InfoSec Blog

Hacker Healthcare

Solving healthcare as a full-time bug bounty hunter in the US

Posted on October 17, 2022

Hacker Healthcare - USA I’d say that one of the most common problems that prevent successful bug bounty hunters from quitting their day job is that, in the USA, your healthcare is nearly always tied to your job. As such, when you quit your job to become self-employed, you will... [Read More]

postMessage Braindump

a brief postMessage testing methodology

Posted on October 10, 2022

postMessages postMessage-related bugs have landed me some serious bounties during the past couple live hacking events. Here is a quick summary of what you need to know about postMessage: [Read More]

CVE-2020-13379

Unauthenticated Full-Read SSRF in Grafana

Posted on August 1, 2020

While doing some security research on Grafana for bug bounty, I discovered that by chaining together some redirects and a URL Parameter Injection bug, it is possible to achieve a full-read, unauthenticated, SSRF on any Grafana instance ranging from version 3.0.1 - 7.0.1. The Grafana advisory for this bug can... [Read More]

AWS Metadata Identity-Credentials Research

What do these creds do anyway?

Posted on July 31, 2020

One of the most common ways to escalate an SSRF in an AWS Cloud environment is the (mis)use of the AWS Metadata API. This API allows for the vulnerable EC2 Machine to gain access to information about itself by accessing an HTTP API at the http://169.254.169.254. The normal route is... [Read More]

Beginners Resources

Where to get started in bug bounty

Posted on August 12, 2019

One of the questions I get all the time is How do I get started in bug bounty? While I really enjoy teaching and mentoring, it is not possible for me to provide tailored guidance for each and every one of you. I will gladly point you in the right... [Read More]