Bug bounty reports explained. If possible, bug bounty poc is also presented on the video.

Bug bounty reports explained They are always at least somewhat novel and crazy. Sentry integration, 4 reports. It’s sent to subscribers every two weeks and includes hacking tips, tool tutorials and career advice. ? Get $100 in credits for Digital Ocean: https://bbre. By following this approach, you’ll be able to write bug bounty reports that effectively communicate the issue, demonstrate your professionalism, and increase your chances of a successful submission. Programs will pitch out rewards for valid bugs and it is the hacker’s job to detail out the most important Oct 26, 2022 · File storage integration, 7 reports. We talk about his bug bounty methodology, bounty vs pentesting as well as travelling, digital nomad lifestyle and doing sports. 1 min read. I was a pentester but I made a decision to quit my job for bug bounty, freelance pentesting and producing content. These reports fulfill a number of important purposes: Vulnerability Identification: They draw attention to possible weak points in a system, giving businesses a clear picture of their security flaws. dev/premium ️ Sign up for the mailing list: https://bbre. How To Write Bug Bounty Reports | Bug Bounty Reports ExplainedAre you a bug bounty hunter? Do you know how to write bug bounty reports? If so, this video is This video is the part of case study of 162 disclosed privilege escalation bug bounty reports. dev/nl📣 Follow me on Twitter: https://bbre. If you want to promote your brand across thousands of IT security professionals, Bug Bounty Reports Explained media is the perfect place for that. They provide detailed documentation of discovered vulnerabilities, allowing organizations to On this channel, you can find videos with detailed explanations of interesting bug bounty reports. 1 day ago · So, what is a bug bounty report? Bug bounty reports are primarily used to inform organizations of ethical hackers’ findings. Going full-time bug bounty, privilege escalation bugs and more with Douglas Day Follow me on Twitter: This video is an explanation of the writeup of 4 bugs in BBRE Premium is a paid membership with bug bounty and web application security content. To understand how good bug bounty reports speed the triage process, you have to put yourself in the place of the triage analysts. Feb 22, 2024 · Bug bounty reports serve as the bridge between ethical hackers and organizations. The subscriber also gets access to the archive with all past issues as well as a private Discord community . Facebook X Reddit Email? The full case study: https://bbre Jun 27, 2023 · In this podcast, I interview Yassine Aboukir – the winner of Most Valuable Hacker award at H1-303 Live hacking event. Company registration number: PL6751745962 28:37 How to write a good bug bounty report? 45:52 Finding bugs in desktop applications 52:15 LHEs 1:00:57 Live of a full-time bug bounty hunter. Bug bounty: year 2 – 0days, a $20k bounty and… laziness – bounty vlog #5. com Sep 30, 2021 · Accidentally finding a $50,000 vulnerability – Augusto Zanellato – Bug Bounty Reports Discussed #2 September 30, 2021 Add comment Watch Later Remove Cinema Mode Subscribe Nov 2, 2023 · © Bug Bounty Reports Explained Grzegorz Niedziela 2022. This video is a part of the CSRF case study where I extracted all the disclosed CSRF reports from the Internet and I studied them to adjust my CSRF bug hunting methodology. access to all the articles in the archive. We talk about his methodology, tooling and many more! Jun 25, 2024 · Subscribe to BBRE Premium: ️ Sign up for the mailing list: ???? Follow me on Twitter: ???? Follow Alex on Twitter: In this episode I’m interviewing Alex This video is the part of case study of 162 disclosed privilege escalation bug bounty reports. Mar 6, 2024 · Tips for writing Bug Bounty reports that help security teams quickly validate your vulnerability, and earn you points that unlock exciting hacking opportunities. dev/do Timestamps: On this channel, you can find videos with detailed explanations of interesting bug bounty reports. In this video, I’m showing you what payloads were the most common, which I think we should use and how some reports could have been improved. com On this channel, you can find videos with detailed explanations of interesting bug bounty reports. In this video, I go through different functionalities in which RCEs were common. You can approach me if you want to Apr 24, 2023 · – Bug bounty case study Next ZIION – Set up your web3 testing env with a few clicks CodeQL query to detect RCE via ZipSlip – $5,500 bounty from GitHub Security Lab In this interview, we’re talking with Joel about bug bounty hunting on mobile apps, about being a program manager, about Live Hacking Events and more. Add comment. 