Episodios

  • Bug bounty tools that actually land bugs with Arthur Aires

    Bug bounty tools that actually land bugs with Arthur Aires
    Jun 10 2025
    In this podcast, my guest is Arthur Aires, part-time bug bounty hunter and cybersecurity pro from Brazil. He has an amazing approach that combines manual hacking with using a lot of tools for recon and fuzzing.

    Some links mentioned in the video: https://github.com/pwntester/SerialKillerBypassGadgetCollection https://book.hacktricks.wiki/en/index.html https://portswigger.net/bappstore/e4e0f6c4f0274754917dcb5f4937bb9e https://portswigger.net/bappstore/594a49bb233748f2bc80a9eb18a2e08f https://portswigger.net/bappstore/0e61c786db0c4ac787a08c4516d52ccf https://github.com/PortSwigger/403-bypasser https://github.com/projectdiscovery/nuclei https://github.com/SeifElsallamy/Blind-XSS-Manager/tree/main https://github.com/trufflesecurity/xsshunter https://infosecwriteups.com/easy-xsshunter-discord-alerts-33fcff24a8f7 https://github.com/elkokc/reflector https://portswigger.net/burp/documentation/desktop/tools/dom-invader https://urlscan.io/

    Timestamps:
    00:00 Intro
    01:30 Balancing part-time bug bounty with full-time job
    02:56 Mixing manual bug bounty hunting with automation
    22:04 The most useful Burp extensions
    33:25 Fuzzing in bug bounty
    46:34 Live Hacking Events
    Más Menos
    55 m
  • The mindset for finding highs and crits in bug bounty with JR0ch17

    The mindset for finding highs and crits in bug bounty with JR0ch17
    May 14 2025
    Interview with Jasmin “JR0ch17” Landry, a former triager and security manager, now a full-time bug bounty hunter. We discuss bug bounty strategy, mindset, and finding high and critical vulnerabilities.
    Más Menos
    1 h y 12 m
  • How to become an XSS expert with renniepak

    How to become an XSS expert with renniepak
    Mar 12 2025
    This video is an interview with René de Sain, known as renniepak. We talk about XSS, CSP bypasses, privilege escalation, speeding up the workflow with tricks like JS bookmarks and we discuss if there's such thing as bug bounty methodology.
    Más Menos
    54 m
  • From 0 to a top bug bounty hunter - Johan Carlsson's journey to GitLab TOP1 on Hackerone

    From 0 to a top bug bounty hunter - Johan Carlsson's journey to GitLab TOP1 on Hackerone
    Jan 21 2025
    This episode is the interview with Johan Carlsson, a full-time bug bounty hunter who specialises in client-side bugs and is currently the TOP1 hunter on GitLab.
    Más Menos
    1 h y 19 m
  • Finding criticals on well-tested targets - Victor “doomerhunter” Poucheret

    Finding criticals on well-tested targets - Victor “doomerhunter” Poucheret
    Dec 23 2024
    This video is my interview with a full-time bug bounty hunter that had a great success at recent Live Hacking Events - Victor “doomerhunter” Poucheret. We're talking about his bug bounty methodology, choosing a bug bounty program, tools and much more.
    Más Menos
    1 h y 31 m
  • How not to get stuck when learning web security? Louis Nyffenegger from PentesterLab

    How not to get stuck when learning web security? Louis Nyffenegger from PentesterLab
    Nov 6 2024
    In this interview, I'm talking with Louis Nyffenegger who's been teaching people websecurity since 13 years by creating Pentesterlab - web security learning platform, as well as by giving multiple talks and guiding people through their careers.
    Más Menos
    55 m
  • Going full-time bug bounty, privilege escalation bugs and more with Douglas Day

    Going full-time bug bounty, privilege escalation bugs and more with Douglas Day
    Aug 15 2024
    📧 Subscribe to BBRE Premium: https://bbre.dev/premium
    ✉️ Sign up for the mailing list: https://bbre.dev/nl
    📣 Follow me on Twitter: https://bbre.dev/tw
    📣 Follow Douglas on Twitter: https://twitter.com/ArchAngelDDay
    In this interview, we're talking with Douglas Day about his bug hunting methodlogy, about quitting his job to become a full-time bug bounty hunter and many more.
    BBRD podcast is also available on most popular podcast platforms:
    https://open.spotify.com/show/6tLoJ5foOoZPPELwrHPBO4
    https://podcasts.google.com/feed/aHR0cHM6Ly93d3cuc3ByZWFrZXIuY29tL3Nob3cvNTA3Mzc4MS9lcGlzb2Rlcy9mZWVk
    https://podcasts.apple.com/us/podcast/bug-bounty-reports-discussed/id1583400215?uo=4

    Timestamps:
    00:00 Intro
    0:29 Going full-time bug bounty
    9:12 Douglas' bug bounty methodology
    28:13 Bug Bounty tools you need
    43:04 The benefits of collaboration in bug bounty
    54:23 How to deal with having a similar bug on many endpoints?
    1:11:37 How to select a bug bounty program?
    Más Menos
    1 h y 31 m
  • Finding criticals in mobile apps - Joel Margolis (0xteknogeek) from the Critical Thinking Bug Bounty podcast

    Finding criticals in mobile apps - Joel Margolis (0xteknogeek) from the Critical Thinking Bug Bounty podcast
    Jul 24 2024
    📧 Subscribe to BBRE Premium: https://bbre.dev/premium
    ✉️ Sign up for the mailing list: https://bbre.dev/nl
    📣 Follow me on Twitter: https://bbre.dev/tw
    📣 Follow Joel on Twitter: https://x.com/0xteknogeek
    In this interview, we're talking with Joel about bug bounty hunting on mobile apps, about being a program manager, about Live Hacking Events and more.

    BBRD podcast is also available on most popular podcast platforms:
    https://open.spotify.com/show/6tLoJ5foOoZPPELwrHPBO4
    https://podcasts.google.com/feed/aHR0cHM6Ly93d3cuc3ByZWFrZXIuY29tL3Nob3cvNTA3Mzc4MS9lcGlzb2Rlcy9mZWVk
    https://podcasts.apple.com/us/podcast/bug-bounty-reports-discussed/id1583400215?uo=4

    Links mentioned during the interview:
    https://www.timeshifter.com
    https://codeshare.frida.re/@teknogeek/android-universal-ssl-unpin/
    https://gitlab.com/newbit/rootAVD
    https://github.com/Ch0pin/medusa
    https://github.com/teknogeek/get_schemas
    Timestamps:
    00:00 Intro
    00:22 Getting into bug bounty
    11:04 Live Hacking Events
    24:58 Mobile bug bounty
    48:34 Lessons from being a bug bounty program manager
    1:03:54 The plans for the Critical Thinking Bug Bounty podcast
    Más Menos
    1 h y 9 m
adbl_web_global_use_to_activate_webcro805_stickypopup