Bug Bounty Reports Discussed

✉️ Sign up for the newsletter: https://mailing.bugbountyexplained.com/This podcast is an interview with Augusto Zanellato, the hacker who submitted report with a GitHub rest API token leaked which had access to Shopify's Github account. It was reported on Hackerone to Shopify and Augusto got $50,000 for it. The best thing is that he didn't even look for a security issue.Link to the report explained: https://youtu.be/TOgIgD0KUVsThe report on Hackerone: https://hackerone.com/reports/1087489Subscribe to Bug Bounty Reports Explained on YouTube: https://www.youtube.com/c/BugBountyReportsExplained/Augusto's media:https://twitter.com/auguzanellatohttps://hackerone.com/augustozanellato?type=userhttps://github.com/augustozanellato

The video with David's bug: https://youtu.be/miQvovD3c04Original writeup: https://bugs.xdavidhu.me/google/2021/04/05/i-built-a-tv-that-plays-all-of-your-private-youtube-videos/✉️ Sign up for the newsletter to receive the best hacking info right to your inbox: https://mailing.bugbountyexplained.com/In this episode I interview David Schütz, the 19-years old Google VRP hacker who constantly finds bugs in functionalities we use often like private videos on YouTube. We talk about his career, learning process, methodology, tooling and many more aspects that might help beginner bug bounty hunters.