Me and Paulo Silva wrote a simple golang tool to check full disclosures on HackerOne. Why? You can filter the results You can see ALL the results (H1 has page limitations – 25 results) Its coded in Go 😀 So if you guys want to give it a try, feel free to install it and… Continue reading h1-search tool
Hey guys for those who want to download my presentation at BSides Lisbon you can do it right here. Also you can watch the 50min video of the talk – https://www.youtube.com/watch?v=6cWHt-h78yY I had lot’s of interesting questions at the end of the talk which showed me lots of interest in the bug bounty industry. I… Continue reading BSides Lisbon – The way of the bounty
OLX Stored XSS https://hackerone.com/reports/152069 Adobe Reflected XSS https://hackerone.com/reports/50389 I asked for full-disclosure of this reports so other users can learn something from it. The OLX security report was also mentioned on a portuguese media site- Future Behind. If you know portuguese language feel free to read it.
Guys I’ll be a speaker at BSides Lisbon 2016 with the talk – “The way of the bounty”. If you want to know some of my tips and secrets on bug bounty programs don’t forget to schedule in your calendar – 11th November.
Just to give a small update on my work… I’ve been more active on my Twitter account so follow me to get the latest updates on my security work 🙂 Also here are some work I’ve done: (Cobalt.io) – The Top 10 Vulnerabilities used by David Sopas to reach #1 at Cobalt (Char49) – Flash… Continue reading Latest work done
Yesterday I was exchanging some messages on Twitter – specially with Kymberlee Price (from BugCrowd) – about the relationship between vendors and security researchers when disclosing a security issue. In my experience I know what’s the feeling of trying to help a vendor and they ignore you or in some extreme cases even “inviting” you… Continue reading Hey vendors, researchers are here to help
That’s a question that sometimes comes in mind of many “hunters”. Personally in most cases, when I participate on these programs, I use fake information – one of the first reasons is to immediately test the input fields 🙂 Programs that required you to add your credit card info, phone number, bank info, … in… Continue reading Should bug hunters provide real personal data on bug appreciation programs?
I’m getting a few emails asking some tips on how to get some bounties. Because I like to help others and I’m a share knowledge believer 🙂 I wrote this small article about using the right online tools and earn some bucks on bounty programs. Most experience bug hunters already know most of this tools… Continue reading Free online tools to help your #bugbounty
As a bug hunter at Cobalt, HackerOne and BugCrowd I always try do my best to give programs the best information needed to understand the security report. Sometimes I notice that some public disclosures on HackerOne have just two or three paragraphs like: You guys don’t have SPF header on your mail server. Check it… Continue reading A tip for bug hunters – Sell your service
Why? I forgot that’s my grandmother birthday. I could lie and tell something technical or something, but no… It’s true 🙂 I’ll try to post another date next week. Sorry!