I am a web designer, developer, security researcher, and have experience triaging for numerous vulnerability disclosure programs. In my spare time, I enjoy swimming, photography, cinematography, and playing the guitar.
In 2017, I published an Internet Draft for a proposed standard which allows websites to define security policies called security.txt. A year later, I created Bug Bounty Guide, a launchpad for bug bounty programs and bug bounty hunters.
“CI Knew There Would Be Bugs Here” — Exploring Continuous Integration Services as a Bug Bounty Hunter - https://edoverflow.com/2019/ci-knew-there-would-be-bugs-here/
The poor man’s bug bounty monitoring setup - https://edoverflow.com/2018/the-poor-mans-monitoring-setup/
Automating your reconnaissance workflow with ‘meg’ - https://edoverflow.com/2018/meg/
An analysis of logic flaws in web-of-trust services. - https://edoverflow.com/2018/logic-flaws-in-wot-services/
The math behind bug bounties — A formula to calculate bounty amounts. - https://edoverflow.com/2017/the-math-behind-bug-bounties/
Operation FGTNY 🗽 - Solving the H1-212 CTF. - https://edoverflow.com/2017/h1-212-ctf/
Bypassing Server-Side Request Forgery filters by abusing a bug in Ruby’s native resolver. - https://edoverflow.com/2017/ruby-resolv-bug/
A lightweight reconnaissance setup for bug bounty hunters - https://edoverflow.com/2017/lightweight-reconnaissance-setup/
Broken Link Hijacking - How expired links can be exploited. - https://edoverflow.com/2017/broken-link-hijacking/
On-platform GitHub Reconnaissance - https://edoverflow.com/2017/github-recon/
Capture the flag: reversing the passwords (Solutions) - https://edoverflow.com/2017/ctf-reversing-the-passwords/
GitHub for Bug Bounty Hunters - https://edoverflow.com/2017/github-for-bugbountyhunters/
Bug Bounty FAQ - https://edoverflow.com/2017/bugbounty-faq/
Get updates on new blog posts and regular bug bounty tricks & tips.