???? Follow Arthur on Twitter: https://x.com/arthurair_es
???? Check out Case Studies: https://bbre.dev/cs
✉️ Sign up for the newsletter: https://bbre.dev/nl
???? Follow me on Twitter: https://bbre.dev/tw
In this podcast, my guest is Arthur Aires, part-time bug bounty hunter and cybersecurity pro from Brazil. He has an amazing approach that combines manual hacking with using a lot of tools for recon and fuzzing.
BBRD podcast is also available on most popular podcast platforms:
https://open.spotify.com/show/6tLoJ5foOoZPPELwrHPBO4
https://music.youtube.com/playlist?list=PLvxs_epf2X91Dn3pWeRxPQSV6SWvWqDE3
https://podcasts.apple.com/us/podcast/bug-bounty-reports-discussed/id1583400215?uo=4
Some links mentioned in the video:
https://github.com/pwntester/SerialKillerBypassGadgetCollection
https://book.hacktricks.wiki/en/index.html
https://portswigger.net/bappstore/e4e0f6c4f0274754917dcb5f4937bb9e
https://portswigger.net/bappstore/594a49bb233748f2bc80a9eb18a2e08f
https://portswigger.net/bappstore/0e61c786db0c4ac787a08c4516d52ccf
https://github.com/PortSwigger/403-bypasser
https://github.com/projectdiscovery/nuclei
https://github.com/SeifElsallamy/Blind-XSS-Manager/tree/main
https://github.com/trufflesecurity/xsshunter
https://infosecwriteups.com/easy-xsshunter-discord-alerts-33fcff24a8f7
https://github.com/elkokc/reflector
https://portswigger.net/burp/documentation/desktop/tools/dom-invader
https://urlscan.io/
Timestamps:
00:00 Intro
01:30 Balancing part-time bug bounty with full-time job
02:56 Mixing manual bug bounty hunting with automation
22:04 The most useful Burp extensions
33:25 Fuzzing in bug bounty
46:34 Live Hacking Events
Add comment