Image for post
Image for post
I used to hate Vim until I learned how to quit

When it comes to the topic of reconnaissance, more and more people are explaining their own methodologies as of late—people like Jason Haddix and Behrouz Sadeghipour have been my go-to reference while taking the first steps into the bug hunting world, with their “The Bug Hunter’s Methodology” and “How to: Recon and Content Discovery”. …

Image for post
Image for post
The all too familiar bug hunter’s desktop

A couple weeks ago I jokingly asked Brute on Twitter to settle whether the proper terminology to define a permanent XSS was “stored” or “persistent”. His reply was lighthearted and technically correct:

While amusing and in line with what you would expect from his sincere approach at first, it got me thinking later on.

I’ve never thought I was good enough to do well in bug-bounty programs: I’ve always preferred doing CTFs for fun rather than cash (and, ironically enough, I thought I wasn’t good enough for CTFs either, until I broke top 20 on RingZer0 before sliding to…


Security researcher and strength athlete

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store