Like many in the BB scene, I am a HUGE fan of
@Jhaddix
's Bug Bounty Methodology. But I was always more of a notion fan over Xmind. So this video is how I track my work and take notes during bug bounty hunting using Jason's amazing methods! Check it out!
New video! I wanted to make a video going over some recon techniques that people can use to essentially snapshot the internet, and monitor for assets. I talk about what you could use your compute for instead of JUST brute forcing! Check it out!
I spoke twice at
@ReconVillage
! Those talks are LIVE on YouTube! Check them out
How I Built Recon to Scale with Serverless Architecture:
Easy EASM The Zero-Dollar Attack Surface Management Tool (w/
@Jhaddix
&
@OliviaGalluccii
):
In true new years fashion.... How to DOMINATE bug bounties in 2024 :) My thoughts and opinions on how you can grow and dominate this year. Check it out :)
Sorry sickness delayed this one a ton!
Hey everyone! I updated my BB automation architecture, and I wanted to share my thoughts. This video goes into my changes, and why I made them. Check it out :)
This new video goes over how I do subdomain recon in my automation. This is a high level overview of how I do things :) I left active enumeration/permutations for another video! Let me know what y'all think! 🤓
SUPER excited to share at
@ReconVillage
how I built my recon framework in the serverless landscape ! If you're around at DEFCON come check out my talk 🤘
If you are into cyber security, bug bounty, red teaming, etc. You should be checking out
@Jhaddix
's discord:
And you should also 100% be involved in the
@ctbbpodcast
discord channel:
These two channels are necessity IMO 🤘
New video time! This one goes over how I setup a full ready to go Kubernetes cluster on my home lab servers! If you are trying to run Kubernetes locally to develop cool stuff, check it out! :)
If you didn't notice, my dude
@xnl_h4ck3r
made another AMAZING tool! It is a browser extension that does a ton of amazing things that were mentioned in the newest
@ctbbpodcast
episode! I made a short video so you can see why it's awesome! check it out :)
Anyone who watched my first homelab video be ready for the next one. I have some kubernetes clusters set up with some cool stuff going on! And it is all automated thanks to ansible :)
Hey everyone :) I wrote a blog introducing
@pdiscoveryio
's new crawler tool Katana! Check it out and try the tool out for yourself!
P.S. : A lot of you know I write my automation in Go. Well Katana can also be used as a Go library now as well :)
Stopped by the ASM panel
@ReconVillage
this morning with
@NahamSec
,
@Jhaddix
, and
@jeff_foley
! Of course if there isn't a picture it didn't happen🤷♂️ It has been so fun meeting all these amazing hackers in person 🔥
Hey everyone! I made a little curation of the blogs/resources I am using to "study" bug bounty! I made a repo for it and here is a video explaining why I think you should check it out :)
Hello! So as some of you have seen I went down a little Web3 rabbit hole. I made a video compiling all the recommended resources to get started if Web3 bug bounties are something you are interested in exploring! Check it out :)
Just put out a new video on PwnFox and how it can be such an easy tool for finding critical bugs! This is the first hands on exploitation video! Huge thanks to
@zseano
for letting me use the platform!
This is the type of stuff that makes current AND future creators tentative to share their tools, videos, content, etc. This is extremely disheartening to see coming out of our community tbh.
Whoever shouted out my YouTube channel on
@NahamSec
's stream today, you're the real ones ♥️ Watching him check out the channel was so cool! I really appreciate the people recommending my channel to folks.
Okay FINALLY against all odds the new video is out! This one talks about the hacker's mindset, and why it is so important for beginners! Check it out!
P.S.: There is a little something for the discord I talk about at the end. Check that out too!
I think I am going to start posting youtube videos focused around my own automation / manual hacking experiences. So the topics may be more random but hopefully that will help me post more often :)
Hey everyone! The newest video is out! This one is about how SPECIFICALLY I believe you can improve as a bug bounty hunter. Beyond the generic "practice more / do more ctfs" :) Check it out and let me know what you think!
I'm hearing so many people say JavaScript and understanding/using js to your advantage is a top notch BB skill right now. But the "info" seems to still be scattered. Anyone want to name drop folks that have contributed to this so I can take a peek and start a list? :)
Other than the Mozilla docs, does anyone have any other sources (videos, blogs, explanations, etc.) on the following topics?:
CSP
Site isolation
Same Origin Policy
Frames
Same-Site
JavaScript execution methods (script, onevent handlers)
PostMessage
LocalStorage/SessionStorage
After spending time on
@zseano
's
@BugBountyHunt3r
platform, reading
@Rhynorater
's newest H1 interview, and reviewing other bb hunter's methodology. I noticed a similarity. APPLICATION ANALYSIS! So I made a video about my thoughts and where to learn more!
