Me and Paulo Silva wrote a simple golang tool to check full disclosures on HackerOne. Why? You can filter the results You can see ALL the results (H1 has page limitations – 25 results) Its coded in Go 😀 So if you guys want to give it a try, feel free to install it and… Continue reading h1-search tool
That’s a question that sometimes comes in mind of many “hunters”. Personally in most cases, when I participate on these programs, I use fake information – one of the first reasons is to immediately test the input fields 🙂 Programs that required you to add your credit card info, phone number, bank info, … in… Continue reading Should bug hunters provide real personal data on bug appreciation programs?
As a bug hunter at Cobalt, HackerOne and BugCrowd I always try do my best to give programs the best information needed to understand the security report. Sometimes I notice that some public disclosures on HackerOne have just two or three paragraphs like: You guys don’t have SPF header on your mail server. Check it… Continue reading A tip for bug hunters – Sell your service