Hacker Healthcare - USA I’d say that one of the most common problems that prevent successful bug bounty hunters from quitting their day job is that, in the USA, your healthcare is nearly always tied to your job. As such, when you quit your job to become self-employed, you will...
[Read More]
postMessage Braindump
a brief postMessage testing methodology
postMessages
postMessage-related bugs have landed me some serious bounties during the past couple live hacking events. Here is a quick summary of what you need to know about postMessage:
[Read More]
CVE-2020-13379
Unauthenticated Full-Read SSRF in Grafana
While doing some security research on Grafana for bug bounty, I discovered that by chaining together some redirects and a URL Parameter Injection bug, it is possible to achieve a full-read, unauthenticated, SSRF on any Grafana instance ranging from version 3.0.1 - 7.0.1. The Grafana advisory for this bug can...
[Read More]
AWS Metadata Identity-Credentials Research
What do these creds do anyway?
One of the most common ways to escalate an SSRF in an AWS Cloud environment is the (mis)use of the AWS Metadata API. This API allows for the vulnerable EC2 Machine to gain access to information about itself by accessing an HTTP API at the http://169.254.169.254. The normal route is...
[Read More]
Beginners Resources
Where to get started in bug bounty
One of the questions I get all the time is How do I get started in bug bounty? While I really enjoy teaching and mentoring, it is not possible for me to provide tailored guidance for each and every one of you. I will gladly point you in the right...
[Read More]