this.

156
00:08:42,800 --> 00:08:46,480
And so you know every time you came across something new it's just starting sort of a

157
00:08:46,480 --> 00:08:51,400
recursive process of like now I go read about that right and then you know you dive deeper

158
00:08:51,400 --> 00:08:56,200
on that and I think the fact that you were able to do that is really really impressive

159
00:08:56,200 --> 00:08:59,760
and is probably one of the key indicators of your success to this point.

160
00:08:59,760 --> 00:09:03,400
But we'll come back to that could I.

161
00:09:03,400 --> 00:09:06,760
So I guess the question that I wanted to ask you is a little bit different than the question

162
00:09:06,760 --> 00:09:09,440
that I wanted to ask so for this one.

163
00:09:09,440 --> 00:09:15,760
So so and I had already started sort of doing some hacking stuff when you I guess got more

164
00:09:15,760 --> 00:09:16,960
interested in it.

165
00:09:16,960 --> 00:09:22,480
But I also feel like there was some sort of pre interest or at least pre time when you

166
00:09:22,480 --> 00:09:27,360
expressed interest to me that you wanted to be you know get into hacking.

167
00:09:27,360 --> 00:09:33,280
What kind of what kind of experiences did you have prior what kind of stuff did you

168
00:09:33,280 --> 00:09:38,800
look up what kind of image image of hacking did you have prior to saying hey Justin I'd

169
00:09:38,800 --> 00:09:40,640
like to learn more about bug bounty.

170
00:09:40,640 --> 00:09:43,440
Wow that's a really good question.

171
00:09:43,440 --> 00:09:50,000
I think it goes all the way back to when maybe a little closer to the mouth.

172
00:09:50,000 --> 00:09:51,000
Yeah.

173
00:09:51,000 --> 00:09:52,000
Try it.

174
00:09:52,000 --> 00:09:56,640
Okay yeah that should be good.

175
00:09:56,640 --> 00:10:02,120
So yeah I think it goes all the way back to when I was 13 or 14.

176
00:10:02,120 --> 00:10:05,760
That's when I was first introduced to the world of hacking technically.

177
00:10:05,760 --> 00:10:12,160
Yeah I basically watched this documentary ish thing by a Japanese TV program.

178
00:10:12,160 --> 00:10:16,640
It was about this American hacker guy named Max Butler.

179
00:10:16,640 --> 00:10:26,800
Yeah also known as Iceman and he was basically working for FBI but surreptitiously doing

180
00:10:26,800 --> 00:10:28,720
some black hat hacking.

181
00:10:28,720 --> 00:10:29,720
Oh really.

182
00:10:29,720 --> 00:10:33,160
Wow that's that's ballsy.

183
00:10:33,160 --> 00:10:38,200
So that in a way yet to be perfectly honest really fascinated me.

184
00:10:38,200 --> 00:10:41,840
It wasn't like hey I want to steal credit card numbers and right right right as well.

185
00:10:41,840 --> 00:10:49,720
No but I was just you know I think it was the capability he had you know over the world

186
00:10:49,720 --> 00:10:50,720
of the internet.

187
00:10:50,720 --> 00:10:51,720
Yeah.

188
00:10:51,720 --> 00:10:57,280
Yeah because it was physically basically just him and his laptop.

189
00:10:57,280 --> 00:10:58,280
Right.

190
00:10:58,280 --> 00:10:59,280
Right.

191
00:10:59,280 --> 00:11:03,400
So I was like holy shit like yeah can really one person do that.

192
00:11:03,400 --> 00:11:09,240
It definitely appeals to you know the more individualistic type you know you know because

193
00:11:09,240 --> 00:11:13,960
like you said it is you and your laptop against all the defenses or the world you know at

194
00:11:13,960 --> 00:11:14,960
that point.

195
00:11:14,960 --> 00:11:18,360
So yeah so that was super nuts.

196
00:11:18,360 --> 00:11:24,040
But at that time I never really looked at it as a realistic career path that I might

197
00:11:24,040 --> 00:11:30,720
be able to take because yeah back then I really thought it was like it was the kind of job

198
00:11:30,720 --> 00:11:36,800
that only genius level sort of people could work.

199
00:11:36,800 --> 00:11:37,800
And then you met me.

200
00:11:37,800 --> 00:11:45,320
And then you knew if this dumb ass can do it then you know I can do it too.

201
00:11:45,320 --> 00:11:50,320
Yeah that's no no no no no just kidding.

202
00:11:50,320 --> 00:11:56,240
But you really made me you know you really sort of proved that you can you know work

203
00:11:56,240 --> 00:11:57,240
that as a job.

204
00:11:57,240 --> 00:11:58,240
Yeah.

205
00:11:58,240 --> 00:11:59,240
Yeah.

206
00:11:59,240 --> 00:12:00,240
As an ethical hacker.

207
00:12:00,240 --> 00:12:01,240
Right.

208
00:12:01,240 --> 00:12:07,680
And if you reach a certain level I mean it could be very very high but once you reach

209
00:12:07,680 --> 00:12:15,200
it then you might be able to live nomadically which was you know something I was always

210
00:12:15,200 --> 00:12:17,320
sort of dreaming of doing.

211
00:12:17,320 --> 00:12:19,800
Yeah I remember talking I was talking about this.

212
00:12:19,800 --> 00:12:24,320
That was that was one of the end goals for you in general was to be able to I guess work

213
00:12:24,320 --> 00:12:27,560
remotely and even further need further.

214
00:12:27,560 --> 00:12:34,280
So it's sort of suddenly so they need man my my Japanese is getting in the way because

215
00:12:34,280 --> 00:12:40,720
whenever I have a conversation with these guys I switch out of in and out of Japanese

216
00:12:40,720 --> 00:12:43,160
and in English so it gets in the way.

217
00:12:43,160 --> 00:12:44,320
We'll try to keep it English.

218
00:12:44,320 --> 00:12:50,440
So furthermore you know if you're able to do that on your own schedule right on your

219
00:12:50,440 --> 00:12:53,240
own timeline that's a big plus for you.

220
00:12:53,240 --> 00:12:56,320
And I think yeah I remember I remember you mentioning that in the beginning.

221
00:12:56,320 --> 00:12:59,160
So that's that's one of the main I guess my biggest for you too right.

222
00:12:59,160 --> 00:13:00,160
Yeah.

223
00:13:00,160 --> 00:13:01,160
Yeah.

224
00:13:01,160 --> 00:13:04,320
And that's that's definitely that's definitely a big you know that was one of the that's

225
00:13:04,320 --> 00:13:07,800
the thing that brought me to Japan in the first place was the fact that I could work

226
00:13:07,800 --> 00:13:10,920
remotely and working on my own on time schedule.

227
00:13:10,920 --> 00:13:14,800
So that was really that was really big.

228
00:13:14,800 --> 00:13:15,920
Could I.

229
00:13:15,920 --> 00:13:18,440
So then you know we started talking a little bit.

230
00:13:18,440 --> 00:13:21,520
You started seeing me and so start working on stuff.

231
00:13:21,520 --> 00:13:22,520
Yeah.

232
00:13:22,520 --> 00:13:24,160
And it starts to sort of materialize in your brain.

233
00:13:24,160 --> 00:13:28,920
Hey this is a this is a route that you could go.

234
00:13:28,920 --> 00:13:32,720
I guess I think I know so's answer to this already because so just straight from the

235
00:13:32,720 --> 00:13:36,640
beginning so was like OK wait I've never even heard of this.

236
00:13:36,640 --> 00:13:37,640
OK teach me.

237
00:13:37,640 --> 00:13:42,760
You know so there wasn't any sort of pre research before you and me sort of establishing a mentee

238
00:13:42,760 --> 00:13:44,560
mentor relationship you know.

239
00:13:44,560 --> 00:13:49,020
But for you could I was there any research you did into hacking or like that before you

240
00:13:49,020 --> 00:13:51,200
got started.

241
00:13:51,200 --> 00:13:52,200
Kind of.

242
00:13:52,200 --> 00:13:53,200
Yeah.

243
00:13:53,200 --> 00:13:56,880
I also did the you know one of the things that so did.

244
00:13:56,880 --> 00:13:59,200
You know looking up your name.

245
00:13:59,200 --> 00:14:00,200
Yeah.

246
00:14:00,200 --> 00:14:05,440
And because I know before I met you I basically heard that you know from one of our mutual

247
00:14:05,440 --> 00:14:09,520
friends that you're basically one of the best hackers out there.

248
00:14:09,520 --> 00:14:11,480
Sounds like OK.

249
00:14:11,480 --> 00:14:12,480
OK sure.

250
00:14:12,480 --> 00:14:13,480
Yeah sure.

251
00:14:13,480 --> 00:14:16,400
And then I you know looked it up and wow.

252
00:14:16,400 --> 00:14:19,640
But I was it was still it seemed really unrealistic to me.

253
00:14:19,640 --> 00:14:24,120
You know because I didn't I wasn't really familiar with cybersecurity or anything right

254
00:14:24,120 --> 00:14:32,600
IT in general right but I think yeah in that sense so really showed me that without having

255
00:14:32,600 --> 00:14:35,600
any you know.

256
00:14:35,600 --> 00:14:37,080
Yeah he's a French major.

257
00:14:37,080 --> 00:14:38,080
Yeah yeah.

258
00:14:38,080 --> 00:14:42,320
Just IT or you know programming experiences you could actually start it.

259
00:14:42,320 --> 00:14:49,560
So yeah I think after watching him doing some hacking you know doing some mentorship with

260
00:14:49,560 --> 00:14:57,440
you I yeah finally made a decision to you know do the same thing.

261
00:14:57,440 --> 00:14:59,480
My guys my guys I love it.

262
00:14:59,480 --> 00:15:04,760
And you know so and I have have had you know so many good hacking experiences together

263
00:15:04,760 --> 00:15:08,880
already as well and we've had a handful as well.

264
00:15:08,880 --> 00:15:14,200
And so it's so great to be able to do this job with you guys you know even even as the

265
00:15:14,200 --> 00:15:19,040
you know as the gap begins to close a little bit in knowledge and so starts teaching me

266
00:15:19,040 --> 00:15:24,840
stuff about stuff things that I don't know and and and you know as you continue to grow

267
00:15:24,840 --> 00:15:28,760
there as well could I I think it'll be even more fun.

268
00:15:28,760 --> 00:15:36,340
So it's happened so it's you know here's the other thing man I think as as a mentor you

269
00:15:36,340 --> 00:15:40,600
when you're having to re explain stuff as well you start to question right.

270
00:15:40,600 --> 00:15:47,000
Like for example the time I tried to you know do a C surf and I deleted your I deleted his

271
00:15:47,000 --> 00:15:52,880
like go to music account via C surf because it had a very premium account and I learned

272
00:15:52,880 --> 00:15:56,320
some stuff about same site strict cookies that day.

273
00:15:56,320 --> 00:15:57,320
Right.

274
00:15:57,320 --> 00:16:01,520
So as we continue to grow together not not just you know you guys growing but I grow

275
00:16:01,520 --> 00:16:02,520
as well.

276
00:16:02,520 --> 00:16:04,680
So that's really cool.

277
00:16:04,680 --> 00:16:09,000
The next question that I had and I guess I should probably pick one of you to answer

278
00:16:09,000 --> 00:16:10,000
this.

279
00:16:10,000 --> 00:16:12,800
Yeah let's let's hear from so.

280
00:16:12,800 --> 00:16:19,620
So can you think of any time where you sort of had like a moment that where you really

281
00:16:19,620 --> 00:16:26,760
started to understand some piece of hacking or has it just been really really gradual.

282
00:16:26,760 --> 00:16:32,160
I'd say it's been always really really gradual and always like looking backward.

283
00:16:32,160 --> 00:16:35,720
I am like oh I've made a bit of progress.

284
00:16:35,720 --> 00:16:36,720
Right.

285
00:16:36,720 --> 00:16:40,120
Last few months or over the last year something like that.

286
00:16:40,120 --> 00:16:45,640
Yeah so probably not any any like you know all of a sudden the lights come on and never

287
00:16:45,640 --> 00:16:48,120
see a moment on any of that stuff.

288
00:16:48,120 --> 00:16:52,920
Yeah I suspected that that would be the case for you.

289
00:16:52,920 --> 00:16:59,160
So I mean I guess we started off I guess working in the same way that we started working with

290
00:16:59,160 --> 00:17:05,120
with Kodi which is access control vulnerabilities and access and and I doors and stuff like

291
00:17:05,120 --> 00:17:06,740
that.

292
00:17:06,740 --> 00:17:09,280
Do you think that's the same route you would take now.

293
00:17:09,280 --> 00:17:14,280
Do you think that you would change any of that at all.

294
00:17:14,280 --> 00:17:18,400
Or do you think that that is the correct path to get you to where to where you're at.

295
00:17:18,400 --> 00:17:30,360
You can think about that for a second if you need to.

296
00:17:30,360 --> 00:17:37,480
Yeah I guess if someone starts from where I was which is like absolutely zero basics

297
00:17:37,480 --> 00:17:43,360
like zero knowledge on cybersecurity or like even like computer science as a whole.

298
00:17:43,360 --> 00:17:49,960
I think that was a correct route because like now it's like one of the you know one of the

299
00:17:49,960 --> 00:17:50,960
easy ones.

300
00:17:50,960 --> 00:17:51,960
Right.

301
00:17:51,960 --> 00:17:59,520
But like three years ago I could barely understand like what access control bugs are and how

302
00:17:59,520 --> 00:18:02,040
I can exploit that like the same for I door.

303
00:18:02,040 --> 00:18:07,040
I mean of course if you go further with like a visual Fox Jason search and stuff there

304
00:18:07,040 --> 00:18:14,080
are more complex either things but like easy parts of either an access controls is I think

305
00:18:14,080 --> 00:18:19,120
comparatively easier to understand for like beginners like me three years ago.

306
00:18:19,120 --> 00:18:21,000
So I think it was a good route.

307
00:18:21,000 --> 00:18:26,120
Yeah I kind of wish we had recorded this podcast a little bit closer to our it's been about

308
00:18:26,120 --> 00:18:31,000
what it's almost it's been about two years maybe a year if we count some of the time

309
00:18:31,000 --> 00:18:37,040
you were in America since we really did some hardcore hands on mentorship right.

310
00:18:37,040 --> 00:18:44,040
So I'm sure I'm sure some of that has faded a little bit now you know the the the techniques

311
00:18:44,040 --> 00:18:48,680
and the way that I sort of taught some bug bounty stuff but the way the way if I recall

312
00:18:48,680 --> 00:18:56,680
correctly that we approached this was you know we first explained what happens when

313
00:18:56,680 --> 00:18:59,680
you put a URL in a browser right.

