Introduction: Hi everyone It’s been a while since my last post but I’m back, I want to tell you a short story about a private bug bounty program and why you can always check the basic payloads because you will be surprised that some times will work. If you like Bug Bounty writeups please check […]

Bug Bounty Write ups Collection – omespino: More than $$$$$ USD in rewards by legally hacking big companies Description: With the passage of the years, I have been included in the hall of fame of companies such as Google (top 100 researcher worldwide), Microsoft, Facebook, Twitter, Slack, Netflix, Sony, Nokia, Telegram, etc. The main goal […]

Introduction: Hi everyone It’s been a while since my last post but I’m back, I want to tell you a short story about the Slack bug bounty program and why you can always check the basic payloads because you will surprise that some times will work This blogpost appeared first in the book Bug Bounty […]

Introduction: Hi everyone It’s been a while since my last post but I’m back, I want to tell you a very short story about one of my last bugs, and how I managed to get an Arbitrary local file read on iOS Files app via zip file and symlinks Disclaimer: Unfortunately, after 13 months of […]

Introduction: Hi everyone It’s been a while since my last post but I’m back, I want to tell you a very short story about one of my last bugs, and how I managed to exfiltrate /etc/environment local variables on the Google Earth Pro Desktop app on Linux. If you like Bug Bounty writeups please check […]

Introduction: Hi everyone It’s been a while since my last post but I’m back, I want to tell you a short story about the Atlassian bug bounty program and why you can always check the basic payloads because you will surprise that some times will work: This blogpost appeared first in the book Bug Bounty […]

Introduction: Hi everyone It’s been a while since my last post but I’m back, I want to tell you a very short story about one of my last bugs, and how I managed to get an Arbitrary local macOS file read via <a> tag and null byte (%00) in Google Earth Pro Desktop app This […]

Introduction: Hi everyone It’s been a while since my last post, but I’m back, I want to tell you a very short story about one of my last bugs, and how I managed to bypass some Google Cloud Monitoring protections to achieve an SSRF This blogpost appeared first in the book Bug Bounty Write Ups […]

Introduction: Hi everyone It’s been a while since my last post but I’m back, I want to tell you a very short story about one of my last bugs, and how I managed to get an RCE as Root in Apigee (Google acquisition) This blogpost appeared first in the book Bug Bounty Write Ups Collection […]

[ Update: this writeup was modified to participate in GCP VRP Prize 2020 Awards ] Introduction: Hi everyone It’s been a while since my last post (1 year w00t!) but I’m back, I want to tell you a short story about one of my last bug bounties, and how I escalated a simple XSS to […]