Me and Paulo Silva wrote a simple golang tool to check full disclosures on HackerOne. Why? You can filter the results You can see ALL the results (H1 has page limitations – 25 results) Its coded in Go 😀 So if you guys want to give it a try, feel free to install it and… Continue reading h1-search tool
Hey guys for those who want to download my presentation at BSides Lisbon you can do it right here. Also you can watch the 50min video of the talk – https://www.youtube.com/watch?v=6cWHt-h78yY I had lot’s of interesting questions at the end of the talk which showed me lots of interest in the bug bounty industry. I… Continue reading BSides Lisbon – The way of the bounty
Since I published my Reflected File Download Cheat Sheet I’m getting lot’s of private messages and emails from security researchers and bounty hunters telling that most companies ignore RFD attacks. So I decided to clear things up and answer three most popular questions. First a little introduction. In my opinion they’re three ways of implementing… Continue reading Why some vendors ignore RFD attacks?
Cobalt.io published a nice image on Twitter with some of the security researchers. Can you guess who’s there?
Interesting reading about security bug bounty written by Eduardo Vela – http://sirdarckcat.blogspot.pt/2015/09/not-about-money.html You got to love this part: It is my view, that we shouldn’t call them “Bug Bounty Programs”, I would like them to be called “Bug Hunter Appreciation Programs”. I don’t like the term “Bug Bounty”, because bounty sounds a lot like it’s money… Continue reading Bug Hunter Appreciation Programs
On 28th august at 09:00PM (UTC/GMT +1 hour) I’ll create a channel on hack.chat where security researchers working on bounties could talk together and share ideas. I’m thinking about an hour duration. The main topic is bounty programs so everything around it could be discussed. I’ll provide the link to the chat on Twitter 5… Continue reading Bounty Chitchat