I receive numerous messages each week asking how to get started with bug bounty hunting because of my experience and active involvement in the bug bounty space. However, after speaking with people, it becomes clear that many have internalised the notion of bug bounty hunting as a way to escape their…

6 min read· Apr 7, 2024 -- TL;DR In August of 2023 I applied the “State Machine” research from James Kettle on the World ID SDK and identified a Race Condition that would have enabled an attacker to b

tl;dr Postman, the popular API testing platform, hosts the largest collection of public APIs. Unfortunately, it’s become one of the largest public sources of leaked secrets. We estimate over 4,000 liv

Ever since I was a kid I was never good at doing schoolwork. I had envied everyone that seemed to complete things so effortlessly and even took pleasure in the work that they were doing. I'd decided t

Almost every week, I receive a message from someone in my network asking me if full-time bug bounty hunting as a profession is possible. Honestly, I don’t think I can answer that for you, but what I c