A Bug’z LifeinA Bug’z LifeThe Wondeful World of OAuth: Bug Bounty EditionIf you’ve ever been on a website, you’ve probably come across OAuth at some point or another, even if you’ve never heard of it. Have you…Apr 15, 20202Apr 15, 20202
A Bug’z LifeinA Bug’z LifeExploiting an SSRF: Trials and TribulationsI mostly wanted to share this post not because it’s a novel and unique attack, but to show the thought process of attacking this…Mar 3, 20205Mar 3, 20205
A Bug’z LifeinA Bug’z LifeBug Hunting Methodology from an Average Bug HunterSome of the most common questions out there in the industry are “what is your methodology?” or “how do you look for bugs”? This post will…Aug 21, 20194Aug 21, 20194
A Bug’z LifeinA Bug’z LifeThe Bugs Are Out There, Hiding in Plain SightIt’s no secret, bug bounty is not an easy field to jump into and be successful. The top hunters likely have years of experience in not only…Jul 15, 20194Jul 15, 20194
A Bug’z LifeinA Bug’z Life4x CSRFs Chained For Company Account TakeoverI’ve been spending some time on a new private program on HackerOne, focusing on an asset that allows businesses to have company accounts…May 8, 20193May 8, 20193
A Bug’z LifeinA Bug’z LifeFrom Reflected XSS to Account Takeover — Showing XSS ImpactI started bug hunting a little over 2 months ago, and this is my first bug writeup, enjoy!Apr 30, 20193Apr 30, 20193