Published inA Bug’z LifeThe Wondeful World of OAuth: Bug Bounty EditionIf you’ve ever been on a website, you’ve probably come across OAuth at some point or another, even if you’ve never heard of it. Have you…Apr 15, 2020A response icon2Apr 15, 2020A response icon2
Published inA Bug’z LifeExploiting an SSRF: Trials and TribulationsI mostly wanted to share this post not because it’s a novel and unique attack, but to show the thought process of attacking this…Mar 3, 2020A response icon5Mar 3, 2020A response icon5
Published inA Bug’z LifeBug Hunting Methodology from an Average Bug HunterSome of the most common questions out there in the industry are “what is your methodology?” or “how do you look for bugs”? This post will…Aug 21, 2019A response icon4Aug 21, 2019A response icon4
Published inA Bug’z LifeThe Bugs Are Out There, Hiding in Plain SightIt’s no secret, bug bounty is not an easy field to jump into and be successful. The top hunters likely have years of experience in not only…Jul 15, 2019A response icon4Jul 15, 2019A response icon4
Published inA Bug’z Life4x CSRFs Chained For Company Account TakeoverI’ve been spending some time on a new private program on HackerOne, focusing on an asset that allows businesses to have company accounts…May 8, 2019A response icon3May 8, 2019A response icon3
Published inA Bug’z LifeFrom Reflected XSS to Account Takeover — Showing XSS ImpactI started bug hunting a little over 2 months ago, and this is my first bug writeup, enjoy!Apr 30, 2019A response icon3Apr 30, 2019A response icon3
