Should bug hunters provide real personal data on bug appreciation programs?

That’s a question that sometimes comes in mind of many “hunters”. Personally in most cases, when I participate on these programs, I use fake information – one of the first reasons is to immediately test the input fields 🙂 Programs that required you to add your credit card info, phone number, bank info, … in… Continue reading Should bug hunters provide real personal data on bug appreciation programs?

Get a bounty on a WordPress blog

I would like describe a step-by-step of my latest “appreciation program” reward on a security issue in a WordPress plugin. First things first – check if the blog is in-scope of the program. If it is, continue to read this article. If not, you can just see my other tips about #bugbounty (here  and here).… Continue reading Get a bounty on a WordPress blog

A tip for bug hunters – Sell your service

As a bug hunter at Cobalt, HackerOne and BugCrowd I always try do my best to give programs the best information needed to understand the security report. Sometimes I notice that some public disclosures on HackerOne have just two or three paragraphs like: You guys don’t have SPF header on your mail server. Check it… Continue reading A tip for bug hunters – Sell your service

First to reach 1000 rep score on Cobalt.io

Yes! I made it. Since my registration on March this year I reached more than 1000 reputation points on Cobalt.io and become the first to do it. Most of the points were made on private/invite only programs but a couple of them were also public in companies like Nexmo, Weebly, DoSomething and Circle. My next goal? Keep… Continue reading First to reach 1000 rep score on Cobalt.io

I’m number 1 on Cobalt.io

Just checked the Hall of Fame of Cobalt.io and I’m now number 1 in the rank. Not bad for a portuguese guy that started in March. Next objective… 1000 points! Let’s go!