Public programs, articles, and Hackyx

I finally pushed the update of Hackyx. I finished restoring and parsing everything again.

It was quite long as I was also hunting a lot during this time, and as I'm lazy, I preferred to switch from project to project instead of finishing one.

Here is my current project ...

Public programs

It's now been a few weeks since I've been hunting only on big public programs, especially on HackerOne, and it's been quite rewarding. Not everything has been paid for yet, but I found a good number of bugs, mostly through collaboration, but it's still very nice to find bugs on these targets.

I think I will continue doing it, and more and more on targets that invite for LHE like Epic Games, Amazon, etc ... I was afraid at first to hunt on these hardened targets but at the end, there are bugs everywhere, public or not.

Being methodical, and not especially looking for bugs at first, but understanding the target and finding gadgets has been quite nice.

Articles

As I told you before, I wrote some articles for Bugcrowd, the first one was a simple explanation of Access Control bugs and Account Takeover, which is more for beginners

Access Control vs Account Takeover: What Bug Bounty Hunters Need to Know | @Bugcrowd

Hey everyone, Aituglo here. I’m a full-time bug hunter mainly focused on access control bugs. There are so many different types of vulnerabilities concerning access control that it can be hard at first to choose the right category for testing. In bug hunting, two common vulnerability types are account takeover (ATO) and access control.

BugcrowdGuest Post

But I'm more proud of the second one about finding bugs on hardened targets, a lot of people read it, and I got a lot of feedback,k which is so nice.

How to find bugs on a hardened target using gadgets | @Bugcrowd

By staying patient and chaining small gadgets together, you can eventually uncover critical, high-impact bugs.

BugcrowdGuest Post

I'm planning to write more technical articles like that in the future, I just need to figure it out on which topic.

Hackyx

I'm finally releasing a new version of Hackyx.

You can check it out on https://hackyx.io

It's mostly a backend release, as it helped me parse more articles, write-ups, and stuff, but it's also very helpful for you, as now, you can search using embeddings.

Using this button, you can now switch from a simple text search to an embeddings search.

What is the difference?

A simple search means it will only search for exact text in all the articles. Using the embeddings, it will look for similar stuff.

This way you can find all the similar articles that talks about a specific topic. It will also be very helpful in the future to build a chatbot with the whole context of all the articles.

You can also make mistakes in your typing, and it will still find good results.

There are probably some bugs, actually, so feel free to ping me if you encounter one of them.

The backend part

On my side, I now have a proper dashboard, with a queue system, and a new way to parse stuff.

I can now run a cron job that will automatically handle new content from CTFtime, HackerOne, and Huntr.

Every content is pushed to an AI to determine if it is interesting or garbage. This way, only interesting stuff is kept in the database compared to before.

Every article is tagged, so it's simpler to make a search now. I'm planning to improve it in the future, but for now, it's already quite nice.

What's next

Now that we have embeddings, I will be able to launch new features quickly like an AI, using all the data parsed on Hackyx.

I also plan to add nice premium features in the next weeks ( depending on my laziness ), so stay tuned.

Also, if you have any good idea that you want me to implement on it, feel free ton contact me.

Aituglo

Paris

The author of this blog, a bug bounty hunter and security researcher that shares his thoughts about the art of hacking.