PinnedBrownBearSecWhat I learnt from reading 220* IDOR bug reports.IDOR — Insecure Direct Object Reference, abuse of the lack of authentication at every stage.·5 min read·Jan 25, 2022--11--11
PinnedBrownBearSecWhat I learnt from reading 126* Information Disclosure Writeups.Let’s tackle the most valuable and mysterious bug type…·6 min read·Jun 6, 2022--4--4
BrownBearSec@pdiscoveryio’s Katana for Bug Bounty.Katana is an incredibly built go-lang based web crawler which is a great stand alone reconnaissance tool, and also works perfectly in…·6 min read·Nov 27, 2023----
BrownBearSecBug Bounty: Wordlists — Please do them properly.You are only so good as your weakest link. And in bug bounty, most people’s weakest link, and most ignored is always their wordlists…·7 min read·Jun 19, 2023--3--3
BrownBearSecShodan for Bug Bounty — and Why You Shouldn’t Use these 53 Dorks.Shodan is a much-loved and widely adopted attack surface management tool. But what actually is it? How do we use it beyond basic usage? and…·8 min read·Mar 20, 2023--3--3
BrownBearSecAutomated and Continuous Recon/Attack Surface Management — Amass Track and DBNot using Continuous Attack Surface Management is the reason you keep getting dupes, let’s talk about it…·6 min read·Jan 2, 2023--2--2
BrownBearSecWhat I learnt from reading 217* Subdomain Takeover bug reports.A comprehensive analysis of Subdomain Takeovers (SDTO), DNS Hijacking, Dangling DNS, CNAME misconfigurations…·8 min read·Oct 31, 2022--4--4
BrownBearSecHow I DIDN’T get an RCE in a $200 Billion company — Bug BountyI was hunting for CVE-2021–36356 on my subdomain list of over 1,000,000+ subdomains, and finally got a hit…·4 min read·Sep 12, 2022--4--4
BrownBearSecHow to **actually** use Amass more effectively — Bug Bounty99% of bug hunters only use 1% of Amass’ potential…·7 min read·Aug 15, 2022--5--5
BrownBearSecComprehensive Url Enumeration for Bug Bounty — The potential of GAU.Url Enumeration — Subset of Content Discovery: finding existing endpoints.·6 min read·Feb 22, 2022--6--6