Continuously learn web security and find bugs that others miss

BBRE Premium is a membership focused on hacking web applications and bug bounty.

When you become a member, every two weeks you will receive emails with hacking tips, tool tutorials, case studies or career advice. If that’s not enough for you, you will instantly get access to the archive with almost 300 articles.

Do you want to find bugs that others miss?

Maybe it’s stupid but as a pentester, finding bugs that others miss was my motivation to continuously learn new stuff. In bug bounty, with so much competition, we don’t even have a choice but we have to stand out from others.

Are you overwhelmed by the amount of information about hacking?

There are tons of low-quality articles and tips out there. I’m spending a lot of time reading them and filtering out the good ones. I don’t have to keep it for myself so I’m sharing it with you in BBRE Premium.

You’d like to collaborate with someone but none of your friends does bug bounty?

You can get access to the private Discord server. Unlike the public ones, you won’t be one of thousands of members and it’s much easier to connect in a smaller community.

What will you learn?

Every two weeks you will receive an email with new articles that will make you continuously learn instead of having a burst of motivation followed by not doing anything later.

hacking tips

Example from issue #37

Pause-based desync attacks explained

code review tips

Example from issue #41:


How to avoid being overwhelmed when reviewing the code?

case studies along with report databases

Example from issue #40:


tool tutorials

Example from issue #10:


Finding bugs in regexes, even if you don’t know them well

my notes and takeaways from talks of people smarter than me

Example from issue #41:

3 cool bugs from 0xLupin’s H@cktivitycon talk

When you subscribe, you will instantly get access to all these articles

and almost 300 others!

Connect with like-minded people

You will get access to Discord community where you can meed like-minded people, make friends, learn from others and hack together!

You support the community

While from the outside, the free Bug Bounty Reports Explained YouTube channel and the paywalled BBRE Premium may seem like separate things, the truth is that without BBRE Premium I wouldn’t be able to dedicate so much time into creating those free resources for the whole community. I know for a fact how many people benefit from them and I want each member to know that  by being a BBRE Premium subscriber, you support the whole community.

What do the members say?

For that price, you could subscribe to BBRE Premium for…

5 years if you find low-risk vulnerability in GitLab ($500)

10 years if you find medium-risk vulnerability in PayPal ($1000)

101 years if you find high-risk vulnerability in Shopify ($10,000)

303 years if you find critical-risk vulnerability in GitHub ($30,000)


Money-back guarantee

Yes, you can return your subscription within 14 days from the purchase if you are not satisfied. No questions asked. You don’t risk anything! You can subscribe now and make the real decision in 14 days.

What’s the difference between the free and the premium newsletter?

BBRE Newsletter #41

contains 4 articles which are mostly links with some of my recommendations of why you should read those links.

The total amount of words is 352.



BBRE Premium #41

contains 7 articles.

4 of them are mostly links with some of my recommendations of why you should read those links. But the additional 3 articles are not links. Two are articles written by me and one is a summary of a conference talk.

The total amount of words is 3117, almost 9 times more than in the free newsletter!


How does the Premium email look like?

Answers to Your Questions

Who is BBRE Premium for?

BBRE Premium is focused on offensive web security so it’s the best match for bug bounty hunters, pentesters and application security engineers.

Who is BBRE Premium not for?

BBRE Premium is not for beginners. It’s focused on intermediate and advanced topics. There are tons of great free materials for beginners out there.

How often is the newsletter issued?
Every 2 weeks, on Tuesday.

Can I return my subscription?
Yes, you can return your subscription within 30 days from the purchase if you are not satisfied. No questions asked. You don’t risk anything! You can subscribe now and make the real decision in 30 days.

How much content will I receive?
You will receive 26 emails per year and immediately after subscribing access to the whole email archive with all the past issues.

Are you sharing some secret links there?
No, as far as I know, there are no secret links. The premium is not about sharing links but. It’s either articles written by me or summaries of longer articles or videos written by someone else.

For example, in the 10th issue, I made a summary of the talk by Shubs’ about source code review. It was publicly available on YouTube but you could either spend an hour watching it or read my summary with takeaways and linked tools. It was no secret but it saved my subscribers a lot of time.

My card and recurring payments don’t work. Is there another option to join?

Yes, in promotional periods, I can take the one-time PayPal payment for a yearly subscription. Reach out to me at
Outside the promotional periods and for monthly subscriptions it is not possible.

Greg, I didn’t apply the coupon code and paid the full price. Can you refund me?

I have a policy that in these situations, I return half of the difference, eg. $10 if you didn’t apply a $20 coupon. One of the reasons is that I’ve already paid the transaction fee from the full price.