BSides Lisbon – The way of the bounty

Hey guys for those who want to download my presentation at BSides Lisbon you can do it right here. Also you can watch the 50min video of the talk – https://www.youtube.com/watch?v=6cWHt-h78yY I had lot’s of interesting questions at the end of the talk which showed me lots of interest in the bug bounty industry. I… Continue reading BSides Lisbon – The way of the bounty

Why some vendors ignore RFD attacks?

Since I published my Reflected File Download Cheat Sheet I’m getting lot’s of private messages and emails from security researchers and bounty hunters telling that most companies ignore RFD attacks. So I decided to clear things up and answer three most popular questions. First a little introduction. In my opinion they’re three ways of implementing… Continue reading Why some vendors ignore RFD attacks?

Bug Hunter Appreciation Programs

Interesting reading about security bug bounty written by Eduardo Vela – http://sirdarckcat.blogspot.pt/2015/09/not-about-money.html You got to love this part: It is my view, that we shouldn’t call them “Bug Bounty Programs”, I would like them to be called “Bug Hunter Appreciation Programs”. I don’t like the term “Bug Bounty”, because bounty sounds a lot like it’s money… Continue reading Bug Hunter Appreciation Programs

Bounty Chitchat

On 28th august at 09:00PM (UTC/GMT +1 hour) I’ll create a channel on hack.chat where security researchers working on bounties could talk together and share ideas. I’m thinking about an hour duration. The main topic is bounty programs so everything around it could be discussed. I’ll provide the link to the chat on Twitter 5… Continue reading Bounty Chitchat