314
00:18:59,680 --> 00:19:04,960
And hopefully you know at that time you know we we drilled that pretty often we did that

315
00:19:04,960 --> 00:19:07,560
a lot right.

316
00:19:07,560 --> 00:19:13,200
And I think that's you know once you have that sort of foundation in place then then

317
00:19:13,200 --> 00:19:16,360
you can start moving on to those those sort of vulnerabilities.

318
00:19:16,360 --> 00:19:23,200
Do you think you had because we probably went over that part of it 10 15 times right.

319
00:19:23,200 --> 00:19:28,320
What happens from from our user puts the URL in the browser you know it converts the domain

320
00:19:28,320 --> 00:19:32,800
name into it parses the URL pulls out the domain name converts the domain name into

321
00:19:32,800 --> 00:19:37,480
an IP via DNS and then it insensors the TCP connection we you know we went through all

322
00:19:37,480 --> 00:19:39,400
of that probably 10 15 times.

323
00:19:39,400 --> 00:19:46,000
Do you think that having that basis allowed you to grip something like IDOR and access

324
00:19:46,000 --> 00:19:51,880
control bugs a little bit a little bit easier or do you think it would have just been better

325
00:19:51,880 --> 00:19:55,000
to just be like hey here's an HTTP request.

326
00:19:55,000 --> 00:20:03,680
This HTTP request you know controls how the computer talks to the server rotate the ID

327
00:20:03,680 --> 00:20:04,680
see see the vulnerability.

328
00:20:04,680 --> 00:20:14,240
I mean what do you think do you think that's too deep.

329
00:20:14,240 --> 00:20:17,880
He just said he just said in Japanese that's tricky one.

330
00:20:17,880 --> 00:20:20,480
I'm going to think about that for a second.

331
00:20:20,480 --> 00:20:28,760
So I guess for one I wouldn't say I've mastered like TCP stuff right.

332
00:20:28,760 --> 00:20:36,000
And like I still I see we learn all these things and sometimes when I have to learn

333
00:20:36,000 --> 00:20:45,640
some like HTTP 2 things like you know I just always realize that I don't understand absolutely

334
00:20:45,640 --> 00:20:47,680
like anything right.

335
00:20:47,680 --> 00:20:51,120
Everyone has that moment.

336
00:20:51,120 --> 00:20:57,360
I think basic was necessary and also like at the end of the day you have to learn that

337
00:20:57,360 --> 00:20:58,360
right.

338
00:20:58,360 --> 00:21:00,560
So I think learning just basics.

339
00:21:00,560 --> 00:21:05,960
I don't know if it's related.

340
00:21:05,960 --> 00:21:06,960
Okay okay all right.

341
00:21:06,960 --> 00:21:08,360
No no no I like this take.

342
00:21:08,360 --> 00:21:12,280
This is I don't know if you guys know this English vocabulary word but hot take.

343
00:21:12,280 --> 00:21:15,900
Have you guys could I knows that so doesn't know it.

344
00:21:15,900 --> 00:21:24,040
Hot take is like a an opinion that is different than you know one might expect or what popular

345
00:21:24,040 --> 00:21:26,080
culture believes right.

346
00:21:26,080 --> 00:21:28,880
So this is this is a hot it might be a little bit of a hot take here.

347
00:21:28,880 --> 00:21:33,800
So tell me about why you're changing your mind a little bit on this.

348
00:21:33,800 --> 00:21:40,720
So one so so the one of the reasons I was learning cybersecurity and hacking from you

349
00:21:40,720 --> 00:21:45,480
three years ago was like I said because you're like one of the top hackers in the world.

350
00:21:45,480 --> 00:21:52,440
So I like didn't really matter how fast I can grow like how much money I can get.

351
00:21:52,440 --> 00:21:59,120
It was just like a pure hobby and I just wanted to understand at least basics of what you

352
00:21:59,120 --> 00:22:00,120
do.

353
00:22:00,120 --> 00:22:05,920
So that's why you know try trying to understand DNS stuff, TCP stuff all these things matter

354
00:22:05,920 --> 00:22:07,600
to me.

355
00:22:07,600 --> 00:22:12,240
So for me personally it was necessary and I really enjoyed that.

356
00:22:12,240 --> 00:22:18,600
But at the same time I don't I'm not super sure if that helped me understand access control

357
00:22:18,600 --> 00:22:25,240
thing I door things like business logic things better at that time that I'm not sure about.

358
00:22:25,240 --> 00:22:29,160
So you guys both listen to the podcast you know that we like to debate here a little

359
00:22:29,160 --> 00:22:30,160
bit.

360
00:22:30,160 --> 00:22:31,720
We like to do some we like to do some critical thinking.

361
00:22:31,720 --> 00:22:33,840
I like to debate.

362
00:22:33,840 --> 00:22:36,880
So I'm gonna I'm gonna you know I'm gonna play some devil's advocate.

363
00:22:36,880 --> 00:22:39,200
I'm gonna take you know the other side for a little bit.

364
00:22:39,200 --> 00:22:41,560
But first I want to hear Kodai's opinion.

365
00:22:41,560 --> 00:22:44,680
So Kodai same sort of question.

366
00:22:44,680 --> 00:22:50,000
Is it important to know that piece that I talked about when you put the URL in the browser

367
00:22:50,000 --> 00:22:56,520
what happens before you start learning things like IDOR and access control vulnerabilities?

368
00:22:56,520 --> 00:22:59,040
Yeah that definitely was necessary for me.

369
00:22:59,040 --> 00:23:00,040
Yeah.

370
00:23:00,040 --> 00:23:03,280
Yeah in that sense that was a really good start.

371
00:23:03,280 --> 00:23:10,360
Because I feel like that was the really at least to me the bare minimum that I really

372
00:23:10,360 --> 00:23:15,840
needed to actually go look for some bugs.

373
00:23:15,840 --> 00:23:19,760
I mean in this case only IDORs but yeah yeah.

374
00:23:19,760 --> 00:23:26,160
So and obviously I didn't really you know at that time when I when you just you know

375
00:23:26,160 --> 00:23:35,680
explain how yeah just starting from you know just missing with the with the URL URL bar

376
00:23:35,680 --> 00:23:42,520
and how briefly like all the HTTP messages work.

377
00:23:42,520 --> 00:23:50,200
I didn't have a comprehensive understanding of you know how IDORs could actually happen

378
00:23:50,200 --> 00:23:51,200
and stuff.

379
00:23:51,200 --> 00:23:52,200
Right right.

380
00:23:52,200 --> 00:23:54,120
It's sort of foundational knowledge.

381
00:23:54,120 --> 00:23:59,120
But I could still you know as a matter of fact go find some bugs.

382
00:23:59,120 --> 00:24:01,440
I mean obviously with your help.

383
00:24:01,440 --> 00:24:04,440
But yeah so yeah that worked pretty well for me.

384
00:24:04,440 --> 00:24:06,840
Yeah and I think I think that makes sense too.

385
00:24:06,840 --> 00:24:08,280
But so so all right.

386
00:24:08,280 --> 00:24:11,920
So let's let's let's give it back to so here and let's let's have a little little chat

387
00:24:11,920 --> 00:24:12,920
about this.

388
00:24:12,920 --> 00:24:13,920
OK.

389
00:24:13,920 --> 00:24:19,840
So on one hand I do agree I do agree that you know it would be possible to search otherwise.

390
00:24:19,840 --> 00:24:23,280
But I think for me and it sounds like maybe the cases for quota as well it's kind of hard

391
00:24:23,280 --> 00:24:27,160
for us to visualize what's happening until we understand what's happening at a little

392
00:24:27,160 --> 00:24:28,160
bit of a lower level.

393
00:24:28,160 --> 00:24:29,160
Right.

394
00:24:29,160 --> 00:24:33,680
Because like if I say to you I mean I guess you could understand at the level like we

395
00:24:33,680 --> 00:24:38,520
put a we put these HTTP requests in a box you know in this box inside a burp suite right.

396
00:24:38,520 --> 00:24:42,760
And we we change the number and we press send and then that just communicates to the server.

397
00:24:42,760 --> 00:24:44,400
I guess we could do it at that level.

398
00:24:44,400 --> 00:24:48,240
But do you think it would be hard for you to grip conceptually what's happening without

399
00:24:48,240 --> 00:24:54,080
that explanation or do you think really gripping what's happening conceptually but you know

400
00:24:54,080 --> 00:24:56,640
comes even later after the URL explanation.

401
00:24:56,640 --> 00:24:58,280
What do you think about that.

402
00:24:58,280 --> 00:25:01,600
Like do you have to understand what's happening on the back end for you to really see the

403
00:25:01,600 --> 00:25:03,800
full picture.

404
00:25:03,800 --> 00:25:09,920
So I guess I kind of agree with the call that like you know where he put it right.

405
00:25:09,920 --> 00:25:14,880
I'd say you know I kind of start to get persuaded.

406
00:25:14,880 --> 00:25:16,240
Right.

407
00:25:16,240 --> 00:25:21,440
But my point was like.

408
00:25:21,440 --> 00:25:27,280
Yet at that level is related you know but it's not directly related.

409
00:25:27,280 --> 00:25:32,400
So what it's a little bit early on to you know in your in your in your experience to

410
00:25:32,400 --> 00:25:38,280
really have to take in a bunch of technical information like RFCs you know reading HTTP

411
00:25:38,280 --> 00:25:43,960
RFC talking about you know TCP level connections which will never use ever again.

412
00:25:43,960 --> 00:25:48,760
It's really it's mostly the HTTP layer right that we need to be understanding.

413
00:25:48,760 --> 00:25:51,920
Do you agree.

414
00:25:51,920 --> 00:25:59,400
I mean like at the end of the day like I really kind of this argument really makes me remember

415
00:25:59,400 --> 00:26:05,320
the argument of you know the hacker the hackers need to like program.

416
00:26:05,320 --> 00:26:06,320
Yeah.

417
00:26:06,320 --> 00:26:13,960
And like I think answers from most hackers are like not absolutely necessary but absolutely

418
00:26:13,960 --> 00:26:14,960
helpful.

419
00:26:14,960 --> 00:26:15,960
Yeah.

420
00:26:15,960 --> 00:26:16,960
So you think this is similar.

421
00:26:16,960 --> 00:26:17,960
Yeah.

422
00:26:17,960 --> 00:26:18,960
This is I feel like this is similar.

423
00:26:18,960 --> 00:26:22,960
I think super helpful to understand I door.

424
00:26:22,960 --> 00:26:25,280
But is it like absolutely necessary.

425
00:26:25,280 --> 00:26:27,080
Then I don't think it is.

426
00:26:27,080 --> 00:26:28,080
Yeah.

427
00:26:28,080 --> 00:26:29,080
Yeah.

428
00:26:29,080 --> 00:26:30,080
That makes sense.

429
00:26:30,080 --> 00:26:34,200
I think I think I think that's a really good parallel you know drawing drawing those parallels

430
00:26:34,200 --> 00:26:41,080
in between because you can you can kind of see like you said you really could find it's

431
00:26:41,080 --> 00:26:45,160
simple enough where you really could if you understood the concept of I do where this

432
00:26:45,160 --> 00:26:50,600
concept of an ID and this concept of trusting the ID from the client side right.

433
00:26:50,600 --> 00:26:56,000
You could really find vulnerabilities without having to learn that.

434
00:26:56,000 --> 00:26:57,640
But really it does help.

435
00:26:57,640 --> 00:27:00,120
And I think that's that's a strong parallel to programming.

436
00:27:00,120 --> 00:27:01,560
That's good.

437
00:27:01,560 --> 00:27:02,560
OK.

438
00:27:02,560 --> 00:27:05,960
So let's talk about mentorship a little bit.

439
00:27:05,960 --> 00:27:11,640
Let's talk about the times when us three are sitting in a room hands on the keyboard.

440
00:27:11,640 --> 00:27:12,800
OK.

441
00:27:12,800 --> 00:27:17,160
Your boy your boy Justin's a little quirky sometimes.

442
00:27:17,160 --> 00:27:18,160
Right.

443
00:27:18,160 --> 00:27:24,680
So I have a little bit of an eccentric style or a little bit of an odd style of teaching

444
00:27:24,680 --> 00:27:28,080
bug bounty.

445
00:27:28,080 --> 00:27:32,520
What are some things that worked for you and some things that didn't work for you with

446
00:27:32,520 --> 00:27:35,240
the teaching teaching style.

447
00:27:35,240 --> 00:27:41,760
And once again I know this is a couple of years back but you know I often for example

448
00:27:41,760 --> 00:27:46,560
to give an example had you teach things back to me.

449
00:27:46,560 --> 00:27:48,920
What do you think about that and other teaching styles.

450
00:27:48,920 --> 00:27:54,520
So first once you got the mic or if you need to think we can give it to Kodai too.

451
00:27:54,520 --> 00:27:55,520
All right.

452
00:27:55,520 --> 00:27:58,040
Well so so it's taken a little.

453
00:27:58,040 --> 00:28:02,320
I caught so after a workday here is this brain's taking a second.

454
00:28:02,320 --> 00:28:03,320
All right.

455
00:28:03,320 --> 00:28:05,560
Could I what do you what do you think about that.

456
00:28:05,560 --> 00:28:12,440
Yeah so yeah your style of mentorship you know having us.

457
00:28:12,440 --> 00:28:13,440
OK OK.

458
00:28:13,440 --> 00:28:18,040
Wait wait wait before you get I can see before I we get into this.

459
00:28:18,040 --> 00:28:23,120
This is not supposed to be a Justin you're amazing bloody blah sort of session.

460
00:28:23,120 --> 00:28:24,120
OK.

461
00:28:24,120 --> 00:28:26,120
So please try to keep that to a minute a minimal.

462
00:28:26,120 --> 00:28:27,120
OK.

463
00:28:27,120 --> 00:28:29,520
This is this is supposed to be.

464
00:28:29,520 --> 00:28:31,840
Talk to me about the efficacy of the technique.

465
00:28:31,840 --> 00:28:32,840
OK.

466
00:28:32,840 --> 00:28:37,880
So this is going to be my genuine opinion and yeah the thing that you just touched on

467
00:28:37,880 --> 00:28:45,280
you know you having us explain what you just explained to us that really.

468
00:28:45,280 --> 00:28:52,240
Yeah that's actually one of the greatest things you did for us I guess.

