I am a web designer, developer, security researcher, and have experience triaging for numerous vulnerability disclosure programs. In my spare time, I enjoy swimming, photography, cinematography, and playing the guitar.
In 2017, I published an Internet Draft for a proposed standard which allows websites to define security policies called security.txt. A year later, I created Bug Bounty Guide, a launchpad for bug bounty programs and bug bounty hunters.
“CI Knew There Would Be Bugs Here” — Exploring Continuous Integration Services as a Bug Bounty Hunter - https://edoverflow.com/2019/ci-knew-there-would-be-bugs-here/
The poor man’s bug bounty monitoring setup - https://edoverflow.com/2018/the-poor-mans-monitoring-setup/
Automating your reconnaissance workflow with ‘meg’ - https://edoverflow.com/2018/meg/
An analysis of logic flaws in web-of-trust services. - https://edoverflow.com/2018/logic-flaws-in-wot-services/
The math behind bug bounties — A formula to calculate bounty amounts. - https://edoverflow.com/2017/the-math-behind-bug-bounties/
Operation FGTNY 🗽 - Solving the H1-212 CTF. - https://edoverflow.com/2017/h1-212-ctf/
Bypassing Server-Side Request Forgery filters by abusing a bug in Ruby’s native resolver. - https://edoverflow.com/2017/ruby-resolv-bug/
A lightweight reconnaissance setup for bug bounty hunters - https://edoverflow.com/2017/lightweight-reconnaissance-setup/
Broken Link Hijacking - How expired links can be exploited. - https://edoverflow.com/2017/broken-link-hijacking/
On-platform GitHub Reconnaissance - https://edoverflow.com/2017/github-recon/
Capture the flag: reversing the passwords (Solutions) - https://edoverflow.com/2017/ctf-reversing-the-passwords/
GitHub for Bug Bounty Hunters - https://edoverflow.com/2017/github-for-bugbountyhunters/
Bug Bounty FAQ - https://edoverflow.com/2017/bugbounty-faq/
Here is a short list of books that I would highly recommend. Please feel free to reach out if you happen to have any recommendations for me.
Information security and bug bountyGet updates on new blog posts and regular bug bounty tricks & tips.