There is a lot of "trainings" or "courses" flying around the infosec world atm. But if you ARE in the market for some top tier learning, check out
@Jhaddix
's TBHM course. I just listened in for the third time, and it is worth every single cent of the price. Gets better every time
Over 1,000 people subscribed... WOW! Everyone who follows along and watches my stuff, I seriously have nothing but love for you all! And all the amazing hackers that have shouted out/shared my stuff. It really means the WORLD to me. Thanks so much 🤓
Finally got a new video out! This one talks about my experience with bug bounty automation, and how I am building mine :) I hope you all enjoy it and stick around for the series!
Hey everyone! As some know, I took
@Jhaddix
's TBHM Live course last weekend. Well, I just wanted to slide a unedited video out there about my thoughts, and if this is something you should consider! Check it out :)
If any of my bug bounty friends out there I am looking for help. I believe I have a solid automation pipeline for recon set up. I was curious if anyone that has a running list of domains for a wide-scope program would be willing to compare with me:)
Day 1 of my year of bug bounty: I started my bug bounty year by going hard on the training platform that seems to get HUGE results for learning, and that is
@BugBountyHunt3r
! I already had about 13 vulns, but during my work time today I was able to submit 2 more vulns!
New video! I got some servers and started a "home lab". I am planning on continuing the tool dev and automation journey here, and hopefully grow it as I go :)
Check it out!
As 2022 comes to a close in a week, I just wanted to say a huge thank you everyone I interacted with this year. All the people that chat with me, mentor me, work with me, and much more. I love you all 🙂Here's to 2023 🤘
Hey everyone! For anyone thinking of diving head first into bug bounties in 2023, check out my new video where I give some high level advice of stuff I have done as well as share some knowledge other BB hunters have shared with me :)
I had a great chat with
@CharlieEriksen
(Creator of
@WeaselJs
)! We talked about the process of creating jswzl, bug bounties, automation, and much more :) Check out the video!
A few people asked me to explain how I handle my data and connect to a database with my containerized automation. Well my new video is a demo to explain how I do it and why! Enjoy :)
Toxicity in the bug bounty space just makes me sad. Sadly there are folks that think the fastest way to build themselves up is to just tear others down. Any people who follow me in the scene, please PLEASE be a positive force in the community.
A few weeks ago I spoke to
@CharlieEriksen
about
@WeaselJs
!! I just wanted to follow with a little demo going over how easy it is to get going, and what it looks like to run the tool! Check it out :)
Be advised!! The community already caught some errors in the first version of gungnir! So I made some changes today to fix them all! Please check the readme and download the newest version :)
First Mental Hacking video is live! These videos will be about mindset, improvement, etc. This first one is all about how to improve in bug bounties, web hacking, or really any skill! Check it out! :)
How does one do true "security research"?? Like is it actually diving into RFCs, white papers, and Google scholar?
I am actually genuinely curious/asking
Finally episode 4 of Gamified Hacking is out! This one is all about data driven bug bounty. What are some ways of handling all the data you gather, and why data is important! Please check it out and share if you like it :)
HUGE shout out to
@JXoaT
and the
@hackthebox_eu
crew for giving me the chance the experience the "Senior Web Penetration Tester" Learning path! I can't wait to learn a ton and share my experience 🔥🔥
IMO... The perfect combo for bug bounty collaboration:
1. The super exploiter: tons of knowledge, tricks, in-depth knowledge.
2. The security engineer/dev: Able to automate and expand the attack surface and exploitation reach of member
#1
I have to say I have a "new" weird goal with BB. Seeing all these elite BB hunters that have such close friendships with each other through this field. THAT is what I want. I want to be a part of that ✋
I wanted to put out my 2023 "resolutions". This year I will be focusing on 5 things. In true
@JamesClear
fashion these 5 things are SYSTEMS and not goals. My hope is at the end of the year I can report back on what output these systems produced. The five are the following:
New video alert! Gamified hacking episode 1 is out! This one is all about gathering in scope domains without missing any possible attack surface. This could include scopes where all assets are in scope! Check it out and let me know what you think! 🤓
@G0LDEN_infosec
told me he already started on HTB- CWEE so I guess its my time to level up and go through this material. I absolutely loved the CBBH as it was my first certification and really looking forward to this Senior Penetration Testing Path.
I find myself counting down the days until the next
@ctbbpodcast
pod🤷♂️ if you haven't listened yet and you are in bug bounties, you're missing out BIG! 👊