469
00:28:52,240 --> 00:29:01,440
Yeah it was could be very challenging but definitely to understand how almost anything

470
00:29:01,440 --> 00:29:08,720
I guess you need to you got to be able to you know have the capability to reproduce

471
00:29:08,720 --> 00:29:11,480
what you just did you know explain what you just learned.

472
00:29:11,480 --> 00:29:16,120
So yeah that's definitely one thing I really liked about your style.

473
00:29:16,120 --> 00:29:20,080
Do you think it was it was too stressful.

474
00:29:20,080 --> 00:29:24,720
I feel like I'd be lying if I said not at all but.

475
00:29:24,720 --> 00:29:31,400
But you know that's the I really needed that stress you know for my brain and that definitely

476
00:29:31,400 --> 00:29:40,080
pushed me to you know spot what I didn't really understand precisely.

477
00:29:40,080 --> 00:29:45,680
Yeah just travel shooting issues.

478
00:29:45,680 --> 00:29:49,200
Have you have you thought about.

479
00:29:49,200 --> 00:29:51,680
So this this is a common technique.

480
00:29:51,680 --> 00:29:55,080
It's probably interesting because you know I'm making you guys do this but really what

481
00:29:55,080 --> 00:30:00,960
I'm doing the technique that I'm sort of mimicking it goes way back further and back into you

482
00:30:00,960 --> 00:30:08,000
know history sort of rooted in the Socratic method with Socrates a philosopher.

483
00:30:08,000 --> 00:30:14,960
But more commonly it's used in I.T. a little bit a little bit different but related topic

484
00:30:14,960 --> 00:30:17,840
called the rubber ducky method.

485
00:30:17,840 --> 00:30:19,320
Have you guys heard of that.

486
00:30:19,320 --> 00:30:20,320
No.

487
00:30:20,320 --> 00:30:21,320
Yeah.

488
00:30:21,320 --> 00:30:22,320
Yeah.

489
00:30:22,320 --> 00:30:23,320
Yeah.

490
00:30:23,320 --> 00:30:24,680
OK so has.

491
00:30:24,680 --> 00:30:30,300
So essentially the way that you can reproduce this for yourselves as well is may force

492
00:30:30,300 --> 00:30:33,800
yourself to explain stuff to inanimate objects.

493
00:30:33,800 --> 00:30:38,760
So a lot of programmers they'll have a rubber duck and you know yellow rubber duck sitting

494
00:30:38,760 --> 00:30:42,440
on their on their on their desk right.

495
00:30:42,440 --> 00:30:48,880
And they'll they'll explain things to that duck to try to help them figure out where

496
00:30:48,880 --> 00:30:50,480
the flaws in their logic are right.

497
00:30:50,480 --> 00:30:55,800
And I have that with a little stuffed animal Pokemon Dratini on my desk.

498
00:30:55,800 --> 00:30:58,040
I don't know because the Pokemon names are different in Japanese.

499
00:30:58,040 --> 00:31:03,920
I don't know if you know Dratini but he's kind of like a like a lizard snakey boy evolves

500
00:31:03,920 --> 00:31:07,680
into big dragon.

501
00:31:07,680 --> 00:31:09,520
But yeah so that's that's a that's technique.

502
00:31:09,520 --> 00:31:14,560
Have you guys used that at all in your life before or is this something that I should

503
00:31:14,560 --> 00:31:17,560
have equipped you with years ago that might have helped.

504
00:31:17,560 --> 00:31:19,560
That's I've definitely used it.

505
00:31:19,560 --> 00:31:20,560
Yeah.

506
00:31:20,560 --> 00:31:25,960
Even when I try to just practice my you know pronunciation in English and stuff.

507
00:31:25,960 --> 00:31:26,960
Oh yeah.

508
00:31:26,960 --> 00:31:27,960
Yeah.

509
00:31:27,960 --> 00:31:31,640
It's basically about talking to some something imaginary right.

510
00:31:31,640 --> 00:31:32,640
Right.

511
00:31:32,640 --> 00:31:33,640
Yeah.

512
00:31:33,640 --> 00:31:34,640
I do that too.

513
00:31:34,640 --> 00:31:35,640
The wall.

514
00:31:35,640 --> 00:31:36,640
The air.

515
00:31:36,640 --> 00:31:37,640
Yeah.

516
00:31:37,640 --> 00:31:41,960
And I definitely you know do the same thing in cyber security.

517
00:31:41,960 --> 00:31:42,960
Yeah.

518
00:31:42,960 --> 00:31:43,960
Yeah.

519
00:31:43,960 --> 00:31:47,680
What about you so do you have do you got any stuffed animals you talk to.

520
00:31:47,680 --> 00:31:49,840
I mean I do that always with my friends.

521
00:31:49,840 --> 00:31:50,840
Oh really.

522
00:31:50,840 --> 00:31:52,160
You know I mean like accidentally right.

523
00:31:52,160 --> 00:31:53,160
Right.

524
00:31:53,160 --> 00:31:54,160
Right.

525
00:31:54,160 --> 00:31:55,160
Like when I was a high school student I always.

526
00:31:55,160 --> 00:31:59,280
You all know what kind of guy so is like hey man you know let me tell you about this new

527
00:31:59,280 --> 00:32:04,240
Jason article I read you know like like yeah when I was a high schooler I did it to my

528
00:32:04,240 --> 00:32:05,240
sister.

529
00:32:05,240 --> 00:32:06,240
Oh really.

530
00:32:06,240 --> 00:32:09,120
They're like complex math problems I cannot solve.

531
00:32:09,120 --> 00:32:10,120
Right.

532
00:32:10,120 --> 00:32:13,320
And I you know bring it to my sister because my sister's pretty smart.

533
00:32:13,320 --> 00:32:18,120
And then like like and then like halfway through I'm like I know sorry I know I know how to

534
00:32:18,120 --> 00:32:19,120
do it.

535
00:32:19,120 --> 00:32:20,120
Right.

536
00:32:20,120 --> 00:32:23,760
These days I do with my hacker friends you know like real tough for example.

537
00:32:23,760 --> 00:32:26,120
I can send a message on Discord.

538
00:32:26,120 --> 00:32:28,240
I'm like what did it.

539
00:32:28,240 --> 00:32:29,240
What this is I don't understand.

540
00:32:29,240 --> 00:32:30,240
Right.

541
00:32:30,240 --> 00:32:34,080
And halfway through I'm like sorry I do understand.

542
00:32:34,080 --> 00:32:38,080
It's great when you've got friends on other time zones for that too because they won't

543
00:32:38,080 --> 00:32:42,200
respond right away and then you they'll just wake up to a barrage of messages like oh dude

544
00:32:42,200 --> 00:32:44,400
this is the weirdest thing I can't figure this out what's going on.

545
00:32:44,400 --> 00:32:45,600
Here's what's happening.

546
00:32:45,600 --> 00:32:48,360
I got it actually you know.

547
00:32:48,360 --> 00:32:50,000
So that's good.

548
00:32:50,000 --> 00:32:51,000
So what do you think.

549
00:32:51,000 --> 00:32:53,160
I mean do any other.

550
00:32:53,160 --> 00:32:57,320
So essentially the goal of this this sort of portion of the podcast is to try to equip

551
00:32:57,320 --> 00:33:02,680
the listeners with techniques that they can use to help other people their mentees grow

552
00:33:02,680 --> 00:33:06,200
or mentees themselves how they can grow.

553
00:33:06,200 --> 00:33:10,160
So do you have any other things that come to mind from your experience.

554
00:33:10,160 --> 00:33:15,920
You know working as a mentee or collaborating on y'all spoke down in growth together that

555
00:33:15,920 --> 00:33:18,600
come to mind any techniques or thoughts.

556
00:33:18,600 --> 00:33:27,360
So for me I think like like all like these like teaching styles or even like tips that

557
00:33:27,360 --> 00:33:30,600
you gave me really helped me for sure.

558
00:33:30,600 --> 00:33:34,040
But at the end of the day I feel like it's about me right.

559
00:33:34,040 --> 00:33:38,200
If I want to improve myself I have to work hard.

560
00:33:38,200 --> 00:33:46,320
So I think what I learned from you the most would be like you know motivation curiosity

561
00:33:46,320 --> 00:33:48,640
you know just you know stick to it.

562
00:33:48,640 --> 00:33:50,480
How did I convey that to you.

563
00:33:50,480 --> 00:33:52,920
Was it an example or was it something I said with words.

564
00:33:52,920 --> 00:33:58,520
Because when we when we have together sometimes you become unresponsive for like four hours.

565
00:33:58,520 --> 00:34:07,160
Seriously that was like I think one of the most important things to me.

566
00:34:07,160 --> 00:34:14,000
Of course like no I mean don't get me wrong I think I learned a lot of tips like really

567
00:34:14,000 --> 00:34:15,640
great things from you.

568
00:34:15,640 --> 00:34:21,880
But for example like those things if you push hard you can kind of hard like find them on

569
00:34:21,880 --> 00:34:22,880
Google sometimes.

570
00:34:22,880 --> 00:34:24,360
Right right for sure.

571
00:34:24,360 --> 00:34:26,120
But like I learned I learned them from Google.

572
00:34:26,120 --> 00:34:27,120
Yeah right.

573
00:34:27,120 --> 00:34:32,960
But in terms of like curiosity like this attitude of like stick to your computer for 12 hours

574
00:34:32,960 --> 00:34:35,640
till you find some vulnerabilities.

575
00:34:35,640 --> 00:34:37,760
That's like I think the biggest thing I learned.

576
00:34:37,760 --> 00:34:40,720
That yeah I think it's different seeing somebody do it in person too.

577
00:34:40,720 --> 00:34:41,720
Yeah.

578
00:34:41,720 --> 00:34:44,280
You know that's one of the things that I've done I've learned from the live hacking events

579
00:34:44,280 --> 00:34:52,120
is like you know at least for me I typically require a pretty uninterrupted environment

580
00:34:52,120 --> 00:34:53,120
to work in.

581
00:34:53,120 --> 00:34:56,680
You know but you know when at the live hacking event it can be a little bit hard for me to

582
00:34:56,680 --> 00:34:58,600
focus or work with others.

583
00:34:58,600 --> 00:34:59,600
Right.

584
00:34:59,600 --> 00:35:01,560
Like I normally try to get my headphones on and try to get in the zone.

585
00:35:01,560 --> 00:35:06,680
I wasn't really sure how to like actually collaborate with other hackers in an effective way.

586
00:35:06,680 --> 00:35:11,240
But being at the live hacking events and seeing people collaborating together seeing what

587
00:35:11,240 --> 00:35:15,080
worked with them it makes you realize it's possible.

588
00:35:15,080 --> 00:35:16,160
Right.

589
00:35:16,160 --> 00:35:18,280
So it's not always it's not always the technical tips right.

590
00:35:18,280 --> 00:35:20,040
It's not I guess is what you're saying.

591
00:35:20,040 --> 00:35:23,400
You know it's about the work ethic and the drive as well.

592
00:35:23,400 --> 00:35:25,240
And I think you had that as well.

593
00:35:25,240 --> 00:35:30,080
And you brought up a great point about sort of knowing yourself and how you learn and

594
00:35:30,080 --> 00:35:31,080
how you work.

595
00:35:31,080 --> 00:35:32,080
Right.

596
00:35:32,080 --> 00:35:36,880
And at the end of the day pushing yourself to find the vulnerabilities just through grinding

597
00:35:36,880 --> 00:35:38,320
essentially right.

598
00:35:38,320 --> 00:35:44,160
And it makes me think of one of a quote that I remember from you working together which

599
00:35:44,160 --> 00:35:47,320
was you're looking at your screen and you're getting kind of frustrating.

600
00:35:47,320 --> 00:35:51,240
You're like I need some carbohydrates.

601
00:35:51,240 --> 00:35:54,040
That's what you said to me.

602
00:35:54,040 --> 00:35:57,280
And I was like dude that is not how I think at all.

603
00:35:57,280 --> 00:36:03,320
You know like like like I I you know I'd be like man what like why can't I focus right

604
00:36:03,320 --> 00:36:04,320
now.

605
00:36:04,320 --> 00:36:05,320
Like this is so annoying.

606
00:36:05,320 --> 00:36:10,680
You know I get frustrated at that but you know from your own I guess from studying experiences

607
00:36:10,680 --> 00:36:13,400
that you're like ah you know this feeling.

608
00:36:13,400 --> 00:36:14,400
I know this feeling.

609
00:36:14,400 --> 00:36:16,200
I've I've felt this feeling before.

610
00:36:16,200 --> 00:36:19,960
This is me needing to have carbohydrates.

611
00:36:19,960 --> 00:36:21,400
Right.

612
00:36:21,400 --> 00:36:26,000
So how do you I mean is that something that just kind of came natural to you or is that

613
00:36:26,000 --> 00:36:30,680
something you had to start doing cognizantly is starting to learn you know yourself and

614
00:36:30,680 --> 00:36:35,600
how what makes you study best and what makes you focus best.

615
00:36:35,600 --> 00:36:39,800
Super hard question.

616
00:36:39,800 --> 00:36:43,280
We don't we don't we don't do easy questions here on critical thinking my man.

617
00:36:43,280 --> 00:36:48,800
So for one carbohydrate thing sweet things that's like pretty much like Japanese saying

618
00:36:48,800 --> 00:36:50,520
you know I might want to you know.

619
00:36:50,520 --> 00:36:51,520
Oh really.

620
00:36:51,520 --> 00:36:52,840
I need some sweet things.

621
00:36:52,840 --> 00:36:53,840
Oh really.

622
00:36:53,840 --> 00:36:55,600
To make my brain work.

623
00:36:55,600 --> 00:36:58,240
So that's the one.

624
00:36:58,240 --> 00:36:59,240
Interesting.

625
00:36:59,240 --> 00:37:00,240
Yeah.

626
00:37:00,240 --> 00:37:05,480
I wonder if it's a cultural piece you know like like I guess and I guess this is I mean

627
00:37:05,480 --> 00:37:07,320
this is just scientifically true right.

628
00:37:07,320 --> 00:37:11,120
You know that carbohydrates will help you focus in the short term you know right or

629
00:37:11,120 --> 00:37:12,440
sugar sugary things.

630
00:37:12,440 --> 00:37:15,720
I'll be focused in the short term but long term it's not not the best.

631
00:37:15,720 --> 00:37:19,440
So if you're at the end of your like you know studying cycle or whatever and you're really

632
00:37:19,440 --> 00:37:23,800
having trouble crossing the finish line or finishing and you could hit some carbohydrates.

633
00:37:23,800 --> 00:37:28,360
That's a that's an interesting that's an interesting little tidbit there.