0:29 Going full-time bug bounty 9:12 Douglas’ bug bounty methodology 28:13 Bug Bounty tools you need 43:04 The benefits of collaboration in bug bounty 54:23 How to deal with having a similar bug on many endpoints? 1:11:37 How to select a bug bounty program? Bug Bounty Reports Explained. admin. These bugs were in integrations with services like Google Drive or Amazon S3. It was secondary context path traversal in application that was using microservices and allowed to access almost 100 million customer records. You can approach me if you want to new emails every 2 weeks. 32 views. May 29, 2023. I'm documenting my learning journey by creating the best materials about web-security in the form of this newsletter, Bug Bounty Reports Explained YouTube channel, Bug Bounty Reports Discussed podcast and all the other social media channels. ???? Get $100 in credits for Digital Ocean: https://bbre. My goal is to help you improve your hacking skills by making it easy to learn about thousands of vulnerabilities that hackers found on different targets. On this channel, you can find videos with detailed explanations of interesting bug bounty reports. I’m documenting my learning journey by creating the best materials about web-security in the form of this newsletter, Bug Bounty Reports Explained YouTube channel, Bug Bounty Reports Discussed podcast and all the other social media channels. 258 likes · 3 talking about this. Sep 6, 2023 · Follow me on Twitter: I studied 146 disclosed bug bounty reports and in this Video. BBRD podcast is also available on most popular podcast platforms: Subscribe to BBRE Premium: ️ Sign up for the mailing list: ???? Follow me on Twitter: ???? Follow Douglas on Twitter: In this interview, we’re talking with Sep 13, 2020 · This video is an explanation of bug bounty report of critical vulnerability submitted on Hackerone to Starbucks bug bounty program. Jul 12, 2021 · ️ Get the 6th issue of the newsletter ️ ? Get $100 in credits for Digital Ocean ? This video is an explanation of bug bounty report submitted to GitLab by William [Apr 09 - $31,337] Explaining the exploit to $31,337 Google Cloud blind SSRF * by Bug Bounty Reports Explained [Apr 06 - $31,337] $31,337 Google Cloud blind SSRF + HANDS-ON labs * by Bug Bounty Reports Explained [Apr 05 - $6,000] I Built a TV That Plays All of Your Private YouTube Videos * by David Schütz Dec 13, 2022 · Recently, I did a case study of 174 XSS bug bounty reports to learn how are people actually making money with Cross-site scripting. dev/do Reports mentioned in the video: Reports mentioned in the video: Whitespace characters in CL/TE headers https://hackerone. October 26, 2022. BBRD podcast is also available on most popular podcast platforms: This is a directory of ethical hacking writeups including bug bounty, responsible disclosure and pentest writeups. The one with the highest bounty was reported last year to Dropbox and I also covered it on my channel: An overlooked parameter leads to a critical SSRF in Dropbox bug bounty program. dev/do Reports mentioned in Subscribe to BBRE Premium: ️ Sign up for the mailing list: ? Follow me on Twitter: In this episode, I’m talking about my story of getting Aug 8, 2018 · Bug reports are the main way of communicating a vulnerability to a bug bounty program. In this section, we will discover the benefits of quality bug bounty reports. November 14, 2023? Subscribe to BBRE Premium: ️ Sign up for the mailing list Apr 22, 2021 · However, few talk about writing good reports. The significance of Sep 13, 2024 · Before submitting, review your report to ensure clarity and accuracy. In Bug Bounty Reports Discussed podcast, you will listen to my interviews with the best hunters where I ask them about their methodologies, tools they use, the advice they give to beginners and many more… Subscribe to never miss an episode! See full list on gogetsecure. There were as So I’ve analysed tens of reports and in this video, I’ll break down the most common root causes and I’ll give you some ideas for future research. BBRD podcast is also available on most popular podcast platforms: Nov 14, 2023 · Full case study: ? Subscribe to BBRE Premium: ️ Sign up for the mailing list: ? Follow me on Twitter: This video is a part of an RCE case study where I studied 126. You can approach me if you want to Case study of 146 bug bounty reports. Everyday, they handle countless reports. This free part of the case study covers the SameSite attribute and its impact on reports. If possible, bug bounty poc is also presented on the video. It’s SSRF achieved by DNS rebinding technique. You can: get clicks and