EdOverflow

I am a web designer, developer, security researcher, and have experience triaging for numerous vulnerability disclosure programs. In my spare time, I enjoy swimming, photography, cinematography, and playing the guitar.

In 2017, I published an Internet Draft for a proposed standard which allows websites to define security policies called security.txt. A year later, I created Bug Bounty Guide, a launchpad for bug bounty programs and bug bounty hunters.

Publications

A Method for Web Security Policies (security.txt) HTML Plaintext Bibtex Wikipedia

Edwin Foudil and Yakov Shafranovich (April 2019) Internet Engineering Task Force
A guide to subdomain takeovers HTML (August 2018) HackerOne
On escalating your bug bounty findings PDF
Edwin "EdOverflow" Foudil and T.-C. "Filedescriptor" Hong (August 2019) Paged Out!

Blog posts

2019

“CI Knew There Would Be Bugs Here” — Exploring Continuous Integration Services as a Bug Bounty Hunter - https://edoverflow.com/2019/ci-knew-there-would-be-bugs-here/

2018

The poor man’s bug bounty monitoring setup - https://edoverflow.com/2018/the-poor-mans-monitoring-setup/
Automating your reconnaissance workflow with ‘meg’ - https://edoverflow.com/2018/meg/
An analysis of logic flaws in web-of-trust services. - https://edoverflow.com/2018/logic-flaws-in-wot-services/

2017

The math behind bug bounties — A formula to calculate bounty amounts. - https://edoverflow.com/2017/the-math-behind-bug-bounties/
Operation FGTNY 🗽 - Solving the H1-212 CTF. - https://edoverflow.com/2017/h1-212-ctf/
Bypassing Server-Side Request Forgery filters by abusing a bug in Ruby’s native resolver. - https://edoverflow.com/2017/ruby-resolv-bug/
A lightweight reconnaissance setup for bug bounty hunters - https://edoverflow.com/2017/lightweight-reconnaissance-setup/
Broken Link Hijacking - How expired links can be exploited. - https://edoverflow.com/2017/broken-link-hijacking/
On-platform GitHub Reconnaissance - https://edoverflow.com/2017/github-recon/
Capture the flag: reversing the passwords (Solutions) - https://edoverflow.com/2017/ctf-reversing-the-passwords/
GitHub for Bug Bounty Hunters - https://edoverflow.com/2017/github-for-bugbountyhunters/
Bug Bounty FAQ - https://edoverflow.com/2017/bugbounty-faq/

Talks

How to get the best out of your bug bounty program Video (January 2018) Disobey
security.txt Video (March 2018) IETF 101 SECDISPATCH

Press appearances

Parallels’ KeyGenie lets you play for a free product key, but you can’t ever win HTML (August 2019) TechCrunch
Uber Hack Shows Vulnerability of Software Code-Sharing Services HTML (November 2017) Bloomberg
GitLab fixes security issue that let anyone hijack custom domains HTML (February 2018) ZDNet
The Telltale Text File: Security Researcher Proposes Standardization for Reporting Vulnerabilities HTML (September 2017) Security Intelligence (IBM)
Bug-finders’ scheme: Tick-tock, this tech’s tested by flaws.. but who the heck do you tell? HTML (January 2018) The Register
Microsoft Bounty Program Offers Payouts for Identity Service Bugs HTML (July 2018) Threatpost
Navigating an Uncharted Future, Bug Bounty Hunters Seek Safe Harbors HTML (July 2018) Threatpost
Facebook Now Offers Bounties For Access Token Exposure HTML (September 2018) Threatpost

Bookshelf 📖

Here is a short list of books that I would highly recommend. Please feel free to reach out if you happen to have any recommendations for me.

Information security and bug bounty

Real-World Bug Hunting: A Field Guide to Web Hacking by Peter Yaworski
The Linux Programming Interface: A Linux and UNIX System Programming Handbook by Michael Kerrisk
The Tangled Web: A Guide to Securing Modern Web Applications by Michal Zalewski
Crypto 101 by Laurens Van Houtven

Programming

History

Enigma: The Battle for the Code by Hugh Sebag-Montefiore

Other

Don't Sweat the Small Stuff ... and It's All Small Stuff: Simple Ways to Keep the Little Things from Taking Over Your Life by Richard Carlson
The Old Man and The Sea by Ernest Hemingway
Die Verwandlung (The Metamorphosis) by Franz Kafka

Subscribe to my newsletter 📨

Get updates on new blog posts and regular bug bounty tricks & tips.