We all have some people in bug bounty that we look up to. It’s often people that are in the industry pretty much since the beginning and they were doing web security even before bug bounty became a thing. There’s always a catch that they started in different times -...
Bug Bounty
Live hacking events – what do top hunters focus on?
𝚛𝚎𝚣𝟶 tweeted about lessons learned on the last H1-702 live hacking event. Among others, he shared what he thinks top hackers focus on during these events: Client-side javascript review (looking for chains, xss, auth bypass, etc), auth bugs (looking for oauth issues,...
Bug bounty isn’t a ‘get-rich-quick’ scheme
Ajax Chapman shared some thoughts about the bug bounty industry and the takeaway for me is that, contrary to somewhat popular expectation, it’s not a get-rich-quick scheme and it takes a lot of work to become successful. I think that for most people in my audience...
GitLab Security AMAs
GitLab bug bounty program is so cool they make AMAs with their top hackers. In this playlist on YouTube, you can hear from great hunters covered on my channel like Alex Chapman, William Bowling and Johan Carlsson. It’s always worth hearing what these guys have in...
Bugcrowd researcher templates
Bugcrowd doesn’t stop to impress me recently. They created report templates that we can use. Importantly, they didn’t restrict the usage to their platform but they published them on the GitHub repo so you can also use them on other platforms. Here’s the repo:...
NahamSec talks are on YouTube
Talks from NahamCon were published on YouTube. Here’s the whole playlist: https://www.youtube.com/playlist?list=PLKAaMVNxvLmAcY4n3an_SPwpfseHzZ6Yo Here’s my talk. You can watch it to understand debugging - my favourite methodology for testing open-source targets...
Pentest mindset vs bug bounty mindset – my thoughts so far
I got interested in bug bounty a loong time ago, shortly after I discovered the web security industry. Since then I knew that I wanted to do it. I am not ashamed to admit that, at first, the main motivator was money. Especially, since I live in Poland where earnings...
How to pick a bug bounty program?
Z-winK is a new YouTuber but I very much like his videos. He’s a successful bug hunter and I think our industry misses such people. In one of his videos, he shared the process of picking a bug bounty program. I took some notes for me and for you. Here they are. He...
$635,387.47 made in 1590 days from 336 bugs
After seeing all those shiny 5-digit payouts it might seem that every professional bug hunter finds weekly RCE and is a millionaire. But it's like with Instagram - there we only see the best bits of someone's life, while here we only see someone's best...
From 0 to TOP7 Hackerone in 2 years
PHOTO_AHMAD Ahmad Halabi was the top 7 hacker on Hackerone in 2020 after starting bug bounties only in June 2019!! It's a huge achievement in my opinion. Add that only in 2016 he received a mobile phone with an internet connection. That's only 5 years ago! It...