I’ve never publicly spoke about this because Bugcrowd enlightened me that if I did then punishment would follow. So, I stayed quiet. I won’t go into full detail but it’s been over a year since i was banned from TripAdvisor bug bounty program despite being their #1 researcher. I have still never had an official word from them on why they banned me, just got told they didn’t like the way I spoke to them after a situation. I dwell on this often because TripAdvisor was the first program I really sunk my teeth into and improved my hacking knowledge. Not only that but I believed I had built a good relationship with the security team and I wanted to impress them & show how passionate I was about helping secure their assets. I was literally testing features before they had been released.. I knew everything about their site & how all their devs approached security. And honestly, I felt like things were going well.. but apparently not. I deleted all of that research years ago & removed all of my accounts. I tried to reach out recently via Bugcrowd but got no where so this is me publicly saying sorry to TripAdvisor for if you feel I acted inappropriately towards you. I hope one day we can work together again & can move forward.
Sadly, being passionate can sometimes come across as aggressive apparently. I’m sorry for this. I am not an aggressive person… I’m just passionate & quite eccentric. I have even been told that my “image” online has been ruined. I’m sorry to all reading this if you feel I have ever been aggressive. I will work in 2020 to improving my behaviour, attitude & choice of wording.
So.. moving on.. it’s a new year. Let’s try turn a negative to a positive shall we?
Lots have asked for it so this year I will be releasing my methodology online. But… as a package. I know that reading can bore some so included in the methodology is an 8 hour training video. Listen to me teach my methodology and even watch me do live hacking on a completely blind test. No knowledge prior about the web application, watch me go from start to finish & learn exactly how I tackle a web application. Not enough?? Eager to hack whilst watching & listening to me?! Included is some exclusive challenges for you to instantly practise my methodology on. Learn exactly the same bugs I have found and learn the process to discovering these. Everyone has a hacker inside them, wake it up!
Past attendees of “So you wanna bughunt?” will receive this package for free & you will hear from me.
Keep an eye out for when this becomes available soon :)
I used this very methodology on TripAdvisor to find over 500+ bugs. It is something I created myself over the years when hacking on bug bounty programs as I spotted common mistakes developers were making when building certain features. The trend really is your friend on the internet :)
I have even applied this very same thought process (dubbed zseanos methodology if you haven’t worked that out yet :P) on Amazon and was the first researcher to be publicly acknowledged by their security team.
Thanks for reading. I have so much planned for 2020 and I hope 2020 ends a LOT better than 2019
please note my methodology is not something “super special” & I never claim it to have “super leet secretz”, it is a thought process to follow that is applied when browsing a web application. I am not promising you bugs and I am not promising you riches… you have to actually put the work in :D