Bug bounty reports explained 32 views. Add comment. You can: get clicks and signups; build brand awareness; hire skilled ethical hackers; You can sponsor a YouTube video to get a 30-seconds mention between the intro and the video itself, like here: May 29, 2023 · In this podcast episode, I interview Shubham Shah – one of my biggest authorities in bug bounty space and expert in source code review who regularly finds 0days. access to the private discord community Going full-time bug bounty, privilege escalation bugs and more with Douglas Day Follow me on Twitter: This video is an explanation of the writeup of 4 bugs in Top privilege escalation techniques – bug bounty case study. 0:29 Going full-time bug bounty 9:12 Douglas’ bug bounty methodology 28:13 Bug Bounty tools you need 43:04 The benefits of collaboration in bug bounty 54:23 How to deal with having a similar bug on many endpoints? 1:11:37 How to select a bug bounty program? Bug Bounty Reports Explained. Jul 12, 2021 · ️ Get the 6th issue of the newsletter ️ ? Get $100 in credits for Digital Ocean ? This video is an explanation of bug bounty report submitted to GitLab by William [Apr 09 - $31,337] Explaining the exploit to $31,337 Google Cloud blind SSRF * by Bug Bounty Reports Explained [Apr 06 - $31,337] $31,337 Google Cloud blind SSRF + HANDS-ON labs * by Bug Bounty Reports Explained [Apr 05 - $6,000] I Built a TV That Plays All of Your Private YouTube Videos * by David Schütz Dec 13, 2022 · Recently, I did a case study of 174 XSS bug bounty reports to learn how are people actually making money with Cross-site scripting. By following this approach, you’ll be able to write bug bounty reports that effectively communicate the issue, demonstrate your professionalism, and increase your chances of a successful submission. It’s sent to subscribers every two weeks and includes hacking tips, tool tutorials and career advice. It was secondary context path traversal in application that was using microservices and allowed to access almost 100 million customer records. Feb 22, 2024 · Bug bounty reports serve as the bridge between ethical hackers and organizations. I was a pentester but I made a decision to quit my job for bug bounty, freelance pentesting and producing content. On this channel, you can find videos with detailed explanations of interesting bug bounty reports. How To Write Bug Bounty Reports | Bug Bounty Reports ExplainedAre you a bug bounty hunter? Do you know how to write bug bounty reports? If so, this video is This video is the part of case study of 162 disclosed privilege escalation bug bounty reports. dev/do Reports mentioned in Subscribe to BBRE Premium: ️ Sign up for the mailing list: ? Follow me on Twitter: In this episode, I’m talking about my story of getting Aug 8, 2018 · Bug reports are the main way of communicating a vulnerability to a bug bounty program. This free part of the case study covers the SameSite attribute and its impact on reports. I’m documenting my learning journey by creating the best materials about web-security in the form of this newsletter, Bug Bounty Reports Explained YouTube channel, Bug Bounty Reports Discussed podcast and all the other social media channels. Company registration number: PL6751745962 28:37 How to write a good bug bounty report? 45:52 Finding bugs in desktop applications 52:15 LHEs 1:00:57 Live of a full-time bug bounty hunter. In this section, we will discover the benefits of quality bug bounty reports. Video Feb 8, 2021 · Today’s Bug Bounty Report Explained covers dependency confusion – a new bug bounty hacking technique that earned the researcher at least $130,000 bounties Sep 26, 2021 · Get access to hands-on labs: 25% OFF with code: AMOUNT100 This video is an explanation of $7,500 vulnerability reported to Valve bug bounty program. We talk about his bug bounty methodology, bounty vs pentesting as well as travelling, digital nomad lifestyle and doing sports. Mar 6, 2024 · Tips for writing Bug Bounty reports that help security teams quickly validate your vulnerability, and earn you points that unlock exciting hacking opportunities. Category - YouTube Video. 1 min read. June 13, 2023. Bug Bounty Q&A with Jhaddix & Blaklis. access to all the articles in the archive. Everyday, they handle countless reports. You can approach me if you want to Access full case study here: ? Subscribe to BBRE Premium: ️ Sign up for the mailing list: ? Follow me on Twitter: This video is a part of the case study of 138 DoS Nov 19, 2022 · Case study of 124 bug bounty reports. Aug 15, 2024 · Subscribe to BBRE Premium: ️ Sign up for the mailing list: ???? Follow me on Twitter: ???? Follow Douglas on Twitter: In this interview, we’re talking with Sep 21, 2023 · This video is a part of the case study of 187 IDOR bug bounty reports. You can approach me if you want to Case study of 146 bug bounty reports. YouTube channel where you can find videos with detailed explanations of interesting bug bounty repor Bug Bounty Reports Explained Apr 14, 2020 · This video is an explanation of the vulnerability found by Alex Chapman and reported to Gitlab on Hackerone. 