Exploit not working? Keep going, don’t stopIn the middle of a pen-test/bug hunt and the exploit fails ?Feb 6Feb 6
Reentrancy Exploit using FoundryPhuwanai Thummavet provided a guide on how to exploit a ReEntrancy vulnerability in a smart contract. His write up can be found here…Feb 9, 2023Feb 9, 2023
Canada is about to see a huge spike in Cyber AttacksIn late 2022 Australia a huge uptake in cyber attacks, the Australian Cyber Security Center received 76 000 cyber crime reports, Medibank…Jan 26, 2023Jan 26, 2023
“Fully Patched? You are only 80% there. You need to think like a hacker.”20% of vulnerabilities never get a CVE leaving a blind spot for even the best vulnerability management programsOct 28, 2022Oct 28, 2022
Building my machine:Customizing our own machines for our own needs is an essential part of doing this job for 12 to 16 hours a day. Everything from customizing…Oct 3, 2021Oct 3, 2021
Linux commands to help with bug bountiesLet’s assume we’re extracting secrets from a group of js files using SecretFinder (https://github.com/m4ll0k/SecretFinder)Mar 9, 2021Mar 9, 2021
Possible a better way for One-LinersIn the last year bug bounty twitter has had an influx of Bug bounty one-liners. Essentially these are one-line Linux commands to find…Mar 1, 2021Mar 1, 2021
NotifyProject Discovery has released another great tool. Notify can send messages to Slack, Discord, or Telegram, which is useful during the…Nov 9, 2020Nov 9, 2020
Building a bug bounty box in AWSAt the beginning of August I started trying to bug bounties. The learning curve has been steep and it was obvious that the more structured…Sep 6, 2020Sep 6, 2020