Weekly Posts, Hackerone, and a European trip

public
3 min read
Weekly Posts, Hackerone, and a European trip
Photo by Dmitry Vechorko / Unsplash

Table of contents

Hey! Today I decided to try something new. I want to try making a weekly post to talk about my bug bounty journey and also my travels and other personal stuff.

That's what I wanted to build at first, but I thought no one would be interested in non-pure technical stuff. And then I saw @monkehack weekly post, and I appreciate reading it. So maybe it can interest some people in the community, tell me!

So, I'm gonna try to cover some news about what I've found the last week in terms of bugs, and some thoughts or plans I have. I also want to talk maybe more about my trip because I choose to be full-time to travel so let's speak about that. And I really like the Monke part about some ideas/notes and useful resources he found the previous week.

I will try to post each Wednesday about that, and also make other posts for more technical content or about a full subject!

Hackerone

As you may know, I have hunted mainly on YesWeHack for the past 2 years. And I still really love this platform. But It's been a while since I wanted to try another one. I tried before to push some reports on hackerone, but each time, I got duplicates from very old reports which are very annoying. Most of the programs I hunted never fix their bugs.

Previously this year, I was interested in sticking for months on some big public programs. That's what I did in hackerone, and I took a few programs to focus on them, nothing really interesting was found at the moment, but I know I will be able to find something by knowing the target by heart.

Now that I have some cash flow thanks to Le FIC, I can focus more on large targets and not only running to find easier bugs.

So in the next weeks and months, I will try to be more on hackerone. I found some interesting private targets. I also got a nice critical, found in less than an hour in a target here for a long time. It's the same everywhere, there are always bugs.

A shoutout to @doomer, one of my first mentors who is back on full-time hunting, proving that even if it's a big public target, bugs are here :

New trip in Europe

Next month, I will start a new month trip in Europe. It's been a while since I wanted to discover some cities, and I chose to do them on a big trip.

For that, I will use an interrail which is a pass to easily travel in Europe by train. During the month, I will go to Amsterdam, Berlin, Prague, Vienna, Budapest, and finally Istanbul.

That's very nice to be able to travel and also work at the same time. I will find some coffee shop to work, and stay there for a couple of days, hunting my targets.

If you are in these cities and you want to meet, feel free to reach me !

Feel free to tell me if you like this type of article, and want more of them ;)

Ideas / Notes / Resources

  • The video of the Hack Me I'm Famous LHE is released if you want to see how the event was :

Hack Me I'm Famous video

  • I discovered a new tool for recon and workflow called secator. I love how they handled the workflow part, and I will probably use it in my recon workflow in the next weeks.
  • @bebiks released the new version of his Caido plugin EvenBetter. He pushed the tool so much and Caido is now fully functional, and for my workflow even better than Burp.
  • @Chackal wrote a very nice article that shows us how some companies are managing vulnerabilities the bad way
[Vulnerability research 0x0] β€” Choosing a good target
Intro
  • I now use the app Omnivore to push all the articles/newsletters I want to read to only one place. That's awesome when you have time to already have some articles to read later.
Aituglo

Aituglo

Paris
The author of this blog, a bug bounty hunter and security researcher that shares his thoughts about the art of hacking.