Web developer, security researcher, Senior Pentester at Cure53, sports scholar at University of Warwick, and author of security.txt (RFC 9116). I write about bug bounty, open source, and security—often intertwining the subjects. You can learn more about me and my work here.

Learn to build it, then break it

 #bug bounty #security

Reading RFCs for bug bounty hunters

 #RFC #IETF #bug bounty

What Bypassing Razer's DOM-based XSS Patch Can Teach Us

 #xss #bug bounty #Razer #security engineering

"CI Knew There Would Be Bugs Here" — Exploring Continuous Integration Services as a Bug Bounty Hunter

 #ci #open source #bug bounty #security

The poor man's bug bounty monitoring setup

 #bug bounty #GitHub

Automating your reconnaissance workflow with 'meg'

 #meg #bug bounty

An analysis of logic flaws in web-of-trust services

 #bug bounty #security #logic flaws

The math behind bug bounties — A formula to calculate bounty amounts

 #math #bug bounty

Bypassing Server-Side Request Forgery filters by abusing a bug in Ruby's native resolver

 #Ruby #bug bounty

A lightweight reconnaissance setup for bug bounty hunters

 #bug bounty