This time I have for you more than one bug bounty report. It’s three reports in total but all of them affect the same functionality and are tightly correlated...
Video
This time the vulnerability affected more than one website as the bugs were in django framework and in Google Analytics. It led to arbitrary cookie write and could...
Hello, today I have for you an explanation of the vulnerability that affected Hackerone itself and was reported on their platform. The GraphQL leakage was leaking all...
This video is an explanation and walkthrough my first monetary bug bounty report that was one-click DoS on gitter.im – Gitlab aquisition. It was reported on...
This video is the explanation of the bug bounty report submitted to Github Security Lab. This was not the usual vulnerability report, but CodeQL query for finding LDAP...
Original DNS rebinding: This video is an explanation of the vulnerability found by mclaren650sspider and reported on Hackerone to Gitlab. It was SSRF done by DNS...
This video is a story of the mobile CSRF bug reported to Twitter’s bug bounty program run on Hackerone and affecting Twitter’s Periscope application...
YouTube Video
$3,500 Slack SSRF – proxying to internal network via TURN server explained – Hackerone
This video is an explanation of the SSRF vulnerability found by Sandro Gauci and reported to slack on Hackerone. Links: * Original report: Reporter: PoC: * Good...
This video is an explanation of the vulnerability found by Alex Chapman and reported to Gitlab on Hackerone. It’s SSRF achieved by DNS rebinding technique. The...