1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Check Out My Latest Exploit Video

Discussion in 'BlackHat Lounge' started by Elliot305, Jul 15, 2014.

  1. Elliot305

    Elliot305 Jr. VIP Jr. VIP

    Joined:
    Jul 21, 2010
    Messages:
    500
    Likes Received:
    1,323
    Occupation:
    Loophole/Exploit Specialist
    Location:
    In The Sun
    Not my usual exploit video, but it's what I'm trying to get into now. Let me know what you think.

    [video=youtube_share;egkpf7ZvaiI]http://youtu.be/egkpf7ZvaiI[/video]
     
    • Thanks Thanks x 3
  2. wickid

    wickid Junior Member

    Joined:
    May 8, 2008
    Messages:
    159
    Likes Received:
    52
    Home Page:
    Nice work on that video. I'd be interested in watching any actual exploit videos you put out in the future.
     
    • Thanks Thanks x 1
  3. Aluminium

    Aluminium Jr. VIP Jr. VIP Premium Member

    Joined:
    Dec 5, 2013
    Messages:
    1,543
    Likes Received:
    874
    Gender:
    Male
    Occupation:
    High-Quality Content Provider
    Location:
    Canada
    Home Page:
    Dat BTC balance, and dat editing.

    Fantastic as usual Elliott, I wonder how many Gucci belts you could buy with that...
     
    • Thanks Thanks x 2
  4. Apricot

    Apricot Administrator Staff Member Moderator

    Joined:
    Mar 26, 2013
    Messages:
    11,962
    Likes Received:
    6,442
    Gender:
    Female
    Occupation:
    BHW Moderator
    Location:
    London
    Home Page:
    Well Fall is looking very profitable!
     
    • Thanks Thanks x 1
  5. Elliot305

    Elliot305 Jr. VIP Jr. VIP

    Joined:
    Jul 21, 2010
    Messages:
    500
    Likes Received:
    1,323
    Occupation:
    Loophole/Exploit Specialist
    Location:
    In The Sun
    Hope so. I would like to get some bigger casino clients and/or longer term clients. So far my consulting career has had mixed results so I'm hoping a presentation like this will intrigue them more in having that initial conversation.
     
  6. Elliot305

    Elliot305 Jr. VIP Jr. VIP

    Joined:
    Jul 21, 2010
    Messages:
    500
    Likes Received:
    1,323
    Occupation:
    Loophole/Exploit Specialist
    Location:
    In The Sun
    Just wanted to give an update here on my "consulting career." The results have been very mixed. For the most part I'm not getting enough companies interested in working with me. I sent the above "resume video" out to to handful of companies and did hear back from one. I didn't want to send it to every company yet as I'm looking to get feedback on my pitch and approach has a whole with the companies who decide not to work with me. Anyway, the company that seemed pretty interested was a big player in the industry and I received an email from one of the lead technical guys there. He wanted to know what I could offer and I briefly explained my procedures for finding these vulnerabilities and sent him full-length videos of the exploits at work (without giving up the goods on how I was doing it).

    He then asked me for a pricing sheet so he could take back to management and see if they would be interested. I don't know guys, I might have messed up here cause I didn't give him a price, rather, I stated that I would want them to present a price to me and if it's worth it then we could continue talks. I didn't want to come across as being desperate for work...cause I'm not. I didn't want to lowball myself either cause the time I would spend testing their games I could be using for testing for exploiting purposes rather than consulting. So it was a tough question to ask me...it really depends on how valuable they deem my services. Here is my response to the email. Let me know if you think I screwed up on my approach to this.

    (Full disclosure: It's been over a week and they haven't responded yet even though he did respond to this email and said he understands my position on how I'm offering my services. Maybe he understood and management was turned off by it...hard to say.)

    Sure, I will upload a couple longer videos. Give me an hour or so and I'll send over the links. Mind you, I take several pauses in the videos in order to carry out the exploits as they were made for the sole purpose of showing that I can manipulate the games rather than the exact steps of how I do it. That information is proprietary at this point and it wouldn't behoove me to spell out what I'm doing. Hope you can understand my stance on that. Nonetheless, you will certainly see the games being manipulated.

    As far as pricing goes, I do not have a pricing sheet but usually work off a fixed fee for investigating/testing with a bounty fee for finding vulnerabilities. The flat fee would depend on how many games you want me to test and how many hours you want me to put into it. I can tell you I've spent 50 hours testing a single exploit on just one game and on a different game it only took me 15 minutes to find something. I must state that any games I test will need to be online or mimic an online environment (i.e.I cannot test brick & mortar games).

    I would really like to nail down a fixed fee for both testing and finding on a per game instance. So Blackjack let's say would have a single fixed fee for testing but could have multiple fixed bounty fees for finding multiple vulnerabilities. This way, if I get overly obsessed (sometimes do) with testing a game then it won't cost you guys extra money if I do not come up with anything. If I find something then that over testing paid off as I get compensated via the bounty. Once we agree a game is secure from all my tests we move onto a different one. I can always go back to previously tested games but would only be compensated on a bounty basis if something was found.