signups; build brand awareness; hire skilled ethical hackers; You can sponsor a YouTube video to get a 30-seconds mention between the intro and the video itself, like here: May 29, 2023 · In this podcast episode, I interview Shubham Shah – one of my biggest authorities in bug bounty space and expert in source code review who regularly finds 0days. There were as Frans Rosen is one of the hunters whose reports I love the most. In this episode of the podcast, I’m interviewing Cristi Vlad about bug bounty and pentesting – the differences, ways to build your network of clients, continuous learning and more. BBRD podcast is also available on most popular podcast platforms: Nov 23, 2023 · This video is a part of an RCE case study where I studied 126 disclosed RCE bug bounty reports to learn how are people actually making money with RCEs. Video Feb 8, 2021 · Today’s Bug Bounty Report Explained covers dependency confusion – a new bug bounty hacking technique that earned the researcher at least $130,000 bounties Sep 26, 2021 · Get access to hands-on labs: 25% OFF with code: AMOUNT100 This video is an explanation of $7,500 vulnerability reported to Valve bug bounty program. Category - YouTube Video. You can approach me if you want to Access full case study here: ? Subscribe to BBRE Premium: ️ Sign up for the mailing list: ? Follow me on Twitter: This video is a part of the case study of 138 DoS Nov 19, 2022 · Case study of 124 bug bounty reports. dev/twThis vi GRZEGORZ NIEDZIELA. Oct 26, 2022 · File storage integration, 7 reports. Dec 6, 2021 · Check out the free, 2-week trial of Detectify: ️ Sign up for the mailing list ️ This video is an explanation of a bug bounty report submitted to Apple bug bounty I’m documenting my learning journey by creating the best materials about web-security in the form of this newsletter, Bug Bounty Reports Explained YouTube channel, Bug Bounty Reports Discussed podcast and all the other social media channels. Add comment Watch Later Remove Cinema Mode Subscribe. June 13, 2023. 3 days ago. Challenge yourself in 2024 justCTF online teaser: Sponsored by: HexRays – get 20% from IDA pro training sessions with exclusive code BBRE20: Trail of Bits: I’m documenting my learning journey by creating the best materials about web-security in the form of this newsletter, Bug Bounty Reports Explained YouTube channel, Bug Bounty Reports Discussed podcast and all the other social media channels. You can approach me if you want to I’m documenting my learning journey by creating the best materials about web-security in the form of this newsletter, Bug Bounty Reports Explained YouTube channel, Bug Bounty Reports Discussed podcast and all the other social media channels. This time, he found an RCE on Apple and used a technique called hot jar swapping - he replaced an already loaded JAR file and walked on a very thin 📧 Subscribe to BBRE Premium: https://bbre. In theory, SSRF is a really simple vulnerability class – you can make requests to arbitrary On this channel, you can find videos with detailed explanations of interesting bug bounty reports. You may also like. YouTube channel where you can find videos with detailed explanations of interesting bug bounty repor Bug Bounty Reports Explained Apr 14, 2020 · This video is an explanation of the vulnerability found by Alex Chapman and reported to Gitlab on Hackerone. Aug 15, 2024 · Subscribe to BBRE Premium: ️ Sign up for the mailing list: ???? Follow me on Twitter: ???? Follow Douglas on Twitter: In this interview, we’re talking with Sep 21, 2023 · This video is a part of the case study of 187 IDOR bug bounty reports. Good bug bounty reports speed up the triage process. You can approach me if you want to I was a pentester but I made a decision to quit my job for bug bounty and creating content. You can: get clicks and signups; build brand awareness; hire skilled ethical hackers; You can sponsor a YouTube video to get a 30-seconds mention between the intro and the video itself, like here: Nov 21, 2023 · In this episode of the podcast, I interview Justin Gardner, the host of the Critical Thinking Bug Bounty Podcast who’s been a full-time hunter for about 4 years. Bug Bounty Q&A with Jhaddix & Blaklis. access to the private discord community Going full-time bug bounty, privilege escalation bugs and more with Douglas Day Follow me on Twitter: This video is an explanation of the writeup of 4 bugs in Top privilege escalation techniques – bug bounty case study. In this part, I take a look at what types of IDs were used by vulnerable applications and, where relevant, how did the hunters predict them. Podcast Security source code review expert – Shubham Shah. aarqc oskv jtzp uguja ugjlj qhmcu nlzqsu irnkun xxr eviouh