Posts | EdOverflow

Web developer, security researcher, Senior Pentester at Cure53, passionate swimmer, and author of security.txt (RFC 9116). I write about bug bounty, open source, and security—often intertwining the subjects. You can learn more about me and my work here.

An analysis of logic flaws in web-of-trust services

Feb 13, 2018 #bug bounty #security #logic flaws

The math behind bug bounties — A formula to calculate bounty amounts

Nov 29, 2017 #math #bug bounty

Operation FGTNY 🗽 - Solving the H1-212 CTF

Nov 19, 2017 #HackerOne #CTF

Bypassing Server-Side Request Forgery filters by abusing a bug in Ruby's native resolver

Nov 9, 2017 #Ruby #bug bounty

A lightweight reconnaissance setup for bug bounty hunters

Oct 29, 2017 #bug bounty

Broken Link Hijacking - How expired links can be exploited

Sep 3, 2017 #broken link hijacking #security

On-platform GitHub Reconnaissance

Aug 31, 2017 #GitHub #reconnaissance

Capture the flag: reversing the passwords (Solutions)

Aug 9, 2017 #HackerOne #CTF

GitHub for Bug Bounty Hunters

Aug 8, 2017 #GitHub #bug bounty #reconnaissance

Bug Bounty FAQ

Jul 22, 2017 #bug bounty