Kevin Roh bio photo

Kevin Roh

Bug Bounty Participant

Email Twitter Github

Background Story

As a college student, I would run into financial issues (food) and therefore I decided to try something different and become an Uber driver so I can get some extra cash while still in school. As I was navigating through their website I encountered ~900 Uber partners driver licenses, SSN, tax information, etc. This was the first bug I ever encountered. At this point I reported it over to Uber and they invited me to their private bug bounty program on HackerOne. After receiving a bounty a month later I got hooked.

HackerOne (H1-702) Event

Before the H1-702 event I did not receive an invite but yet everyone was talking about it during DEFCON. When I attended one of the events that I was invited to I got an invite to H1-702.

My initial thoughts before going to the event was thinking I won’t be able to find anything and there was no point. The overwhelming feeling of sitting in a room packed with highly skilled Hackers setting up all their scripts and programs while you only open up Burp Suite.

When the event started and within the first 5 minutes someone has already found a vulnerability. As for me, a few hours went by without finding a single vulnerability. At this point I started to lose hope but decided to change my methodology. Once I took a step back and thought about what the platform provided, I found my first vulnerability. After the first, I found another vulnerability, then another and another. At that point, someone comes into the room and tells me I’m ranked #1 on the H1-702 leaderboard.

The whole entire feeling was surreal and I couldn’t believe what was happening and at the end of the event I came out ranked #2 on the H1-702 leaderboard. I never thought this could have ever happened.

The most important thing I have learned throughout the event was never to underestimate yourself. Always take a step back when you run into trouble and try to have a different mindset. Use different methods and if it works, continue with it. If it doesn’t, change it. Of course, this is easier said than done but it’s possible.

Thank You!

Thank you HackerOne for holding this event and thank you Ted for inviting me. It was an incredible, unforgettable experience. I cannot thank you enough and greatly appreciate everything you have done.

Ending

For the past couple of weeks I have learned to try to take every opportunity that is given. You never know what will happen at the end.

One of the best experiences throughout the event was meeting all the Hackers in person and everyone at HackerOne. I hope to see them all soon again.