Top War Stories from a Try Hard Bug Bounty Hunter, Rhynorater | Bug Bounty Village, DEF CON 32

Speaker: Justin Gardner (@Rhynorater)
Presented at: Bug Bounty Village, DEF CON 32

Veteran bug bounty hunter Justin Gardner (@Rhynorater) shares 11 of his most impactful and technically challenging vulnerabilities discovered over the past few years of full-time hacking. Designed to simulate the “show-and-tell” experience at private live hacking events, this talk walks through the full process behind critical bugs that earned bounties ranging from $15K to $60K — including deep technical details, common missteps, and hard-won lessons.

Covering targets that span web apps, IoT devices, mobile apps, and desktop software, Justin highlights the value of high-effort manual techniques and a relentless curiosity. Expect insights into bypassing reverse proxies, abusing misconfigured auth flows, chaining multi-vector exploits, and even crafting remote exploits from firmware-level access and protocol abuse.

Topics include:

NGINX 403 bypass to 4.5M user PII leak
Account takeover via undocumented OAuth flows
Numeric IDORs exposing password reset tokens
Blind XSS via SMS chained to mass ATO
Invisible video meeting snooping through WebRTC misuse
Remote RCE via custom Perforce server and binary protocol abuse
Config injection on routers for persistent code execution
Double injection exploitation via DNSMASQ quirks
SQLi in version control software leading to session cookie theft
SIP protocol manipulation for spying and call hijacking in consumer IoT devices

This talk is packed with actionable takeaways for both new and experienced hackers:

Revisit old vulnerability classes in new contexts
Don’t shy away from targets outside your comfort zone
Collaborate with others to bridge knowledge gaps
Prioritize persistence and methodical investigation over automation

Whether you’re a bug bounty newcomer or a seasoned researcher, this is a deep-dive into high-ROI manual testing, creative exploit development, and the mindset it takes to turn edge cases into critical payouts.

#BugBounty #DEFCON #BBV #BugBountyVillage #Hacking #Infosec #WebSecurity #IoTSecurity #ManualTesting