Hack Like a Pirate
Treating Your Scope Like a Treasure Hunt
Read More →
Blog
Latest Posts
Popping Helm's Deep: How one vulnerability opened up an entire fortress of new scope
Like any good catholic, I’ve been obsessed with Lord of the Rings. And like any Lord of the Rings fan, one of my favorite scenes from Peter Jackson’s interpretation is...
Read More →
System Prompt Storytelling: A Tale of AI Jailbreaking
A while back I was poking around at an AI agent, trying to discover its system prompt. If you’re not familiar with system prompts, they’re essentially the core instructions that...
Read More →
Report Pointers for Collaborative Chains
As bug bounty hunters, we often find ourselves working on complex vulnerability chains that require multiple components to achieve maximum impact. Sometimes, we’ll discover most of a chain but find...
Read More →
How I Became The Most Valuable Hacker
This January, I found myself under Miami’s sun, hacking for Capital One at HackerOne’s H1-305 live hacking event (LHE). Imagine this: 50-100 of the world’s best hackers flown to a...
Read More →
How I Achieved ATO on a HackerOne Vendor
Every year as a HackerOne Clear verified researcher, I’m required to register on a couple of vendors that HackerOne uses. As I was going through the process of providing my...
Read More →
Map your hacking sessions- then execute
Bug Bounty Hunting is an ever-changing ecosystem - what works in one season may not work in another. As such, and as with any discipline, being able to evaluate your...
Read More →
Sliding Bounties and Why You Should Use Them
If you’ve been doing bug bounty for any time, either as a hunter or a program, you’ve doubtless heard complaints about CVSS scoring. The typical scenario will look something like...
Read More →