PinnedBrownBearSecWhat I learnt from reading 220* IDOR bug reports.IDOR — Insecure Direct Object Reference, abuse of the lack of authentication at every stage.Jan 25, 202211Jan 25, 202211
PinnedBrownBearSecWhat I learnt from reading 126* Information Disclosure Writeups.Let’s tackle the most valuable and mysterious bug type…Jun 6, 20224Jun 6, 20224
BrownBearSec@pdiscoveryio’s Katana for Bug Bounty.Katana is an incredibly built go-lang based web crawler which is a great stand alone reconnaissance tool, and also works perfectly in…Nov 27, 2023Nov 27, 2023
BrownBearSecBug Bounty: Wordlists — Please do them properly.You are only so good as your weakest link. And in bug bounty, most people’s weakest link, and most ignored is always their wordlists…Jun 19, 20233Jun 19, 20233
BrownBearSecShodan for Bug Bounty — and Why You Shouldn’t Use these 53 Dorks.Shodan is a much-loved and widely adopted attack surface management tool. But what actually is it? How do we use it beyond basic usage? and…Mar 20, 20233Mar 20, 20233
BrownBearSecAutomated and Continuous Recon/Attack Surface Management — Amass Track and DBNot using Continuous Attack Surface Management is the reason you keep getting dupes, let’s talk about it…Jan 2, 20232Jan 2, 20232
BrownBearSecWhat I learnt from reading 217* Subdomain Takeover bug reports.A comprehensive analysis of Subdomain Takeovers (SDTO), DNS Hijacking, Dangling DNS, CNAME misconfigurations…Oct 31, 20225Oct 31, 20225
BrownBearSecHow I DIDN’T get an RCE in a $200 Billion company — Bug BountyI was hunting for CVE-2021–36356 on my subdomain list of over 1,000,000+ subdomains, and finally got a hit…Sep 12, 20224Sep 12, 20224
BrownBearSecHow to **actually** use Amass more effectively — Bug Bounty99% of bug hunters only use 1% of Amass’ potential…Aug 15, 20226Aug 15, 20226
BrownBearSecComprehensive Url Enumeration for Bug Bounty — The potential of GAU.Url Enumeration — Subset of Content Discovery: finding existing endpoints.Feb 22, 20226Feb 22, 20226