634
00:37:28,360 --> 00:37:31,600
I thought you were a genius but maybe it's just your Japanese.

635
00:37:31,600 --> 00:37:32,600
Maybe so.

636
00:37:32,600 --> 00:37:33,600
Maybe so.

637
00:37:33,600 --> 00:37:34,600
Solid man.

638
00:37:34,600 --> 00:37:35,600
Yeah.

639
00:37:35,600 --> 00:37:41,480
So I think a lot of a lot of I guess growing and hacking has to do with that sort of learning

640
00:37:41,480 --> 00:37:44,680
yourself and and that sort of thing.

641
00:37:44,680 --> 00:37:51,240
Anything else come to mind between the two of you about about I guess either learning

642
00:37:51,240 --> 00:37:57,520
environment pluses or learning technique.

643
00:37:57,520 --> 00:37:59,880
OK so let me ask you about this.

644
00:37:59,880 --> 00:38:00,880
OK.

645
00:38:00,880 --> 00:38:04,240
When you work with a mentor one of the reasons I won't mentor people is because it takes

646
00:38:04,240 --> 00:38:06,040
a lot of time right.

647
00:38:06,040 --> 00:38:09,720
And I don't have time to mentor everyone.

648
00:38:09,720 --> 00:38:16,880
And this specific industry is not very conducive to mentorship because at the end of the day

649
00:38:16,880 --> 00:38:26,640
if I teach you about I door you didn't learn the skills necessary to learn I door by yourself.

650
00:38:26,640 --> 00:38:33,680
Maybe that wasn't my phone just but you know you don't learn the skills that you need to

651
00:38:33,680 --> 00:38:35,840
to learn I door yourself.

652
00:38:35,840 --> 00:38:37,200
You learned it from me.

653
00:38:37,200 --> 00:38:46,840
So how has it been transitioning from mentorship and bug bounty to self education.

654
00:38:46,840 --> 00:38:48,680
And let's start with Kodai on that one.

655
00:38:48,680 --> 00:38:53,520
If you're if that's not too much on the spot because I know it's a complicated question

656
00:38:53,520 --> 00:38:55,520
and it really really is.

657
00:38:55,520 --> 00:38:56,520
Yeah.

658
00:38:56,520 --> 00:39:03,280
I think in that respect I'm still in the process of you know really making that transition

659
00:39:03,280 --> 00:39:04,920
yeah developing that skill.

660
00:39:04,920 --> 00:39:12,760
Yeah really just you know having more self discipline to just you know keep to really

661
00:39:12,760 --> 00:39:17,160
stick to my computer for many hours.

662
00:39:17,160 --> 00:39:20,560
Can you share any tricks that you have because that's a journey right.

663
00:39:20,560 --> 00:39:25,320
That whole that whole experience of developing that that skill is a journey.

664
00:39:25,320 --> 00:39:26,560
And I forget that journey.

665
00:39:26,560 --> 00:39:34,480
I don't really remember what it was like to not know how to take technical concepts and

666
00:39:34,480 --> 00:39:40,840
break it down and you know assimilate it and bring it into my brain you know.

667
00:39:40,840 --> 00:39:44,840
And especially coming from a non technical background like English for you and French

668
00:39:44,840 --> 00:39:50,140
for so I'm wondering if there's any tips you can share for the people that are in a similar

669
00:39:50,140 --> 00:39:56,320
spot in trying to develop that skill in the first place.

670
00:39:56,320 --> 00:40:01,400
And even things that haven't worked you know like maybe I tried taking a break every 10

671
00:40:01,400 --> 00:40:05,400
minutes you know and then just discovered that that didn't work you know.

672
00:40:05,400 --> 00:40:11,080
And anything that comes to mind on that on that front.

673
00:40:11,080 --> 00:40:14,760
It's a real good question.

674
00:40:14,760 --> 00:40:20,480
I think it's a really simple thing and everyone says this but I guess like you just have to

675
00:40:20,480 --> 00:40:23,000
find what you love to do right.

676
00:40:23,000 --> 00:40:30,080
Like for the first few months when I just started to do backbounding and the first few

677
00:40:30,080 --> 00:40:36,180
months where I started to get some bounties as like I was telling to all my friends like

678
00:40:36,180 --> 00:40:40,160
you guys all got to do this because you can make money.

679
00:40:40,160 --> 00:40:46,120
But like from like a year ago or two I started to realize that I can do this because I love

680
00:40:46,120 --> 00:40:47,120
to do this.

681
00:40:47,120 --> 00:40:48,120
Right.

682
00:40:48,120 --> 00:40:51,640
It's not because there's money hanging there.

683
00:40:51,640 --> 00:40:52,640
Not because of that.

684
00:40:52,640 --> 00:40:58,280
I just do this because I love to learn new things and because I think hacking is really

685
00:40:58,280 --> 00:41:01,000
cool and something that helps others.

686
00:41:01,000 --> 00:41:09,080
So that's like so I don't like try to force myself to study farther or like push harder

687
00:41:09,080 --> 00:41:10,080
you know.

688
00:41:10,080 --> 00:41:12,560
So okay that's true.

689
00:41:12,560 --> 00:41:13,780
That's definitely true.

690
00:41:13,780 --> 00:41:16,440
So focus on doing the things you love.

691
00:41:16,440 --> 00:41:19,440
The specific vulnerability type that you love.

692
00:41:19,440 --> 00:41:22,200
Maybe you should just dive deep into that because you're fueled and it's going to be

693
00:41:22,200 --> 00:41:23,200
so much easier.

694
00:41:23,200 --> 00:41:24,720
The friction is going to be less.

695
00:41:24,720 --> 00:41:30,440
But we all get to the point so where we've read the JavaScript files ten times and we

696
00:41:30,440 --> 00:41:36,880
need to hack this target and we can't hack it and you're exhausted and you hate it.

697
00:41:36,880 --> 00:41:41,680
You know and I but okay okay but he does actually have a little bit of a weird saying though

698
00:41:41,680 --> 00:41:46,720
that that Mariah my wife always says about so he's like when somebody asks her what kind

699
00:41:46,720 --> 00:41:52,440
of person so is Mariah says he's the sort of person that says that this is this don't

700
00:41:52,440 --> 00:41:57,640
you just love that feeling when your brain is so tired that you can't do anymore.

701
00:41:57,640 --> 00:41:59,400
End quote.

702
00:41:59,400 --> 00:42:03,480
And so I mean do you have those moments or is it just of course I have but do you push

703
00:42:03,480 --> 00:42:04,720
through or do you give up.

704
00:42:04,720 --> 00:42:05,720
I give up.

705
00:42:05,720 --> 00:42:06,720
Okay.

706
00:42:06,720 --> 00:42:10,640
I think that's one thing that's different from you because I'm not full time but funny

707
00:42:10,640 --> 00:42:16,240
right at the end of the day I have a full time job that gives me stable salary.

708
00:42:16,240 --> 00:42:21,320
So I always stick to what I kind of want to do.

709
00:42:21,320 --> 00:42:26,480
So these days I'm not necessarily doing black box by funny whole time trying to find CVS

710
00:42:26,480 --> 00:42:29,920
trying to understand other people's fine.

711
00:42:29,920 --> 00:42:30,920
Right.

712
00:42:30,920 --> 00:42:37,120
And whenever I feel like I don't feel like you know going farther on this path I just

713
00:42:37,120 --> 00:42:38,120
give up.

714
00:42:38,120 --> 00:42:41,840
That's that's that's really insightful and I think that can get you really far.

715
00:42:41,840 --> 00:42:44,880
I mean clearly that can get you really far.

716
00:42:44,880 --> 00:42:50,640
And I think a lot of the book bounty stuff that we talk about is a very grind heavy mentality.

717
00:42:50,640 --> 00:42:54,240
And I think if you are to do bug bounty full time you will run into those sort of grind

718
00:42:54,240 --> 00:43:01,520
situations but you also have to know when to set it aside and say hey I'm actually not

719
00:43:01,520 --> 00:43:02,640
going to grind anymore on this.

720
00:43:02,640 --> 00:43:06,200
I've got you know enough bugs in my pipeline that's going to pay my bills.

721
00:43:06,200 --> 00:43:10,960
I don't need to sit here and shred my brain you know trying to figure out some of this

722
00:43:10,960 --> 00:43:19,880
stuff that that isn't necessarily relevant to or is too much mental expenditure too much

723
00:43:19,880 --> 00:43:25,480
mental cost right for for what it's worth and maybe move on to a different target or

724
00:43:25,480 --> 00:43:29,320
maybe pivot around.

725
00:43:29,320 --> 00:43:40,280
That being said I made this mistake earlier on in my career where I would do manual testing

726
00:43:40,280 --> 00:43:44,920
but I would do it wide and I would move very quickly over the attack surface and this is

727
00:43:44,920 --> 00:43:50,760
something that Douglas Day and I Archangel sort of debated on the last podcast was like

728
00:43:50,760 --> 00:43:53,840
how quickly do you move on from a target how quickly do you move on from a section of the

729
00:43:53,840 --> 00:43:55,240
application.

730
00:43:55,240 --> 00:44:00,640
And I noted that when I started being more stubborn about an attack vector about a bug

731
00:44:00,640 --> 00:44:09,120
I started finding better bugs you know for the first like two years maybe maybe not quite

732
00:44:09,120 --> 00:44:12,280
two years maybe about two years of my book bounty journey.

733
00:44:12,280 --> 00:44:21,280
I never found a five digit vulnerability so vulnerability above ten thousand dollars and

734
00:44:21,280 --> 00:44:26,520
and then when I started being a little bit more stubborn and a little bit more you know

735
00:44:26,520 --> 00:44:34,160
mentally resilient I started finding more bugs that of higher impact but less bugs overall

736
00:44:34,160 --> 00:44:39,520
right which is a definitely a mentality shift.

737
00:44:39,520 --> 00:44:43,280
So yeah I'm sorry bringing it back around could I.

738
00:44:43,280 --> 00:44:50,920
Did you have any thoughts on what was my question now.

739
00:44:50,920 --> 00:44:55,720
I guess did you have any do you have any thoughts on what things have worked for you and haven't

740
00:44:55,720 --> 00:45:00,000
worked for you developing sort of the mental resilience that's necessary or the ability

741
00:45:00,000 --> 00:45:05,200
to intake new bug bounty techniques things that have worked or that haven't worked and

742
00:45:05,200 --> 00:45:08,960
it's okay to say no we can move on to the next question but you know it's very much

743
00:45:08,960 --> 00:45:14,760
a process along the way and it might not be a process that you're undergoing cognizant

744
00:45:14,760 --> 00:45:18,360
Lee something that's in the forefront of your mind it could rather be something that's in

745
00:45:18,360 --> 00:45:22,000
the back of your mind and something that you haven't really thought through but but the

746
00:45:22,000 --> 00:45:26,840
whole point of this is to try to bring those things to the front of our minds so that we

747
00:45:26,840 --> 00:45:30,440
can share with others how they might have a shortcut.

748
00:45:30,440 --> 00:45:36,240
So do you have any thoughts on that.

749
00:45:36,240 --> 00:45:44,760
It's really just me being kind of weird probably but I try to because when you do some hacking

750
00:45:44,760 --> 00:45:53,880
you could just be basically sitting at desk for many hours just like that.

751
00:45:53,880 --> 00:46:01,740
So I try to you know one of the things that I that I've been trying to do these days is

752
00:46:01,740 --> 00:46:12,840
just you know sit in front of my computer for about 50 minutes and then you know have

753
00:46:12,840 --> 00:46:22,560
like a five minute break to do some push ups or you know squats right and then I've seen

754
00:46:22,560 --> 00:46:26,520
you do that with your little timer you'll set a timer and then you know sometimes I

755
00:46:26,520 --> 00:46:31,880
guess sometimes it's a stopwatch going up and then and do you ever do a one going down

756
00:46:31,880 --> 00:46:34,800
or is it mostly one going down.

757
00:46:34,800 --> 00:46:38,560
What do you mean stopwatch is I mean like you press start and then it starts counting

758
00:46:38,560 --> 00:46:43,360
one two three four five and then versus a timer where a timer is I do both.

759
00:46:43,360 --> 00:46:44,360
Oh do you really.

760
00:46:44,360 --> 00:46:45,360
Yes.

761
00:46:45,360 --> 00:46:50,040
Tell me about what do you what do you use both.

762
00:46:50,040 --> 00:46:53,480
That's a really good question sometimes I so one of the things I really is it because

763
00:46:53,480 --> 00:46:56,120
you're an absolute maniac and just switch it up every time.

764
00:46:56,120 --> 00:46:58,400
I mean I okay you have a reason.

765
00:46:58,400 --> 00:47:06,400
Okay sometimes I kind of want to keep track of what I've been doing and you know to sort

766
00:47:06,400 --> 00:47:09,480
of help myself do that successfully.

767
00:47:09,480 --> 00:47:19,720
I kind of sometimes I just want to know how much time exactly I spent on doing one specific

768
00:47:19,720 --> 00:47:20,720
thing.

769
00:47:20,720 --> 00:47:28,200
So yeah when I try to do that it's definitely the timer you know going up.

770
00:47:28,200 --> 00:47:35,920
But as I said I do both so I got a yeah in a way as I said I do both I'm still doing

771
00:47:35,920 --> 00:47:38,880
it in a really frantic manner.

772
00:47:38,880 --> 00:47:44,440
So take it all is that okay so a little sporadic a little bit.

773
00:47:44,440 --> 00:47:47,640
Yeah okay gotcha.

774
00:47:47,640 --> 00:47:50,880
That makes sense I mean but but you found that that technique helps you and then when

775
00:47:50,880 --> 00:47:55,040
once you get up and you do the push ups and you return to your work that is something

776
00:47:55,040 --> 00:48:02,120
that that sort of for me I think would cause some mental friction and some context switch.

777
00:48:02,120 --> 00:48:05,240
So your brain says I'm working on something else.

778
00:48:05,240 --> 00:48:07,160
I'm sorry I should bring the mic with me.

779
00:48:07,160 --> 00:48:12,480
I'm working on something else and then going back to the thing you're working on before

780
00:48:12,480 --> 00:48:14,520
it's a little bit of a reset right.

781
00:48:14,520 --> 00:48:19,880
And so I try to avoid those things but I know I acknowledge that they're necessary.

782
00:48:19,880 --> 00:48:23,960
How do you do you think that helps increase your focus or do you think that helps you

783
00:48:23,960 --> 00:48:27,840
your focus in the short term or do you think that's more of a long term like it allows

784
00:48:27,840 --> 00:48:38,000
you to work more hours because you have those breaks or both.

