Like any good catholic, I’ve been obsessed with Lord of the Rings. And like any Lord of the Rings fan, one of my favorite scenes from Peter Jackson’s interpretation is...
A while back I was poking around at an AI agent, trying to discover its system prompt. If you’re not familiar with system prompts, they’re essentially the core instructions that...
As bug bounty hunters, we often find ourselves working on complex vulnerability chains that require multiple components to achieve maximum impact. Sometimes, we’ll discover most of a chain but find...
This January, I found myself under Miami’s sun, hacking for Capital One at HackerOne’s H1-305 live hacking event (LHE). Imagine this: 50-100 of the world’s best hackers flown to a...
Every year as a HackerOne Clear verified researcher, I’m required to register on a couple of vendors that HackerOne uses. As I was going through the process of providing my...
Bug Bounty Hunting is an ever-changing ecosystem - what works in one season may not work in another. As such, and as with any discipline, being able to evaluate your...
If you’ve been doing bug bounty for any time, either as a hunter or a program, you’ve doubtless heard complaints about CVSS scoring. The typical scenario will look something like...