10 actionable tips for bug bounty beginners to boost their success in the first 12 months of hacking. Don’t forget to subscribe for more!
Casey is an A-Grade distruptor, a successful entrepreneur, a pioneer in crowd-sourced security, the founder and CTO or Bugcrowd, a hacker, musician, family man, and all-round great human. In this interview we chat about his childhood, inspiration, motivation, previous businesses, views on life, productivity hacks, work/life balance, entrepreneurship, cyber security, and the power of surrounding yourself with good people. If you’re curious, I tracked down some of his music on Soundcloud: https://soundcloud.com/caseyjohnellis I’m fairly sure that this is the TV show that he hosted, although I can’t find any videos of him actually hosting – let me know if you can! https://www.youtube.com/user/crewtvaus
How To Start Doing That Thing
The first step (and the most difficult) to achieving anything that you want is to start. Why is it so hard, and how can we overcome these limiting habits?
In this video I speak about this, and offer some suggestions that have helped me in the past.
Surge.sh flies under the radar of many, but it’s pretty common among static-site developers. Personally, I find it to be the best place for hosting my XSS payloads. It’s free, easy, they provide SSL, and you can deploy scripts in (literally) seconds.
Earlier today I made a Tweet about how good Surge is for hosting XSS payloads, and a lot of people seemed to like it.
There were some comments that were asking about how to set it up, so I thought I’d write a blog about it.
- First you will need to install NodeJS, which you can download here: https://nodejs.org/en/
- Run the following command to install the surge CLI tool
npm install --global surge
That’s it, you’ve installed surge.
Deploying Your Payload
Create an empty directory and navigate to it.
mkdir mypayload cd mypayload
echo "alert(1)" > payload.js
Run “surge” to deploy all files in the current directory, which should just be payload.js if you have been following along.
The first time you run surge, it will ask for your email and a password. Once you’ve set that up it won’t ask you again.
The screenshot below shows the whole deployment process.
I should say that Surge isn’t just for XSS payloads, it is very good at hosting full static sites.
If you enjoyed this, follow me on my socials!