785
00:48:38,000 --> 00:48:44,480
Actually I've never really thought of it from that perspective I just thought hey I got

786
00:48:44,480 --> 00:48:47,840
to do something healthy for my body.

787
00:48:47,840 --> 00:48:53,120
But yeah definitely I think I got to pay more attention to that aspect as well.

788
00:48:53,120 --> 00:48:58,320
So for you this is more of a counteracting the physical sitting in a chair staring at

789
00:48:58,320 --> 00:48:59,320
a screen for a little while.

790
00:48:59,320 --> 00:49:00,320
Yeah pretty much.

791
00:49:00,320 --> 00:49:03,680
That's very that's very important.

792
00:49:03,680 --> 00:49:10,240
Very good so that that's some of the some of the I guess things that have worked or

793
00:49:10,240 --> 00:49:12,920
things that some tips.

794
00:49:12,920 --> 00:49:18,200
What kind of things do you have to share that about my mentorship style in particular or

795
00:49:18,200 --> 00:49:22,720
about your bug bounty journey that haven't worked.

796
00:49:22,720 --> 00:49:24,760
And I'll toss one up there for you.

797
00:49:24,760 --> 00:49:28,280
What kind of music do you guys like to listen to.

798
00:49:28,280 --> 00:49:31,880
While you're do you listen to music do you listen to sounds.

799
00:49:31,880 --> 00:49:36,440
Are there any experiences that you've had that are not loop.

800
00:49:36,440 --> 00:49:38,240
Yeah.

801
00:49:38,240 --> 00:49:39,400
Tell the people about that one.

802
00:49:39,400 --> 00:49:45,400
So yeah so I think about this topic I think I want to talk about two things like you know

803
00:49:45,400 --> 00:49:47,820
something that haven't worked.

804
00:49:47,820 --> 00:49:52,240
And the first one is kind of joke which is about music is you know you because you keep

805
00:49:52,240 --> 00:49:59,360
listening exact the same music for like literally for like 12 hours and then like keep singing

806
00:49:59,360 --> 00:50:03,240
the same phrase for like six hours.

807
00:50:03,240 --> 00:50:09,280
And then on top of that you say like this works so you got to do it and it doesn't.

808
00:50:09,280 --> 00:50:12,880
It just doesn't work.

809
00:50:12,880 --> 00:50:18,480
Yeah yeah that is a little bit that is I realize now that that may not be universal.

810
00:50:18,480 --> 00:50:19,480
Now principle.

811
00:50:19,480 --> 00:50:20,480
Yeah.

812
00:50:20,480 --> 00:50:21,480
Yeah.

813
00:50:21,480 --> 00:50:25,280
The thing you know that I that I do the reason why I do that I've explained it to you and

814
00:50:25,280 --> 00:50:30,880
I'll explain to the people as well just in case it it resounds with anyone is I tend

815
00:50:30,880 --> 00:50:34,320
to get phrases or songs stuck in my head.

816
00:50:34,320 --> 00:50:37,520
I'm very susceptible to earworms right.

817
00:50:37,520 --> 00:50:42,200
So when I have a song in my head it will be taking up mental space.

818
00:50:42,200 --> 00:50:48,500
And so instead of having it in my head I opt to have it in my ears on repeat on loop.

819
00:50:48,500 --> 00:50:53,200
And what that does is it takes it out of my head out of the working space in my head and

820
00:50:53,200 --> 00:50:56,480
puts it in the ears and makes it so I don't have to think about it.

821
00:50:56,480 --> 00:51:02,160
And then that frees up that mental space right for me to actually do things.

822
00:51:02,160 --> 00:51:06,880
But the result of that is that I'm listening to the same song on repeat for 12 hours sometimes

823
00:51:06,880 --> 00:51:12,840
and sometimes singing the same thing on repeat for 12 hours which can drive your mentees

824
00:51:12,840 --> 00:51:17,160
absolutely baddie absolutely nuts.

825
00:51:17,160 --> 00:51:22,360
So that's so I mean an alternative to that for you is what what works for you.

826
00:51:22,360 --> 00:51:25,040
Or did you have something else to share on the things that don't work or things that

827
00:51:25,040 --> 00:51:26,040
do work.

828
00:51:26,040 --> 00:51:29,840
Well yeah so the second thing that I was going to mention the second thing if this because

829
00:51:29,840 --> 00:51:33,440
this I think podcast is for like mentorship and stuff.

830
00:51:33,440 --> 00:51:40,360
I think this is a case for like every mentorship with the absolute beginner and top guy.

831
00:51:40,360 --> 00:51:47,720
Okay is that like so that like top hackers like you have already forgot what it was like

832
00:51:47,720 --> 00:51:49,160
when you were a beginner.

833
00:51:49,160 --> 00:51:54,200
So you forgot like what was like common sense right.

834
00:51:54,200 --> 00:51:56,860
And what is like something you have to learn right.

835
00:51:56,860 --> 00:52:03,920
So you explain something without realizing that you're like an assumption is not shared

836
00:52:03,920 --> 00:52:06,000
by mentees right.

837
00:52:06,000 --> 00:52:08,120
So that it's not just about you.

838
00:52:08,120 --> 00:52:10,920
It kind of happens with no no no.

839
00:52:10,920 --> 00:52:12,640
So say it like it's about me though.

840
00:52:12,640 --> 00:52:15,600
Yeah so this is good practice for you providing.

841
00:52:15,600 --> 00:52:21,120
Yeah like the reason why I'm not pointing this to you is because it was like the last

842
00:52:21,120 --> 00:52:24,040
session was a year ago.

843
00:52:24,040 --> 00:52:30,360
So I don't like really vividly remember what kind of things that was.

844
00:52:30,360 --> 00:52:35,020
I remember you giving me this feedback during our training sessions though too.

845
00:52:35,020 --> 00:52:37,880
And I think that's one of the things that I I'm glad you mentioned this because that's

846
00:52:37,880 --> 00:52:40,880
one of the things that I wanted to sort of bring up in this.

847
00:52:40,880 --> 00:52:42,240
And I saw you nodding as well.

848
00:52:42,240 --> 00:52:43,520
Could I.

849
00:52:43,520 --> 00:52:48,080
And this is kind of one of the things that I wanted to extract from you two during this

850
00:52:48,080 --> 00:52:57,480
podcast is is my phone is freaking out as much as you can remember what is what are

851
00:52:57,480 --> 00:53:03,800
the things that are common sense and are not common sense right.

852
00:53:03,800 --> 00:53:08,160
And I know that that probably to this you know right now not many things are coming

853
00:53:08,160 --> 00:53:10,480
to mind.

854
00:53:10,480 --> 00:53:16,960
But it is as much as you can I guess try to equip and it doesn't even necessarily have

855
00:53:16,960 --> 00:53:18,760
to be specific topics.

856
00:53:18,760 --> 00:53:24,200
But I guess even just equipping the listener with the ability to say hey there's something

857
00:53:24,200 --> 00:53:27,080
that I'm missing here like like what you just said right.

858
00:53:27,080 --> 00:53:30,280
There's some assumption that you are making that I am not making and it's not clicking

859
00:53:30,280 --> 00:53:31,280
right.

860
00:53:31,280 --> 00:53:33,400
I think that's I think that's really good as well.

861
00:53:33,400 --> 00:53:36,760
So how do you how do you identify those scenarios.

862
00:53:36,760 --> 00:53:43,360
To be honest I think understanding on anything is not like black and white right.

863
00:53:43,360 --> 00:53:44,360
Right.

864
00:53:44,360 --> 00:53:46,280
You start from zero trying to shoot 400.

865
00:53:46,280 --> 00:53:47,280
Right.

866
00:53:47,280 --> 00:53:53,080
So that I think that's why it's really hard to identify is because so the first time you

867
00:53:53,080 --> 00:53:59,000
hear that like your understanding of something is like too right.

868
00:53:59,000 --> 00:54:03,400
The next time you hear that your understanding is like 45.

869
00:54:03,400 --> 00:54:07,920
So that's why you understand that better right.

870
00:54:07,920 --> 00:54:12,760
But you don't necessarily identify why it was there is a difference.

871
00:54:12,760 --> 00:54:13,760
Sure.

872
00:54:13,760 --> 00:54:16,320
And you never understand something for like 100 percent.

873
00:54:16,320 --> 00:54:21,520
I think it's always hard to say like what was something that I missed.

874
00:54:21,520 --> 00:54:22,520
Yeah.

875
00:54:22,520 --> 00:54:23,520
You know.

876
00:54:23,520 --> 00:54:24,520
Yeah.

877
00:54:24,520 --> 00:54:25,520
No that makes sense.

878
00:54:25,520 --> 00:54:29,160
Koda do you have any any thoughts on on any of that identifying areas that may be common

879
00:54:29,160 --> 00:54:35,200
sense to Justin that are preventing you from clicking or is it in those scenarios do you

880
00:54:35,200 --> 00:54:40,280
often just find yourself like man for whatever reason this isn't clicking.

881
00:54:40,280 --> 00:54:43,280
Maybe it's the common sense thing you know.

882
00:54:43,280 --> 00:54:44,280
Yeah.

883
00:54:44,280 --> 00:54:55,960
One of the things I really struggle with I mean I still do in that sense is I think especially

884
00:54:55,960 --> 00:55:04,560
for beginners a lot of the you know behaviors of web browsers in general maybe could be

885
00:55:04,560 --> 00:55:06,600
very counterintuitive.

886
00:55:06,600 --> 00:55:12,120
And because you already you know as a mentor and you know an adept hacker guy you just

887
00:55:12,120 --> 00:55:16,400
know you have all the you know knowledge.

888
00:55:16,400 --> 00:55:25,400
And yeah so it's like so browser internals maybe like understanding like what kind of

889
00:55:25,400 --> 00:55:30,360
limitations there are in the browser and maybe even what kind of capabilities there are in

890
00:55:30,360 --> 00:55:31,360
the browser.

891
00:55:31,360 --> 00:55:32,360
Yeah.

892
00:55:32,360 --> 00:55:33,360
I remember one thing.

893
00:55:33,360 --> 00:55:34,360
I remember one thing.

894
00:55:34,360 --> 00:55:35,360
Koda I'm sorry.

895
00:55:35,360 --> 00:55:36,360
Yeah sorry sorry.

896
00:55:36,360 --> 00:55:41,320
You need to go to the file file save save state you know.

897
00:55:41,320 --> 00:55:42,320
Okay save it.

898
00:55:42,320 --> 00:55:49,640
So there was one moment I realized that it's not just server side and client side you know

899
00:55:49,640 --> 00:55:51,080
there is browser.

900
00:55:51,080 --> 00:55:52,080
Yeah.

901
00:55:52,080 --> 00:55:53,080
Client side.

902
00:55:53,080 --> 00:55:54,080
Yeah.

903
00:55:54,080 --> 00:55:55,080
And server side.

904
00:55:55,080 --> 00:55:59,160
Client side and browser there's just a ton of things you cannot understand especially

905
00:55:59,160 --> 00:56:03,280
with like you know cross site thing cross origin thing.

906
00:56:03,280 --> 00:56:04,280
Explain that a little bit.

907
00:56:04,280 --> 00:56:06,920
What do you mean by that?

908
00:56:06,920 --> 00:56:12,400
Like the client isn't necessarily a browser is that what you're talking about or what?

909
00:56:12,400 --> 00:56:17,920
So I don't I cannot understand why I couldn't understand because now I can understand it.

910
00:56:17,920 --> 00:56:18,920
Right.

911
00:56:18,920 --> 00:56:19,920
But there's server.

912
00:56:19,920 --> 00:56:20,920
Right.

913
00:56:20,920 --> 00:56:21,920
There's client side.

914
00:56:21,920 --> 00:56:22,920
Right.

915
00:56:22,920 --> 00:56:23,920
And browser uses this client side.

916
00:56:23,920 --> 00:56:26,200
So there are three three parties.

917
00:56:26,200 --> 00:56:29,000
Okay so the representation of yeah yeah yeah.

918
00:56:29,000 --> 00:56:30,000
Okay.

919
00:56:30,000 --> 00:56:31,000
Wow that's interesting.

920
00:56:31,000 --> 00:56:35,760
Okay so that's a really interesting representation of that to me because I do you know and the

921
00:56:35,760 --> 00:56:40,320
client side is I guess the browser for me in some capacity but really the way you've

922
00:56:40,320 --> 00:56:44,680
described it the browser is the piece of software that is quote unquote processing the client

923
00:56:44,680 --> 00:56:45,680
side.

924
00:56:45,680 --> 00:56:46,680
Right.

925
00:56:46,680 --> 00:56:47,680
Is that is that how you're seeing it.

926
00:56:47,680 --> 00:56:48,680
I mean not necessarily.

927
00:56:48,680 --> 00:56:54,000
But there is just one moment that I was like oh that's why there's this restriction that

928
00:56:54,000 --> 00:56:57,040
has to be in place to protect you know users.

929
00:56:57,040 --> 00:56:58,040
Okay.

930
00:56:58,040 --> 00:57:03,400
Because because it's I'm seeing I'm seeing that that's a that's a very interesting way

931
00:57:03,400 --> 00:57:04,400
of seeing it.

932
00:57:04,400 --> 00:57:10,600
It's kind of hard to like explain which part is important to understand like what technology

933
00:57:10,600 --> 00:57:13,960
is like it's really hard to explain but just that whole concept.

934
00:57:13,960 --> 00:57:19,160
Yeah the browser being a piece of software itself that has you know saved state right

935
00:57:19,160 --> 00:57:25,080
with cookies and and then you know a segmentation with different browser tabs and different origins

936
00:57:25,080 --> 00:57:26,440
and stuff like that.

937
00:57:26,440 --> 00:57:32,840
And not all of that is represented in just the you know client side response from from

938
00:57:32,840 --> 00:57:34,440
the server right.

939
00:57:34,440 --> 00:57:37,920
Because you could hit it with curl and you'd get some data back right.

940
00:57:37,920 --> 00:57:40,060
But the browser is a much more complex mechanic.

941
00:57:40,060 --> 00:57:42,080
Is that sort of what you're talking about.

942
00:57:42,080 --> 00:57:44,800
But at the same time yet I agree with that.

943
00:57:44,800 --> 00:57:50,440
Then same time sometimes browser visits client side like when you use the Chrome instead

944
00:57:50,440 --> 00:57:58,320
of curl then it then looks like they're just two parties.

945
00:57:58,320 --> 00:58:02,920
And then it renders and yeah and then you just get confused.

946
00:58:02,920 --> 00:58:03,920
Right.

947
00:58:03,920 --> 00:58:04,920
Okay.

