[ Update: this writeup was modified to participate in GCP VRP Prize 2020 Awards ] Introduction: Hi everyone It’s been a while since my last post (1 year w00t!) but I’m back, I want to tell you a short story about one of my last bug bounties, and how I escalated a simple XSS to […]
Hi everyone It’s been a while from my last post but I’m back, I want to tell you a short story about why your profesional background mathers when you do bug bounties (in my case my job as devops engineer), if you know how something works, you might be able to break it. Report Summary: […]
Hi everyone It’s been a while from my last post but I’m back, I want to tell you a short story about my greatest find so far (My first P1) It was in Google VRP program and why you can always check for dirs in 301 / 302 / 403 / 404 status pages because […]
Hi everyone It’s been a while from my last post but I’m back, I want to tell you a short story about Microsof bug bounty program and why you can always check the basic payloads because you will surprise that some times will work: SPOILER ALERT: I highly recommend Miscrosoft Bug Bounty Program, in my […]
Hi everyone It’s been a while from my last post but I’m back, now I want to show you that you can start hacking android apps with frida without pain, I took me several hours to figure out how to get the frida installation ready but at the end that wasn’t really really difficult, the […]
Hi everyone It’s been a while from my last post but I’m back, I want to tell you a love story about Yahoo! bug bounty program that is very great because I learned a lot of lessons, so I got into Yahoo! Security Hall of Fame (2018) via Hackerone, so here we go: Report Summary (first try): […]
Hi everyone It’s been a while from my last post but I’m back, I want to tell you a short story about Telegram/Whatsapp bug bounty that is very great because this was my first Bitcoin bug bounty payment: [Note] the vulnerability was extacly the same so [It was accepted by Telegram but marked as N/A […]
Hi everyone, this is very special to me, is the report for my first bug bounty ever! in 2017, so far I’ve found another bugs in platforms like Facebook and Nokia, but this one will always be my favorite because was the 1st one, so I got into Twitter Security Hall of Fame (2017) via […]
Hi everyone this is a write up about how do I got into Nokia security Program Hall of Fame , so here we go: Note: this bug have been reported in about 10 companies and only Nokia accepted as a valid report Do you think that internal IP disclosure is a security flaw? share your […]
Hi everyone FINALLY I get into Facebook Whitehat Program Hall of Fame After 5 tries, this is my 2nd bug bounty and my very first write up, so here we go: Vulnerability Scope: Main Site (www.facebook.com)Status: MitigatedTitle: “Getting access to prompt debug dialog and serialized tool on main website facebook.com”Product / URL: www.facebook.com Description and […]