3 days ago. It’s SSRF achieved by DNS rebinding technique. Dec 6, 2021 · Check out the free, 2-week trial of Detectify: ️ Sign up for the mailing list ️ This video is an explanation of a bug bounty report submitted to Apple bug bounty I’m documenting my learning journey by creating the best materials about web-security in the form of this newsletter, Bug Bounty Reports Explained YouTube channel, Bug Bounty Reports Discussed podcast and all the other social media channels. Podcast Security source code review expert – Shubham Shah. Sentry integration, 4 reports. You can approach me if you want to I was a pentester but I made a decision to quit my job for bug bounty and creating content. BBRD podcast is also available on most popular podcast platforms: Nov 14, 2023 · Full case study: ? Subscribe to BBRE Premium: ️ Sign up for the mailing list: ? Follow me on Twitter: This video is a part of an RCE case study where I studied 126. They provide detailed documentation of discovered vulnerabilities, allowing organizations to On this channel, you can find videos with detailed explanations of interesting bug bounty reports. There were as Frans Rosen is one of the hunters whose reports I love the most. ? Get $100 in credits for Digital Ocean: https://bbre. dev/premium ️ Sign up for the mailing list: https://bbre. dev/nl📣 Follow me on Twitter: https://bbre. They are always at least somewhat novel and crazy. This time, he found an RCE on Apple and used a technique called hot jar swapping - he replaced an already loaded JAR file and walked on a very thin 📧 Subscribe to BBRE Premium: https://bbre. I'm documenting my learning journey by creating the best materials about web-security in the form of this newsletter, Bug Bounty Reports Explained YouTube channel, Bug Bounty Reports Discussed podcast and all the other social media channels. We talk about his methodology, tooling and many more! Jun 25, 2024 · Subscribe to BBRE Premium: ️ Sign up for the mailing list: ???? Follow me on Twitter: ???? Follow Alex on Twitter: In this episode I’m interviewing Alex This video is the part of case study of 162 disclosed privilege escalation bug bounty reports. You can approach me if you want to I’m documenting my learning journey by creating the best materials about web-security in the form of this newsletter, Bug Bounty Reports Explained YouTube channel, Bug Bounty Reports Discussed podcast and all the other social media channels. com Sep 30, 2021 · Accidentally finding a $50,000 vulnerability – Augusto Zanellato – Bug Bounty Reports Discussed #2 September 30, 2021 Add comment Watch Later Remove Cinema Mode Subscribe Nov 2, 2023 · © Bug Bounty Reports Explained Grzegorz Niedziela 2022. This video is a part of the CSRF case study where I extracted all the disclosed CSRF reports from the Internet and I studied them to adjust my CSRF bug hunting methodology. Facebook X Reddit Email? The full case study: https://bbre Jun 27, 2023 · In this podcast, I interview Yassine Aboukir – the winner of Most Valuable Hacker award at H1-303 Live hacking event. Good bug bounty reports speed up the triage process. Challenge yourself in 2024 justCTF online teaser: Sponsored by: HexRays – get 20% from IDA pro training sessions with exclusive code BBRE20: Trail of Bits: I’m documenting my learning journey by creating the best materials about web-security in the form of this newsletter, Bug Bounty Reports Explained YouTube channel, Bug Bounty Reports Discussed podcast and all the other social media channels. In this part, I take a look at what types of IDs were used by vulnerable applications and, where relevant, how did the hunters predict them. admin. In this video, I go through different functionalities in which RCEs were common. In this video, I’m showing you what payloads were the most common, which I think we should use and how some reports could have been improved. The significance of Sep 13, 2024 · Before submitting, review your report to ensure clarity and accuracy. November 14, 2023? Subscribe to BBRE Premium: ️ Sign up for the mailing list Apr 22, 2021 · However, few talk about writing good reports. BBRD podcast is also available on most popular podcast platforms: Subscribe to BBRE Premium: ️ Sign up for the mailing list: ???? Follow me on Twitter: ???? Follow Douglas on Twitter: In this interview, we’re talking with Sep 13, 2020 · This video is an explanation of bug bounty report of critical vulnerability submitted on Hackerone to Starbucks bug bounty program. 