Over the years, Yassine Aboukir has transformed from reporting lots of NAs and Informationals to discovering lots of cool, impactful bugs and even receiving a Most Valuable Hacker award at a Live Hacking Event. In his recent talk, he described how he changed his...
#51
Is GPT good enough already to find bugs for you?
A lot of you have been asking me to create some AI-related articles and explain how we can use it for bug bounty. While I do believe that AI will help us a lot in the future, so far I have not found a suitable use case for finding bugs. I do, however, find it...
How to write a new CodeQL query and maximise payout? RCE via ZipSlip query
Some of you might have seen on Twitter that I recently received my highest bounty of $5.5k from GitHub Security Lab for a CodeQL query that detects RCE via ZipSlip. It’s my second CodeQL bounty and I'm really happy with the return on investment I get from it. If...
Critical Thinking podcast and going full-time bug bounty
Critical Thinking is a fantastic podcast about bug bounty led by Justin Gardner (Rhynorater) and Joel Margolis (teknogeek). In particular, I recommend the 10th episode where Justin discusses going full-time bug bounty. One thing that caught my attention is how often...
NahamSec videos and NahamCon2023
NahamSec has been very active on YouTube recently, producing a lot of interesting videos like: 2023 Web Hacking Roadmap // How To Bug Bounty Learn Cybersecurity and Hacking Through CTF! Cloud Hacking: The Basics How To Pick Your Targets // How To Bug Bounty Also, he...
Repository with visual explanations of hundereds of formats
This repository contains hundreds of well-designed graphical explanations of file formats. If you've ever created an exploit in a binary file, you know it can be quite challenging. This repository doesn't make it easy, but it does make the process of...
Secure Code Game
GitHub Security Lab has created a secure code game that allows developers to learn how to secure intentionally vulnerable code. It's definitely worth trying out, especially for those who have been asking me how to get started with code review!...