#74

Don’t Force Yourself to Become a Bug Bounty Hunter

Sam Curry, one of the best hunters out there, wrote a blogpost about the topic of motivation in bug bounty. I think it’s always valuable to see words like this from someone like him because it can be puzzling of why even the best hunters out there don’t do it...

Bug bounty stats for the first 8 months

Shreyas Chavhan shared his exact roadmap for the first 8 months in bug bounty. I am a huge fan of initiatives like this that show us the real image, with the amount of time invested and not just the best parts. One of the things we can see here is the power of...

npm search RCE – Escape Sequence Injection

The bugs in this blogpost are very interesting. In short, the author uses escape sequences to execute a terminal command while only controlling the command’s output. I’ve read it a few times and I still don’t understand 100% how does it work. I think it might also...

Burp’s automatic comments with GQL operation names

One thing that annoys me when working with GraphQL targets is that in the request log, all I see is a list of requests to the /graphql endpoint and I have to manually click each of them to find the interesting one. Thus, I used Burp’s underrated extension - Piper - to...

Attacking internal hosts for bug bounty

This is a very fun thing that Truffle Security has done! We all know many servers have misconfigured CORS, including internal websites. The problem with them is that from outside, we can’t reach them so so how do we exploit them? Truffle Security decided to purchase a...