In this podcast, my guest is Arthur Aires, part-time bug bounty hunter and cybersecurity pro from Brazil. He has an amazing approach that combines manual hacking with using a lot of tools for recon and fuzzing.
Some links mentioned in the video: https://github.com/pwntester/SerialKillerBypassGadgetCollection https://book.hacktricks.wiki/en/index.html https://portswigger.net/bappstore/e4e0f6c4f0274754917dcb5f4937bb9e https://portswigger.net/bappstore/594a49bb233748f2bc80a9eb18a2e08f https://portswigger.net/bappstore/0e61c786db0c4ac787a08c4516d52ccf https://github.com/PortSwigger/403-bypasser https://github.com/projectdiscovery/nuclei https://github.com/SeifElsallamy/Blind-XSS-Manager/tree/main https://github.com/trufflesecurity/xsshunter https://infosecwriteups.com/easy-xsshunter-discord-alerts-33fcff24a8f7 https://github.com/elkokc/reflector https://portswigger.net/burp/documentation/desktop/tools/dom-invader https://urlscan.io/
Timestamps:
00:00 Intro
01:30 Balancing part-time bug bounty with full-time job
02:56 Mixing manual bug bounty hunting with automation
22:04 The most useful Burp extensions
33:25 Fuzzing in bug bounty
46:34 Live Hacking Events