1 day ago · So, what is a bug bounty report? Bug bounty reports are primarily used to inform organizations of ethical hackers’ findings. dev/do Reports mentioned in the video: Reports mentioned in the video: Whitespace characters in CL/TE headers https://hackerone. You can approach me if you want to new emails every 2 weeks. These bugs were in integrations with services like Google Drive or Amazon S3. 258 likes · 3 talking about this. com On this channel, you can find videos with detailed explanations of interesting bug bounty reports. There were as So I’ve analysed tens of reports and in this video, I’ll break down the most common root causes and I’ll give you some ideas for future research. Bug bounty: year 2 – 0days, a $20k bounty and… laziness – bounty vlog #5. Sep 6, 2023 · Follow me on Twitter: I studied 146 disclosed bug bounty reports and in this Video. Programs will pitch out rewards for valid bugs and it is the hacker’s job to detail out the most important Oct 26, 2022 · File storage integration, 7 reports. If possible, bug bounty poc is also presented on the video. Going full-time bug bounty, privilege escalation bugs and more with Douglas Day Follow me on Twitter: This video is an explanation of the writeup of 4 bugs in BBRE Premium is a paid membership with bug bounty and web application security content. You can approach me if you want to Apr 24, 2023 · – Bug bounty case study Next ZIION – Set up your web3 testing env with a few clicks CodeQL query to detect RCE via ZipSlip – $5,500 bounty from GitHub Security Lab In this interview, we’re talking with Joel about bug bounty hunting on mobile apps, about being a program manager, about Live Hacking Events and more. In Bug Bounty Reports Discussed podcast, you will listen to my interviews with the best hunters where I ask them about their methodologies, tools they use, the advice they give to beginners and many more… Subscribe to never miss an episode! See full list on gogetsecure. The one with the highest bounty was reported last year to Dropbox and I also covered it on my channel: An overlooked parameter leads to a critical SSRF in Dropbox bug bounty program. ???? Get $100 in credits for Digital Ocean: https://bbre. The subscriber also gets access to the archive with all past issues as well as a private Discord community . My goal is to help you improve your hacking skills by making it easy to learn about thousands of vulnerabilities that hackers found on different targets. In theory, SSRF is a really simple vulnerability class – you can make requests to arbitrary On this channel, you can find videos with detailed explanations of interesting bug bounty reports. BBRD podcast is also available on most popular podcast platforms: This is a directory of ethical hacking writeups including bug bounty, responsible disclosure and pentest writeups. You may also like. In this episode of the podcast, I’m interviewing Cristi Vlad about bug bounty and pentesting – the differences, ways to build your network of clients, continuous learning and more. dev/twThis vi GRZEGORZ NIEDZIELA. October 26, 2022. You can: get clicks and signups; build brand awareness; hire skilled ethical hackers; You can sponsor a YouTube video to get a 30-seconds mention between the intro and the video itself, like here: Nov 21, 2023 · In this episode of the podcast, I interview Justin Gardner, the host of the Critical Thinking Bug Bounty Podcast who’s been a full-time hunter for about 4 years. Oct 26, 2022 · File storage integration, 7 reports. To understand how good bug bounty reports speed the triage process, you have to put yourself in the place of the triage analysts. If you want to promote your brand across thousands of IT security professionals, Bug Bounty Reports Explained media is the perfect place for that. dev/do Timestamps: On this channel, you can find videos with detailed explanations of interesting bug bounty reports. May 29, 2023. Add comment Watch Later Remove Cinema Mode Subscribe. These reports fulfill a number of important purposes: Vulnerability Identification: They draw attention to possible weak points in a system, giving businesses a clear picture of their security flaws. BBRD podcast is also available on most popular podcast platforms: Nov 23, 2023 · This video is a part of an RCE case study where I studied 126 disclosed RCE bug bounty reports to learn how are people actually making money with RCEs. hvwbldw yydtyit xnqke whstb rds xvbrn jjrm vmcmp crvc zizrumb