BSides Lisbon – The way of the bounty

Hey guys for those who want to download my presentation at BSides Lisbon you can do it right here. Also you can watch the 50min video of the talk – https://www.youtube.com/watch?v=6cWHt-h78yY I had lot’s of interesting questions at the end of the talk which showed me lots of interest in the bug bounty industry. I… Continue reading BSides Lisbon – The way of the bounty

OLX and Adobe full-disclosures on HackerOne

OLX Stored XSS https://hackerone.com/reports/152069 Adobe Reflected XSS https://hackerone.com/reports/50389 I asked for full-disclosure of this reports so other users can learn something from it. The OLX security report was also mentioned on a portuguese media site- Future Behind. If you know portuguese language feel free to read it.

BSides Lisbon 2016

Guys I’ll be a speaker at BSides Lisbon 2016 with the talk – “The way of the bounty”. If you want to know some of my tips and secrets on bug bounty programs don’t forget to schedule in your calendar – 11th November.

Hey vendors, researchers are here to help

Yesterday I was exchanging some messages on Twitter – specially with Kymberlee Price (from BugCrowd) – about the relationship between vendors and security researchers when disclosing a security issue. In my experience I know what’s the feeling of trying to help a vendor and they ignore you or in some extreme cases even “inviting” you… Continue reading Hey vendors, researchers are here to help

Should bug hunters provide real personal data on bug appreciation programs?

That’s a question that sometimes comes in mind of many “hunters”. Personally in most cases, when I participate on these programs, I use fake information – one of the first reasons is to immediately test the input fields 🙂 Programs that required you to add your credit card info, phone number, bank info, … in… Continue reading Should bug hunters provide real personal data on bug appreciation programs?

Free online tools to help your #bugbounty

I’m getting a few emails asking some tips on how to get some bounties. Because I like to help others and I’m a share knowledge believer 🙂 I wrote this small article about using the right online tools and earn some bucks on bounty programs. Most experience bug hunters already know most of this tools… Continue reading Free online tools to help your #bugbounty

A tip for bug hunters – Sell your service

As a bug hunter at Cobalt, HackerOne and BugCrowd I always try do my best to give programs the best information needed to understand the security report. Sometimes I notice that some public disclosures on HackerOne have just two or three paragraphs like: You guys don’t have SPF header on your mail server. Check it… Continue reading A tip for bug hunters – Sell your service

Bounty ChitChat canceled

Why? I forgot that’s my grandmother birthday. I could lie and tell something technical or something, but no… It’s true 🙂 I’ll try to post another date next week. Sorry!