948
00:58:04,920 --> 00:58:06,800
That's an interesting that's an interesting way of understanding it.

949
00:58:06,800 --> 00:58:13,840
I think you know if I try to force my own understanding on you of that you know it could

950
00:58:13,840 --> 00:58:14,960
become confusing.

951
00:58:14,960 --> 00:58:22,080
And also like even even me right now I couldn't I mean I cannot understand why I couldn't

952
00:58:22,080 --> 00:58:24,240
understand that three years ago.

953
00:58:24,240 --> 00:58:30,600
So if if you know three years ago me came up here I think I would do the same thing

954
00:58:30,600 --> 00:58:31,600
as Justin.

955
00:58:31,600 --> 00:58:32,600
Right.

956
00:58:32,600 --> 00:58:39,120
So I think three years ago like you know having hard time explaining like common sense.

957
00:58:39,120 --> 00:58:40,120
Sure.

958
00:58:40,120 --> 00:58:41,120
Sure.

959
00:58:41,120 --> 00:58:42,120
So that's how.

960
00:58:42,120 --> 00:58:43,120
Yeah.

961
00:58:43,120 --> 00:58:44,120
Yeah that makes sense.

962
00:58:44,120 --> 00:58:45,120
So bringing it back to Kodai.

963
00:58:45,120 --> 00:58:46,120
Sorry.

964
00:58:46,120 --> 00:58:47,120
Thank you for interjecting there.

965
00:58:47,120 --> 00:58:53,400
So you were saying you know I guess just making the mentee in the situation aware of sort

966
00:58:53,400 --> 00:58:56,520
of how the browser works and what kind of restrictions are in the browser.

967
00:58:56,520 --> 00:58:58,840
That's where a lot of the assumptions are coming in.

968
00:58:58,840 --> 00:59:01,800
Is that is that kind of what you were saying.

969
00:59:01,800 --> 00:59:02,800
Yeah kind of.

970
00:59:02,800 --> 00:59:07,560
And it's just it's not necessarily it's not just about you know web browsers.

971
00:59:07,560 --> 00:59:13,400
It could be just you know just yeah anything like multiple servers and stuff.

972
00:59:13,400 --> 00:59:21,240
And yeah it's so it has been really easy for me to lose track of what was going on like

973
00:59:21,240 --> 00:59:26,320
you know in the middle of listening to you your explanation basically.

974
00:59:26,320 --> 00:59:27,320
Right.

975
00:59:27,320 --> 00:59:28,320
Right.

976
00:59:28,320 --> 00:59:29,320
Oh like even when you use.

977
00:59:29,320 --> 00:59:30,320
When.

978
00:59:30,320 --> 00:59:31,320
Right.

979
00:59:31,320 --> 00:59:35,120
I think it helped in particular when we used visual representations like on a whiteboard.

980
00:59:35,120 --> 00:59:36,120
Yeah.

981
00:59:36,120 --> 00:59:37,120
Yeah.

982
00:59:37,120 --> 00:59:38,120
That was that was big for you.

983
00:59:38,120 --> 00:59:39,120
Yeah that was a massive help.

984
00:59:39,120 --> 00:59:40,120
OK.

985
00:59:40,120 --> 00:59:41,120
Gotcha.

986
00:59:41,120 --> 00:59:42,120
Good.

987
00:59:42,120 --> 00:59:43,120
Look at that guys.

988
00:59:43,120 --> 00:59:44,960
Some good some good feedback.

989
00:59:44,960 --> 00:59:51,720
Don't listen to two songs on loop for 12 hours at least not over you know speakers rather

990
00:59:51,720 --> 00:59:56,800
than in headphone and try to be aware of the common sense bias.

991
00:59:56,800 --> 00:59:57,800
Right.

992
00:59:57,800 --> 01:00:03,640
Like I think I have another solution for me that I found is so these days I work a lot

993
01:00:03,640 --> 01:00:08,760
with Ryota who is you know obviously another super good hackers.

994
01:00:08,760 --> 01:00:13,000
So he does a lot of things to me like where you know there are like a lot of you know

995
01:00:13,000 --> 01:00:14,000
common sense gaps.

996
01:00:14,000 --> 01:00:15,000
Yeah.

997
01:00:15,000 --> 01:00:20,160
What I do all the time and what he says to me all the time is like OK let's just stop

998
01:00:20,160 --> 01:00:25,700
this and you know just you know put this aside for a few months.

999
01:00:25,700 --> 01:00:32,000
And then I come back to the same same concept like three months later to see if I understand

1000
01:00:32,000 --> 01:00:33,920
that you know.

1001
01:00:33,920 --> 01:00:35,400
And that that works.

1002
01:00:35,400 --> 01:00:36,400
Yeah that works.

1003
01:00:36,400 --> 01:00:41,080
We kind of we kind of give up understanding that he kind of give up teaching me that and

1004
01:00:41,080 --> 01:00:43,520
I kind of give understanding that two months later.

1005
01:00:43,520 --> 01:00:47,120
Like why I didn't understand that you know that's another solution.

1006
01:00:47,120 --> 01:00:49,440
That is that's so foreign to me.

1007
01:00:49,440 --> 01:00:50,440
Yeah.

1008
01:00:50,440 --> 01:00:52,900
I would never ever ever ever ever do that.

1009
01:00:52,900 --> 01:00:57,160
You know like that and this is great because that's a brilliant segue into the next section

1010
01:00:57,160 --> 01:01:02,160
that I wanted to say which was like how has it has your you know and also I'll let you

1011
01:01:02,160 --> 01:01:05,400
I'll cue this up and let you guys think about it for a second.

1012
01:01:05,400 --> 01:01:10,280
How has working with other hackers influenced your hacking.

1013
01:01:10,280 --> 01:01:15,100
You know for you maybe that's so or any other hackers you've collaborated with you know

1014
01:01:15,100 --> 01:01:17,440
being near the live hacking events or maybe it's just me.

1015
01:01:17,440 --> 01:01:21,200
You know I don't know how much collaboration you've done outside but so you've done you

1016
01:01:21,200 --> 01:01:23,720
know some other collaborations.

1017
01:01:23,720 --> 01:01:27,880
How has that been and what things have been different that you've learned.

1018
01:01:27,880 --> 01:01:31,720
Now that crazy ass thing you said a second ago about your time.

1019
01:01:31,720 --> 01:01:39,360
Dude I can't I can't even process that because like for me if I let something like that go

1020
01:01:39,360 --> 01:01:46,720
all then all of the working memory you know all of the data and RAM just just drops right.

1021
01:01:46,720 --> 01:01:50,080
And sure maybe I'm a little bit more of a mature hacker you know a couple months down

1022
01:01:50,080 --> 01:01:54,240
the line but man maybe it's just the stubbornness to that.

1023
01:01:54,240 --> 01:01:57,680
I just don't want to let that thing even temporarily defeat me.

1024
01:01:57,680 --> 01:02:01,080
I don't even want to lose the battle even if it's going to win me the war in the long

1025
01:02:01,080 --> 01:02:02,080
run.

1026
01:02:02,080 --> 01:02:06,640
And actually this this correlates me this may just be my personality too because I know

1027
01:02:06,640 --> 01:02:12,960
you guys know Mariah and how Ryan I work but let's say Mariah and I are having an argument

1028
01:02:12,960 --> 01:02:18,680
right in the moment I'll be like we got to fix this right now you know and we just got

1029
01:02:18,680 --> 01:02:22,560
to talk this through and then we'll just be back to normal and everything will be better

1030
01:02:22,560 --> 01:02:23,560
right.

1031
01:02:23,560 --> 01:02:29,520
But for Mariah sometimes it's it it say hey we need to take even a five or ten minute

1032
01:02:29,520 --> 01:02:34,000
break and just breathe and then just come back to the situation right.

1033
01:02:34,000 --> 01:02:37,000
I see that.

1034
01:02:37,000 --> 01:02:40,000
I can picture that.

1035
01:02:40,000 --> 01:02:42,520
Whereas I I would never do anything like that.

1036
01:02:42,520 --> 01:02:44,120
So it's good to see.

1037
01:02:44,120 --> 01:02:49,680
I mean so that's great to hear that you found other you know other mentors or other you

1038
01:02:49,680 --> 01:02:55,440
know hackers to collaborate with that have also shared with you other ways of of you

1039
01:02:55,440 --> 01:03:01,760
know growing and finding essentially a scenario where it's like OK well hey you don't understand

1040
01:03:01,760 --> 01:03:03,360
that now and that's OK.

1041
01:03:03,360 --> 01:03:06,240
But let's come back to this a little bit and maybe putting a reminder on your calendar

1042
01:03:06,240 --> 01:03:09,840
on your to do list or something say revisit this topic.

1043
01:03:09,840 --> 01:03:11,120
Yeah.

1044
01:03:11,120 --> 01:03:17,240
So OK hopefully you haven't been too engaged in what I'm saying and you've been thinking

1045
01:03:17,240 --> 01:03:21,640
about what what other hackers you you've worked with a little bit.

1046
01:03:21,640 --> 01:03:22,640
Could I do you.

1047
01:03:22,640 --> 01:03:24,960
I mean why don't you start because I'm not I'm not sure.

1048
01:03:24,960 --> 01:03:27,320
Do you have other hackers that you've collaborated with.

1049
01:03:27,320 --> 01:03:28,320
Obviously so.

1050
01:03:28,320 --> 01:03:31,600
But besides me.

1051
01:03:31,600 --> 01:03:32,600
Not really.

1052
01:03:32,600 --> 01:03:33,600
I mean so.

1053
01:03:33,600 --> 01:03:34,600
Yeah.

1054
01:03:34,600 --> 01:03:35,600
That's true.

1055
01:03:35,600 --> 01:03:36,600
Yeah.

1056
01:03:36,600 --> 01:03:41,240
I mean I have another friend of ours he was actually on probably the episode 10 of this

1057
01:03:41,240 --> 01:03:42,240
podcast.

1058
01:03:42,240 --> 01:03:43,240
Yeah.

1059
01:03:43,240 --> 01:03:48,920
But yeah I I think only him really outside of you know not outside he's still inside

1060
01:03:48,920 --> 01:03:50,200
of this inner circle.

1061
01:03:50,200 --> 01:03:51,200
Right.

1062
01:03:51,200 --> 01:03:52,200
Yeah.

1063
01:03:52,200 --> 01:03:54,840
So we do we throw him he's in software.

1064
01:03:54,840 --> 01:03:56,520
It's a little different.

1065
01:03:56,520 --> 01:03:59,400
You know something's a little bit wrong with him.

1066
01:03:59,400 --> 01:04:00,400
Yeah.

1067
01:04:00,400 --> 01:04:01,400
So OK.

1068
01:04:01,400 --> 01:04:06,840
So we worked a little bit with with with so much but besides that mostly just me and so.

1069
01:04:06,840 --> 01:04:07,840
Yeah.

1070
01:04:07,840 --> 01:04:08,840
All right.

1071
01:04:08,840 --> 01:04:10,840
Well that'll be an interesting journey for you to see you know as you start collaborating

1072
01:04:10,840 --> 01:04:12,280
with other hackers.

1073
01:04:12,280 --> 01:04:17,680
So you've worked pretty heavily with with those of the you've worked pretty heavily

1074
01:04:17,680 --> 01:04:22,760
with your time and some other hackers as well.

1075
01:04:22,760 --> 01:04:32,760
So you're not a very different anything any any sort of I guess I almost want to say culture

1076
01:04:32,760 --> 01:04:37,800
shock but anything you know what what are some things that have worked better with you

1077
01:04:37,800 --> 01:04:43,440
with your or that have worked differently with with your.

1078
01:04:43,440 --> 01:04:47,600
Obviously you've got the Japanese piece right.

1079
01:04:47,600 --> 01:04:48,920
Yeah.

1080
01:04:48,920 --> 01:04:52,720
So is that in terms of mentorship or is this in terms of like generally in terms of

1081
01:04:52,720 --> 01:04:54,200
general hacking or mentorship.

1082
01:04:54,200 --> 01:04:57,800
And then also yeah maybe maybe actually take a second to talk about the bilingual piece

1083
01:04:57,800 --> 01:05:02,600
of this as well because you know we tried to do it was actually a part of the way that

1084
01:05:02,600 --> 01:05:06,720
I picked up Japanese was trying to teach you hacking in Japanese and you correcting my

1085
01:05:06,720 --> 01:05:08,640
Japanese and that sort of thing.

1086
01:05:08,640 --> 01:05:12,160
But that's a very slow and painful process to try to hear a non native speaker explain

1087
01:05:12,160 --> 01:05:15,400
stuff and also there's a lot of English terms right.

1088
01:05:15,400 --> 01:05:24,720
So how has it worked with you being having a conversation with your 10 year native language

1089
01:05:24,720 --> 01:05:28,760
and how has that helped you understand things or get a better grip on stuff.

1090
01:05:28,760 --> 01:05:37,520
So for one I guess you know having training with you in English and Japanese I didn't

1091
01:05:37,520 --> 01:05:40,520
really feel like language barrier.

1092
01:05:40,520 --> 01:05:46,160
Like this is actually maybe just about me but like for example if I read some document

1093
01:05:46,160 --> 01:05:53,480
in English and then later visit the same thing translated in Japanese especially with a like

1094
01:05:53,480 --> 01:05:58,640
technology thing it's easier to understand in English because everything is from this

1095
01:05:58,640 --> 01:06:03,360
not always from the states but everyone writes their rights up in English.

1096
01:06:03,360 --> 01:06:05,080
So the original is in English.

1097
01:06:05,080 --> 01:06:06,080
Yeah.

1098
01:06:06,080 --> 01:06:08,680
And that because of that you get the nuance better.

1099
01:06:08,680 --> 01:06:09,680
Yeah.

1100
01:06:09,680 --> 01:06:14,240
So there is some friction in terms of language but if I read a translated version I have

1101
01:06:14,240 --> 01:06:17,120
a friction of translation in my mind.

1102
01:06:17,120 --> 01:06:22,560
So it's not necessarily a huge barrier.

1103
01:06:22,560 --> 01:06:24,760
Yeah that makes sense.

1104
01:06:24,760 --> 01:06:30,520
And when you've worked with your Ryota obviously you're speaking Japanese with him.

1105
01:06:30,520 --> 01:06:34,840
Do you think you've been able to understand concepts any better when you'll take explains

1106
01:06:34,840 --> 01:06:38,360
them in Japanese or I guess.

1107
01:06:38,360 --> 01:06:41,400
He explains like super hard things.

1108
01:06:41,400 --> 01:06:50,000
Yeah but like I really appreciate that he speaks Japanese.