    My work is unique as I have both clients who I help as well as exploits which I carry-out on my own against other casinos. I've always gone the exploit route but decided to give consulting a try for the gaming industry. So my time is divided up between those two "career paths." The reason why I'm explaining this to you is that you had asked me for a price sheet. My work cannot be quantified or qualified based upon a standard hourly scale or contractor wage. Rather, I believe it should be how much are you willing to offer me for my services. I have to weigh how much time will be invested and how much I can make deploying my exploits against companies versus how much I can make helping them out.

    So I would like to pose that question back to you on what are you willing to offer? Sorry if I'm being a hard-ass about this, but I'm not coming from a situation where I need a job or money. But I do believe my talents can help the casino industry...now it's just a matter of does it make sense fiscally speaking to do so. Also, I'm not saying this as an indirect threat of if we don't agree to a deal then I'm going to exploit your system...it's just me trying to balance out and weigh my exploiting career versus my new found consulting one.
     
  7. Asif WILSON Khan

    Asif WILSON Khan Executive VIP Premium Member

    Joined:
    Nov 10, 2012
    Messages:
    10,112
    Likes Received:
    28,526
    Gender:
    Male
    Occupation:
    Fun Lovin' Criminal
    Location:
    London
    Home Page:


    No offence but your reply was pretty bad. All I got from it, was that you didn't know the value of your time.
    If you don't know how much your time is worth then no company is going to work that out for you.
    You need to set a realistic hourly rate or set a charge for x number of hours. Although I don't see many companies going for this.
    Also you need to do your research and find the executive level to pitch to, some guy in the IT department isn't going to have the authority to hire you.
     
    • Thanks Thanks x 1
  8. Elliot305

    Elliot305 Jr. VIP Jr. VIP

    Joined:
    Jul 21, 2010
    Messages:
    500
    Likes Received:
    1,323
    Occupation:
    Loophole/Exploit Specialist
    Location:
    In The Sun
    I appreciate the feedback...it makes sense. Haven't pitched many companies so I can make these changes and still have a good amount of prospects. One company was fine with coming up with their own value/figure on what my services would be worth, but I can see your point. I didn't know if having a set figure made it look like a "take it or leave it" proposal and thought every company may be different with what they want to pay.
     
  9. Asif WILSON Khan

    Asif WILSON Khan Executive VIP Premium Member

    Joined:
    Nov 10, 2012
    Messages:
    10,112
    Likes Received:
    28,526
    Gender:
    Male
    Occupation:
    Fun Lovin' Criminal
    Location:
    London
    Home Page:

    Try to work out a fee schedule/pricing for different sized companies.
    Look at what others are charging for Web App Testing and Web Application Security Testing
     
    • Thanks Thanks x 1
  10. phatzilla

    phatzilla Supreme Member

    Joined:
    Apr 9, 2009
    Messages:
    1,365
    Likes Received:
    1,017
    Cool video, looks like theyre fixing the hi-lo game. i hope they paid you for it.
     
    • Thanks Thanks x 1
    Last edited: Jul 28, 2014
  11. DatMoney

    DatMoney Regular Member

    Joined:
    Jul 20, 2014
    Messages:
    238
    Likes Received:
    103
    Occupation:
    Chief Engineer at NASA
    Location:
    New York, United Kingdom
    Home Page:
    wow you are an epic genius. I checked your previous threads and all of them are pure gold. Especially, that telemarketing method .
     
    • Thanks Thanks x 1
  12. Elliot305

    Elliot305 Jr. VIP Jr. VIP

    Joined:
    Jul 21, 2010
    Messages:
    500
    Likes Received:
    1,323
    Occupation:
    Loophole/Exploit Specialist
    Location:
    In The Sun
    yeah, the story with that company is crazy. They pretty much back stabbed me and I went from consulting/working with them to exploiting them. Very weird relationship we have now.
     
  13. Elliot305

    Elliot305 Jr. VIP Jr. VIP

    Joined:
    Jul 21, 2010
    Messages:
    500
    Likes Received:
    1,323
    Occupation:
    Loophole/Exploit Specialist
    Location:
    In The Sun
    Thank you. I'm thinking of giving up my Adsense exploit so keep an eye out in case I do.
     
    • Thanks Thanks x 1
  14. DatMoney

    DatMoney Regular Member

    Joined:
    Jul 20, 2014
    Messages:
    238
    Likes Received:
    103
    Occupation:
    Chief Engineer at NASA
    Location:
    New York, United Kingdom
    Home Page:
    Sure I will keep an eye on that. I have never seen anyone with your intelligence before. Really, amazing shares you have made here! Thanks :)
     
  15. truth_hurts

    truth_hurts Newbie

    Joined:
    Jun 21, 2013
    Messages:
    0
    Likes Received:
    0
    the videos have been removed, could you re-upload them please

    Thanks