I write about bug bounty, open source, and security—often intertwining the subjects. You can learn more about me and my work here.


Reading RFCs for bug bounty hunters

#RFC #IETF #bug bounty

What Bypassing Razer's DOM-based XSS Patch Can Teach Us

#xss #bug bounty #Razer #security engineering

"CI Knew There Would Be Bugs Here" — Exploring Continuous Integration Services as a Bug Bounty Hunter

#ci #open source #bug bounty #security

The poor man's bug bounty monitoring setup

#bug bounty #GitHub

Automating your reconnaissance workflow with 'meg'

#meg #bug bounty

An analysis of logic flaws in web-of-trust services

#bug bounty #security #logic flaws

The math behind bug bounties — A formula to calculate bounty amounts

#math #bug bounty

Bypassing Server-Side Request Forgery filters by abusing a bug in Ruby's native resolver

#Ruby #bug bounty

A lightweight reconnaissance setup for bug bounty hunters

#bug bounty

GitHub for Bug Bounty Hunters

#GitHub #bug bounty #reconnaissance