1109
01:06:50,000 --> 01:06:56,920
Of course one because we can I can understand I mean like I can get any nuances better in

1110
01:06:56,920 --> 01:06:59,600
Japanese.

1111
01:06:59,600 --> 01:07:04,760
I don't know just in terms of technology and techniques and stuff I think it's not necessarily

1112
01:07:04,760 --> 01:07:05,760
the case.

1113
01:07:05,760 --> 01:07:10,640
Like someone can speak Japanese it's easier to get along with because it's hard.

1114
01:07:10,640 --> 01:07:12,280
It's hard facts most of the time.

1115
01:07:12,280 --> 01:07:15,480
It's not like nuance a lot of times.

1116
01:07:15,480 --> 01:07:18,420
So I guess that that sort of makes sense as well.

1117
01:07:18,420 --> 01:07:22,040
And you guys are to the point where you're fluent enough in English obviously because

1118
01:07:22,040 --> 01:07:29,760
we're doing this podcast in English where most of the hard facts most of the pretty

1119
01:07:29,760 --> 01:07:34,440
straightforward things that don't have a lot of wiggle room.

1120
01:07:34,440 --> 01:07:38,200
Those come through pretty well I'd imagine.

1121
01:07:38,200 --> 01:07:43,840
Any other any other thoughts so on collaboration with other hackers as you move sort of out

1122
01:07:43,840 --> 01:07:47,520
of this mentee stage into full-fledged collaboration.

1123
01:07:47,520 --> 01:07:52,040
I guess like we will tie it's not really like a collaboration it's kind of same as you.

1124
01:07:52,040 --> 01:07:58,080
But like the big difference is I think you're you can do both black box and white box.

1125
01:07:58,080 --> 01:08:01,360
But I think you have more experience on black box.

1126
01:08:01,360 --> 01:08:02,680
I think real does the opposite.

1127
01:08:02,680 --> 01:08:06,160
He can do both but he's strong is a white box.

1128
01:08:06,160 --> 01:08:12,840
So I whenever I learn from from realtor I learn something different from like what I

1129
01:08:12,840 --> 01:08:14,160
learned from you.

1130
01:08:14,160 --> 01:08:18,640
So yeah I think that's another big difference I guess.

1131
01:08:18,640 --> 01:08:22,840
How did you establish that relationship with Ryota where you were getting that information

1132
01:08:22,840 --> 01:08:23,840
back and forth.

1133
01:08:23,840 --> 01:08:28,120
In the beginning was it you messaging him a lot or did he sort of pursue you with.

1134
01:08:28,120 --> 01:08:34,760
I mean it's always me messaging like spamming Ryota.

1135
01:08:34,760 --> 01:08:37,040
All right so I think there's a lesson there right.

1136
01:08:37,040 --> 01:08:38,600
What's that lesson.

1137
01:08:38,600 --> 01:08:44,040
If you find someone really good at hacking just spam them.

1138
01:08:44,040 --> 01:08:47,520
Just joking.

1139
01:08:47,520 --> 01:08:49,560
Nice nice okay solid.

1140
01:08:49,560 --> 01:08:53,600
Well seriously there are many people like you know really generous in this industry.

1141
01:08:53,600 --> 01:08:56,240
I'm sure like I'm serious about that.

1142
01:08:56,240 --> 01:09:03,240
Like you Ryota I mean Ryota get like zero yen or zero dollar if you prefer.

1143
01:09:03,240 --> 01:09:04,880
But he still answers a lot of questions.

1144
01:09:04,880 --> 01:09:08,280
So yeah yeah that's really that is cool.

1145
01:09:08,280 --> 01:09:15,640
And I guess you know like you said spamming I think spamming is not exactly what you're

1146
01:09:15,640 --> 01:09:16,640
doing right.

1147
01:09:16,640 --> 01:09:21,200
You're you're normally in my experience with you despite there being a lot of messages.

1148
01:09:21,200 --> 01:09:27,240
Those messages are pointed and they are specific and they are good questions essentially right.

1149
01:09:27,240 --> 01:09:33,160
Not stuff that you would be able to look up on Google or things that you could ask you

1150
01:09:33,160 --> 01:09:36,720
know chat to be T or whatever right.

1151
01:09:36,720 --> 01:09:42,320
And and because of that I think I think that makes it a lot easier for us to answer you

1152
01:09:42,320 --> 01:09:43,320
know those things.

1153
01:09:43,320 --> 01:09:44,920
So I think that's good.

1154
01:09:44,920 --> 01:09:49,960
All right let me see let me see where we're at here.

1155
01:09:49,960 --> 01:09:55,120
We're doing another mobile recording so it's a little bit outside of the normal flow of

1156
01:09:55,120 --> 01:09:56,120
things right.

1157
01:09:56,120 --> 01:09:57,720
We're at an hour 10.

1158
01:09:57,720 --> 01:10:03,040
Let's see if there's anything else that we want to talk about here.

1159
01:10:03,040 --> 01:10:12,000
Yeah so this last little sort of section is kind of reigniting the the mentorship of sorts

1160
01:10:12,000 --> 01:10:16,800
OK and kind of talking about where you guys let's talk honestly about where you guys are

1161
01:10:16,800 --> 01:10:22,960
at in your hacker journey and what kind of things you would like to change or grow in.

1162
01:10:22,960 --> 01:10:28,360
OK so since you've got a little bit more experience I'm going to let you think on that one a little

1163
01:10:28,360 --> 01:10:29,360
bit.

1164
01:10:29,360 --> 01:10:35,520
Could I would you give me a little bit of summary on what kind of things you're you're

1165
01:10:35,520 --> 01:10:42,240
working on or what kind of weaknesses that you'd like to try to overcome right now.

1166
01:10:42,240 --> 01:10:50,880
Sure so what I'm currently working on is I basically I'm in the process of trying to

1167
01:10:50,880 --> 01:10:58,200
have a more comprehensive understanding of common vulnerability types because I only

1168
01:10:58,200 --> 01:11:02,640
know just several I door and access control pretty much right.

1169
01:11:02,640 --> 01:11:03,640
Yeah yeah yeah.

1170
01:11:03,640 --> 01:11:13,960
And yeah so I'm working on that and because of you know lack of knowledge I sometimes

1171
01:11:13,960 --> 01:11:21,880
try to do some bug bounty but cannot really go super deep like into one program.

1172
01:11:21,880 --> 01:11:29,480
So in a way maybe it's I feel like it's making it easier for me to sort of almost move on

1173
01:11:29,480 --> 01:11:33,600
because hey there's not much I can do that I understand.

1174
01:11:33,600 --> 01:11:34,600
Yeah yeah.

1175
01:11:34,600 --> 01:11:41,080
So so you know whenever that happens I try to you know kind of the road back to Port

1176
01:11:41,080 --> 01:11:49,000
Swigor or something and or you know just reading some reports and like how hey this one you

1177
01:11:49,000 --> 01:11:55,040
know other vulnerability works like recently I studied SSRF and stuff.

1178
01:11:55,040 --> 01:11:59,200
So starting to get a grip on those slowly slowly but surely.

1179
01:11:59,200 --> 01:12:03,880
And so when you when you get into a program and you start hacking and then you're you

1180
01:12:03,880 --> 01:12:07,760
know you're not finding vulnerabilities could you describe the feelings that are coming

1181
01:12:07,760 --> 01:12:13,920
up and that like the is there frustration there is there do you feel confident in your

1182
01:12:13,920 --> 01:12:20,800
direction that you're going you know how is that.

1183
01:12:20,800 --> 01:12:24,360
I know I know I will say I'm asking you guys to be pretty vulnerable here because there

1184
01:12:24,360 --> 01:12:30,320
are a lot of people that from our side as the hackers I genuinely want to help you know

1185
01:12:30,320 --> 01:12:31,720
people to grow right.

1186
01:12:31,720 --> 01:12:36,760
And there are a lot of people in your shoes that genuinely want to grow and they want

1187
01:12:36,760 --> 01:12:39,280
to overcome these sort of feelings that they're having.

1188
01:12:39,280 --> 01:12:43,560
And I think knowing that there are other people experiencing those things and overcoming them

1189
01:12:43,560 --> 01:12:46,280
as you guys are I think that helps.

1190
01:12:46,280 --> 01:12:51,320
So I'm sorry for putting you on the spot with some difficult questions about yourself and

1191
01:12:51,320 --> 01:12:55,600
your current journey but I think it'll be helpful.

1192
01:12:55,600 --> 01:13:01,720
Yeah I'm sorry.

1193
01:13:01,720 --> 01:13:10,360
I haven't really in a pragmatic sense implemented this method yet but um yeah the feeling of

1194
01:13:10,360 --> 01:13:15,200
hey maybe there's not much I can do that I understand.

1195
01:13:15,200 --> 01:13:34,800
That definitely makes me frustrated and lost to a degree but.

1196
01:13:34,800 --> 01:13:36,040
Sorry what was the question again.

1197
01:13:36,040 --> 01:13:42,560
Yeah yeah no no I guess so that that that makes sense you know lost to a degree right.

1198
01:13:42,560 --> 01:13:46,800
And so I guess what what are what are some other things that are sort of coming up as

1199
01:13:46,800 --> 01:13:49,520
you're as you're going through that and how does that affect your journey.

1200
01:13:49,520 --> 01:13:55,280
Like do you leave the computer frustrated or and how do you sort of process that.

1201
01:13:55,280 --> 01:13:58,000
What kind of stuff's coming up.

1202
01:13:58,000 --> 01:14:01,240
I do leave my computer kind of frustrated.

1203
01:14:01,240 --> 01:14:08,100
But I I'm aware that there is a need for me to you know in that sort of situation at least

1204
01:14:08,100 --> 01:14:11,680
lay out you know all the things that I've already tried.

1205
01:14:11,680 --> 01:14:19,120
Good and and then move on or still you know stick to what I was working on.

1206
01:14:19,120 --> 01:14:27,640
How much time are you spending on a target before you move along go back to education.

1207
01:14:27,640 --> 01:14:32,440
Another great question.

1208
01:14:32,440 --> 01:14:37,080
Just a ballpark is fine you know I realize you're probably not recording this you know

1209
01:14:37,080 --> 01:14:41,000
did four hours on this target today or whatever.

1210
01:14:41,000 --> 01:14:43,240
Probably should.

1211
01:14:43,240 --> 01:14:44,800
Yeah I think that'd be helpful.

1212
01:14:44,800 --> 01:14:45,800
Yeah.

1213
01:14:45,800 --> 01:14:46,800
I don't know.

1214
01:14:46,800 --> 01:14:54,240
It could be sometimes super I guess unnecessarily long sometimes.

1215
01:14:54,240 --> 01:14:56,200
Yeah just for almost a week.

1216
01:14:56,200 --> 01:15:00,120
Yeah so like 40 hours or roughly 30 hours in a week.

1217
01:15:00,120 --> 01:15:04,440
Yeah like roughly yeah 30 to 35 hours a week.

1218
01:15:04,440 --> 01:15:05,440
Okay.

1219
01:15:05,440 --> 01:15:09,480
Like although I don't really have you know I don't even understand.

1220
01:15:09,480 --> 01:15:10,480
Right.

1221
01:15:10,480 --> 01:15:13,880
And we've kind of talked about this as well as like you know you're going in there you're

1222
01:15:13,880 --> 01:15:18,040
spending time in the requests reading the requests right trying to understand what's

1223
01:15:18,040 --> 01:15:22,440
happening and you know maybe you'll leave that situation frustrated that maybe you haven't

1224
01:15:22,440 --> 01:15:26,880
found a volume but every single time you read a request and you try to understand what's

1225
01:15:26,880 --> 01:15:31,920
going on you're gaining reps you know you're you're it's like you know it's like you're

1226
01:15:31,920 --> 01:15:37,480
doing the workout you know and you're you're becoming stronger at analyzing requests understanding

1227
01:15:37,480 --> 01:15:42,600
what's happening and reducing that friction to the next time you try an attack vector.

1228
01:15:42,600 --> 01:15:49,600
So yeah I think I think 40 hours on a target you know I think like you said that that's

1229
01:15:49,600 --> 01:15:54,880
probably or 30 30 to 35 is what you said.

1230
01:15:54,880 --> 01:16:02,360
Probably probably a tad bit long without without you know having more direction or more it's

1231
01:16:02,360 --> 01:16:06,360
probably about right you know about but maybe on the long side if you've only got two two

1232
01:16:06,360 --> 01:16:07,840
vulnerability types right.

1233
01:16:07,840 --> 01:16:12,360
I mean would you you're making some sort of agreement sound so do you do you agree with

1234
01:16:12,360 --> 01:16:13,880
that or do you disagree with that.

1235
01:16:13,880 --> 01:16:18,560
Like do you think that's long for him to be on a target at this point in his in his journey.

1236
01:16:18,560 --> 01:16:27,360
I mean I actually was thinking from pretty different perspective which is that so I think

1237
01:16:27,360 --> 01:16:35,940
like the biggest difference between you and us is like we really lack a lot of basics.

1238
01:16:35,940 --> 01:16:41,000
So sometimes I feel like the reason why I don't find that the same amount of access

1239
01:16:41,000 --> 01:16:49,320
control bugs like even in Idars as you it's not because I don't have enough reps but also

1240
01:16:49,320 --> 01:16:56,160
because you have generally better understandings on like different things and I don't know

1241
01:16:56,160 --> 01:17:03,760
how they're all connected but kind of same argument as you know better hacker knows like

1242
01:17:03,760 --> 01:17:07,200
how to write a cult stuff.

1243
01:17:07,200 --> 01:17:13,320
So I guess that basic knowledge are you saying that that's something more like so I'm able

1244
01:17:13,320 --> 01:17:20,080
to extract more attack surface out of the program or out of the application or do you

1245
01:17:20,080 --> 01:17:26,200
think that's actually like you know basic knowledge as in like for example because at

1246
01:17:26,200 --> 01:17:30,280
the end of the day Idars are Idars you sub the IDs you know you figure it out we all

1247
01:17:30,280 --> 01:17:35,640
know how that works right you know the reason you're not finding the Idars is there's two

1248
01:17:35,640 --> 01:17:40,040
reasons one you didn't try the request two you didn't find the request.

