???? Subscribe to BBRE Premium: https://bbre.dev/premium
✉️ Sign up for the mailing list: https://bbre.dev/nl
???? Follow me on Twitter: https://bbre.dev/tw
Follow Johan on Bluesky: http://bsky.app/profile/joaxcar.bsky.social
Follow Johan on Twitter: http://x.com/joaxcar?lang=en

This episode is the interview with Johan Carlsson, a full-time bug bounty hunter who specialises in client-side bugs and is currently the TOP1 hunter on GitLab.


BBRD podcast is also available on most popular podcast platforms:
https://open.spotify.com/show/6tLoJ5foOoZPPELwrHPBO4
https://music.youtube.com/playlist?list=PLvxs_epf2X91Dn3pWeRxPQSV6SWvWqDE3
https://podcasts.apple.com/us/podcast/bug-bounty-reports-discussed/id1583400215?uo=4


Timestamps:

00:00 Intro
00:24 Becoming a full-time bug bounty hunter
21:26 Finding a bug in the WebKit-based browsers
32:09 How to become a master client-side bugs?
37:31 How to bypass CSP?
44:30 How to exploit DOM Clobbering?
51:00 Client-side path traversal
56:24 What’s a cross-window forgery?
1:03:50 Finding 20 DoS bugs on GitLab in one year.

Add comment

Your email address will not be published. Required fields are marked *