I receive numerous messages each week asking how to get started with bug bounty hunting because of my experience and active involvement in the bug bounty space. However, after speaking with people, it
Table of Contents I find it hard to write a good introduction or conclusion. It’s been a while since I made a blog post. While I tweet about various things often, I find it hard to write anything stru
6 min read· Apr 7, 2024 -- TL;DR In August of 2023 I applied the “State Machine” research from James Kettle on the World ID SDK and identified a Race Condition that would have enabled an attacker to b
tl;dr Postman, the popular API testing platform, hosts the largest collection of public APIs. Unfortunately, it’s become one of the largest public sources of leaked secrets. We estimate over 4,000 liv
Ever since I was a kid I was never good at doing schoolwork. I had envied everyone that seemed to complete things so effortlessly and even took pleasure in the work that they were doing. I'd decided t
Almost every week, I receive a message from someone in my network asking me if full-time bug bounty hunting as a profession is possible. Honestly, I don’t think I can answer that for you, but what I c