1249
01:17:40,040 --> 01:17:48,680
But for example if you take a JSON for example yeah the first few months I didn't know that

1250
01:17:48,680 --> 01:17:56,040
swapping you know key value stuff really make most of the time no difference sometimes of

1251
01:17:56,040 --> 01:18:02,600
course right but if you have like completely different keys yeah and then swapping them

1252
01:18:02,600 --> 01:18:09,360
doesn't really affect anything sure I didn't know that so I think I would I had tried you

1253
01:18:09,360 --> 01:18:14,240
know swapping them at least once but it's a waste of time swapping swapping meaning

1254
01:18:14,240 --> 01:18:19,060
what like changing the order of the keys okay yeah yeah but that's very limited scenarios

1255
01:18:19,060 --> 01:18:23,640
with that that you know yeah but it's like a test you know right backslash and maybe

1256
01:18:23,640 --> 01:18:30,920
that works but test one test two I don't know right right kind of so then I waste time there

1257
01:18:30,920 --> 01:18:37,600
the same like for cache behavior sure sometimes you say like this is dead end but I just you

1258
01:18:37,600 --> 01:18:43,720
know keep pushing forward for like another hour to realize that this is the end this

1259
01:18:43,720 --> 01:18:50,160
is actually dead end sure so then I kind of start to think like maybe I have to increase

1260
01:18:50,160 --> 01:18:55,960
like general understanding of cyber security computer science so yeah I think that's I

1261
01:18:55,960 --> 01:19:00,360
like how so many of your examples are about JSON pollution right now because you read

1262
01:19:00,360 --> 01:19:08,080
that article recently you're like oh yeah also because you brought up JSON as the first

1263
01:19:08,080 --> 01:19:15,040
thing I learned right right ever since that day he's been obsessed with JSON yeah that

1264
01:19:15,040 --> 01:19:22,120
that makes sense having some things that you don't that you you've got to kind of figure

1265
01:19:22,120 --> 01:19:26,760
out for yourself are dead ends you know and also testing the assumptions we talk about

1266
01:19:26,760 --> 01:19:30,160
this a lot on the podcast but everyone has their own set of eyes right and I can tell

1267
01:19:30,160 --> 01:19:36,320
you so that that's a dead end but until you've gone down that path it's hard for you to know

1268
01:19:36,320 --> 01:19:41,040
that that's a dead end and that's the hacker mentality right because every time you you

1269
01:19:41,040 --> 01:19:49,600
try to you know go to slash admin you're gonna get 403 right but you can't trust that 403

1270
01:19:49,600 --> 01:19:54,400
you know and you got to try admin slash you got to try admin percent OA slash you know

1271
01:19:54,400 --> 01:20:01,840
you know that too if you know what it's like you know what backend is like if you have

1272
01:20:01,840 --> 01:20:06,920
ever seen like nginx configuration once right you might think about that right but if you

1273
01:20:06,920 --> 01:20:11,560
have never seen that point it's just a waste of time yeah because you don't know how things

1274
01:20:11,560 --> 01:20:16,880
could get wrong go wrong so I guess the thing that I was I was so I guess bringing that

1275
01:20:16,880 --> 01:20:22,400
back around to codize situation you know spending 30 hours or 35 hours you know with two two

1276
01:20:22,400 --> 01:20:28,280
vulnerability types I think there's sort of a blog post that I'm working on with I said

1277
01:20:28,280 --> 01:20:39,640
essentially a percentages scenario is you know layout where I say okay you know after you know I door access control bugs

1278
01:20:39,640 --> 01:20:47,360
SSS CSS CSRF and then you know maybe a couple other things you should be spending 60% of

1279
01:20:47,360 --> 01:20:54,560
your time hacking and 40% of your time learning right because those bugs make up the majority

1280
01:20:54,560 --> 01:20:59,280
of you know the bugs that are found right but you know koda is not quite at that spot

1281
01:20:59,280 --> 01:21:03,800
yet so I think koda you might still be at like an 80 20 right where in a week you're

1282
01:21:03,800 --> 01:21:10,920
spending you know 80% of your time learning and then 20% of your time actually hacking

1283
01:21:10,920 --> 01:21:15,320
and as that continues to grow you know as you you know your your vulnerabilities that

1284
01:21:15,320 --> 01:21:19,800
you're comfortable with continue to grow that's when you sort of increase the the attacking

1285
01:21:19,800 --> 01:21:24,760
the actual hacking piece the hands on the keyboard piece does that make sense does that resound

1286
01:21:24,760 --> 01:21:30,560
with you yeah you should grab the mic for that we really are one mic sorry about that

1287
01:21:30,560 --> 01:21:37,800
does that resound with you it does yeah yeah um I think that might help reduce frustration

1288
01:21:37,800 --> 01:21:47,200
and help increase you know feeling of progress in bug bounty yeah um what kind of vulnerabilities

1289
01:21:47,200 --> 01:21:52,160
right now you mentioned ssrf is that been your primary focus for the past couple weeks

1290
01:21:52,160 --> 01:21:57,400
or there other vulnerabilities you're learning about um xxe injections oh nice yeah and I

1291
01:21:57,400 --> 01:22:02,960
also try to look for some csrs as well oh nice yeah yeah we did cover that a little

1292
01:22:02,960 --> 01:22:08,960
bit yeah and a bit of xss very nice yeah um good stuff dude yeah and I guess that's about

1293
01:22:08,960 --> 01:22:14,880
it nice keep at it for those of you listening I just gave kodai a little little fist bump

1294
01:22:14,880 --> 01:22:18,680
and it kind of kind of hurt the knuckles all right all right so so talk to me a little

1295
01:22:18,680 --> 01:22:21,520
bit about where you're at in your journey what kind of things you're trying to improve

1296
01:22:21,520 --> 01:22:28,640
on and what kind of stuff you're trying to um uh yeah grow in what's working what's not

1297
01:22:28,640 --> 01:22:36,520
working for you right now I guess I'm like these days like 90% learning 10% hacking yeah

1298
01:22:36,520 --> 01:22:42,120
decide your job of course yeah of course yeah yeah reason for that is because so like it's

1299
01:22:42,120 --> 01:22:48,360
like 60 40 ratio yeah I think that really works if you want to become a good black bunny

1300
01:22:48,360 --> 01:22:55,840
hunter as fast as possible but now my goal is just you know have fun learning new things

1301
01:22:55,840 --> 01:23:01,440
and trying to like put that into practice like try to apply exploits that I found in

1302
01:23:01,440 --> 01:23:08,680
a while stuff like that so I do more of like reading blog posts like you know reading uh

1303
01:23:08,680 --> 01:23:17,080
twitter twitter feed and also like reading cvs try to find cvs and sometimes do black

1304
01:23:17,080 --> 01:23:22,520
bounty and then try to apply all these things that I learned in like uh in the last two

1305
01:23:22,520 --> 01:23:28,360
weeks or three yeah into practice that's like yeah what I do that's pretty solid let's let's

1306
01:23:28,360 --> 01:23:34,920
uh let's call some shots here where do you want to be in uh in two years or do you want

1307
01:23:34,920 --> 01:23:39,860
to be in two years careerially and where do you want to be um you know I guess from a

1308
01:23:39,860 --> 01:23:44,040
technical perspective what things do you want to understand what kind of bugs do you want

1309
01:23:44,040 --> 01:23:47,960
to be finding you know what kind of research do you want to be doing similar things or

1310
01:23:47,960 --> 01:24:01,160
he's he's thinking yeah I'm thinking yeah show the shirt he's wearing a shirt right

1311
01:24:01,160 --> 01:24:06,640
now that says thinking and then has a loading bar that's halfway halfway done that's great

1312
01:24:06,640 --> 01:24:11,480
it's really hard so one there are a lot of things that I learn there are a lot of blog

1313
01:24:11,480 --> 01:24:18,000
posts published like every day so like on a daily basis I don't really have like specific

1314
01:24:18,000 --> 01:24:22,920
direction to go I just have a lot of things that I learned that I love to learn so I just

1315
01:24:22,920 --> 01:24:29,080
do it and just really vaguely I think you'd be really cool if I can do something like

1316
01:24:29,080 --> 01:24:35,160
what people in asset notes do like their blog posts are like this is crazy right yeah we

1317
01:24:35,160 --> 01:24:41,640
all we all right we would all love to do that yeah so like at some point it would be really

1318
01:24:41,640 --> 01:24:47,640
cool if I can do kind of same thing which is you know finding like crazy exploit on

1319
01:24:47,640 --> 01:24:56,440
the big yeah the vendor so semi sort of semi white box security research yeah right but

1320
01:24:56,440 --> 01:25:03,080
yeah black box is cool too so yeah yeah yeah and what as a note doesn't does is not necessarily

1321
01:25:03,080 --> 01:25:06,840
white box but they try as best they can to make it white box right they try to as much

1322
01:25:06,840 --> 01:25:12,840
they can to get their hands on source code in do reverse engineering and sometimes they

1323
01:25:12,840 --> 01:25:16,600
they have to deal with the binary exploitation stuff and sometimes they get their hands on

1324
01:25:16,600 --> 01:25:20,920
source yeah so that's white box so yeah I think in terms of black box like something

1325
01:25:20,920 --> 01:25:26,840
like I I can't just pronounce his name but you say Samira yeah yeah yeah yeah yeah if

1326
01:25:26,840 --> 01:25:31,800
I can this all I can his stuff is is largely white box too because it's front end and you

1327
01:25:31,800 --> 01:25:38,760
have front end code yeah so I think that's maybe like something at least a bit of source

1328
01:25:38,760 --> 01:25:42,760
called the thing is what I want to do I guess that's cool yeah so you kind of want to go

1329
01:25:42,760 --> 01:25:48,120
down the source code reading and then vulnerability finding yeah nice could I uh I think your goals

1330
01:25:48,120 --> 01:25:51,880
are a little different you know you mentioned before being able to live a nomadic life right

1331
01:25:51,880 --> 01:25:55,640
you want to be able to travel around and work on your schedule what kind of goals do you have for

1332
01:25:55,640 --> 01:26:04,520
the future in in bug bounty so as I said at the beginning of this podcast I'm in the process of

1333
01:26:04,520 --> 01:26:09,560
you know applying for some actual companies right now yeah I just can't say hey I'm only right

1334
01:26:10,440 --> 01:26:15,400
just focusing on doing some bug bounty right right of course of course and as much as I would I would

1335
01:26:15,400 --> 01:26:20,360
I tell you all the time man bug bounty is the life you know I totally understand that and and um you

1336
01:26:20,360 --> 01:26:24,920
know some jobs allow to work remote and some jobs don't allow to work remote and I think it's

1337
01:26:24,920 --> 01:26:30,280
important for you to get in there and you know have some career experiences as well yeah so it

1338
01:26:30,280 --> 01:26:34,520
doesn't have to be limited let's just make this more broadly let's make it career-y yeah so

1339
01:26:34,520 --> 01:26:43,080
yeah it's like you know that being said I do still want to have the capability of you know

1340
01:26:43,080 --> 01:26:52,120
you know I'm working and living nomadically like regardless of my decisions so yeah um

1341
01:26:53,480 --> 01:26:57,240
so into let me make this question a little bit more specific in two to five years

1342
01:26:58,120 --> 01:26:59,480
what would you like to see yourself

1343
01:27:04,360 --> 01:27:09,640
if one of the companies that I'm applying for right now yeah really

1344
01:27:09,640 --> 01:27:15,640
if one of them really like clicked then I might just you know naturally stick to yeah to it but

1345
01:27:18,440 --> 01:27:19,880
if that wasn't the case

1346
01:27:22,440 --> 01:27:32,120
I think I had to try to spend more time um in bug bounty and of course if that didn't really

1347
01:27:32,120 --> 01:27:40,280
work temporarily then I try to you know do more um studying learning just like you know so does and

1348
01:27:41,720 --> 01:27:46,920
yeah yeah that makes sense do you do you see bug bounty more as a stepping stone for you

1349
01:27:47,560 --> 01:27:53,720
like as a as a as a stair to get to a destination you know or do you see bug bounty as something

1350
01:27:53,720 --> 01:27:57,400
that might stay in your life more long term after you get a job

1351
01:27:57,400 --> 01:28:00,520
might stay in your life more long term after you get a job

1352
01:28:03,320 --> 01:28:11,000
I don't want it to stay in stayed in my life um because all the bug bounty hunters

1353
01:28:11,960 --> 01:28:18,600
that I've seen they're so they're all super cool including you guys yeah and uh yeah you just you

1354
01:28:18,600 --> 01:28:25,320
know I just wanted to do something really badass yeah in my life so yeah yeah so did you say you

1355
01:28:25,320 --> 01:28:33,160
you do or you don't want wanted to stay in your life I would you do okay sorry could I I misheard

1356
01:28:33,160 --> 01:28:40,200
you there sorry about that uh but uh uh sorry my poor articulation no no you're good I we always

1357
01:28:40,200 --> 01:28:45,400
try to we always troll Kodai because he spends so much time you know really articulating and

1358
01:28:45,400 --> 01:28:49,080
speaking really well in English so anytime I miss anything I have to give him a

1359
01:28:49,080 --> 01:28:56,360
uh uh gotcha um so what about you we'll close with this one but like what do you think you

1360
01:28:56,360 --> 01:29:01,400
see yourself staying in bug bounty or do you think bug bounty is a training thing for you

1361
01:29:01,400 --> 01:29:08,840
I mean I think uh I love to stay in bug bounty and that's simply because the the very first reason

1362
01:29:08,840 --> 01:29:14,840
I ditched like being diplomat course right right is because I thought it's super cool to you know

1363
01:29:14,840 --> 01:29:22,680
be like you be like you know top hacker you know finding crazy vulnerabilities and protecting the

1364
01:29:22,680 --> 01:29:29,000
world that that sounds really cool so I think that's the first inspiration so I think that's

1365
01:29:29,000 --> 01:29:34,440
gonna stick to my mind I mean for long term I guess good good shit guys all right let's do it

1366
01:29:34,440 --> 01:29:50,440
let's rock it let's find those uh let's find those bones peace

1367
01:29:50,440 --> 01:29:52,440
uh

1368
01:29:53,320 --> 01:29:58,520
so the not even not even halfway

1369
01:30:03,320 --> 01:30:10,040
20 minutes in my phone cut off so I think this will be mostly on the episode that's okay though

1370
01:30:10,040 --> 01:30:17,880
so so uh as we finish off this episode Kodai's got a little bit of a of a of a word of advice for

1371
01:30:17,880 --> 01:30:22,280
an admonition for those of you listening on on youtube what is that Kodai what have you always

1372
01:30:22,280 --> 01:30:26,520
wanted to say to the viewers yeah just you know thank you all for watching this uh listening to

1373
01:30:26,520 --> 01:30:33,400
this podcast and just definitely smash the description and leave some likes in the comment

1374
01:30:33,400 --> 01:30:40,760
section it's crucial that's crucial right there