Bug Bounty Reports Discussed

📧 Subscribe to BBRE Premium: https://bbre.dev/premium📖 Check out AppSecEngineer, the sponsor of today's video: https://www.appsecengineer.com📣 Follow GUEST on Twitter: https://twitter.com/@rez0✉️ Sign up for the mailing list: https://bbre.dev/nl📣 Follow me on Twitter: https://bbre.dev/twIn this interview we are discussing with rez0 a range of topics around AI - the new vulnerability opportunities it created, how can I help us in hacking and if it will replace us in the future.Resources and people mentioned in the podcast:https://olickel.com/everything-i-know-about-prompting-llmshttps://www.anthropic.com/index/prompting-long-contexthttps://simonwillison.nethttps://llm-attacks.org/zou2023universal.pdfhttp://llm-attacks.orgBBRD podcast is also available on most popular podcast platforms:https://open.spotify.com/show/6tLoJ5foOoZPPELwrHPBO4 https://podcasts.google.com/feed/aHR0cHM6Ly93d3cuc3ByZWFrZXIuY29tL3Nob3cvNTA3Mzc4MS9lcGlzb2Rlcy9mZWVk https://podcasts.apple.com/us/podcast/bug-bounty-reports-discussed/id1583400215?uo=4Timestamps:00:00 Intro00:32 Check out AppSecEngineer, the sponsor of this podcast01:36 rez0's regular bug bounty hacking style22:39 AI and hacking

Michał Bentkowski, specializes in crazy XSS bugs and now works on improving security of the browsers at Google. They discuss bug prevention efforts, browser updates and serialization issues, transitioning from simple bugs to complex ones, analyzing client-side issues, the discovery of ARP spoofing, the value of diverse backgrounds, prototype pollution in bug bounties, and their plans for a YouTube channel and client-side HTML sanitization.

In this episode with @NahamSec we are talking about bug bounty. Ben has a unique insight into mistakes beginners make since he's the biggest content creator in the bug bounty space and gets asked a lot of questions. We are talking about his methodology, the role of recon and much more.

In this podcast, I interview Yassine Aboukir - the winner of Most Valuable Hacker award at H1-303 Live hacking event. We talk about his bug bounty methodology, bounty vs pentesting as well as travelling, digital nomad lifestyle and doing sports.

In this podcast episode, I interview Shubham Shah - one of my biggest authorities in bug bounty space and expert in source code review who regularly finds 0days.📧 Subscribe to BBRE Premium: https://bbre.dev/premium ✉️ Sign up for the mailing list: https://bbre.dev/nl📣Follow me on Twitter: https://bbre.dev/tw📣 Follow Shubs on Twitter: http://twitter.com/infosec_au/Timestamps:00:00 Intro00:18 Shubs' background13:04 Choosing good targets for finding 0days20:41 How to audit the source code?33:34 Who should consider a career as a full-time bug bounty hunter?38:04 Sharing knowledge and disclosing 0days45:54 What skills does Shubs pay attention to when recruiting security researchers?48:48 AI in security research

In this podcast, I interview Youssef Sammouda - top Facebook/Meta bug bounty hunter in 2020, 2021 and 2022. He has found numerous bugs on Facebook, including account takeovers. We talk about his methodology, tools he uses, productivity tips and many more!

In this podcast, I interview Michael Ness about bug bounty automation and scaling 0 days to get multiple payouts for a single bug. We also talk about how to make the automation better and about some tips to upcoming bug hunters.📧 Subscribe to BBRE Premium: https://bbre.dev/premium✉️ Sign up for the mailing list: https://bbre.dev/nl📣Follow me on Twitter: https://bbre.dev/tw📣 Follow Michael on Twitter: https://twitter.com/mikey96_bhCheck out Overcast Security: https://search.overcast-security.app

📧 Subscribe to BBRE Premium: https://bbre.dev/premium✉️ Sign up for the mailing list: https://bbre.dev/nl📣 Follow me on Twitter: https://bbre.dev/tw📣 Follow Johan on Twitter: https://twitter.com/joaxcarIn this podcast I interview one of bug bounty hunters who started very recently but already is having a lot of success - Johan Carlsson. We talk about his hacking methodology, his journey with GitLab and his tips for bug bounty hunters.🖥 Get $100 in credits for Digital Ocean: https://bbre.dev/do

✉️ Sign up for the newsletter: https://mailing.bugbountyexplained.com/This podcast is an interview with Augusto Zanellato, the hacker who submitted report with a GitHub rest API token leaked which had access to Shopify's Github account. It was reported on Hackerone to Shopify and Augusto got $50,000 for it. The best thing is that he didn't even look for a security issue.Link to the report explained: https://youtu.be/TOgIgD0KUVsThe report on Hackerone: https://hackerone.com/reports/1087489Subscribe to Bug Bounty Reports Explained on YouTube: https://www.youtube.com/c/BugBountyReportsExplained/Augusto's media:https://twitter.com/auguzanellatohttps://hackerone.com/augustozanellato?type=userhttps://github.com/augustozanellato

The video with David's bug: https://youtu.be/miQvovD3c04Original writeup: https://bugs.xdavidhu.me/google/2021/04/05/i-built-a-tv-that-plays-all-of-your-private-youtube-videos/✉️ Sign up for the newsletter to receive the best hacking info right to your inbox: https://mailing.bugbountyexplained.com/In this episode I interview David Schütz, the 19-years old Google VRP hacker who constantly finds bugs in functionalities we use often like private videos on YouTube. We talk about his career, learning process, methodology, tooling and many more aspects that might help beginner bug bounty hunters.