? Check out my notes from Elastic: https://bbre.dev/elastic
? Subscribe to BBRE Premium: https://bbre.dev/premium
✉️ Sign up for the mailing list: https://bbre.dev/nl
? Follow me on twitter: https://bbre.dev/tw

This video is about my bug bounty journey. This time, I challenged myself to spent 100 hours on a Hackerone’s public bug bounty program: Elasticsearch.

? Get $100 in credits for Digital Ocean: https://bbre.dev/do

00:00 Intro
00:27 How much time did I spent on setup?
01:24 Path traversal in Datafeeds
04:33 Potential SSRF in package file proxying
05:26 Enterprise search and JRuby
07:25 Badly written regexes in JavaScript
08:48 Funtionality DoS
10:41 Finding a duplicate
11:15 Reversing patches and writing plugins
13:12 Finally, finding a valid bug
14:39 Lessons learned

Add comment

Your email address will not be published. Required fields are marked *