This is the first part in my new series “Funny Bug Bounty Reports”. These are not judged on their merits, technical abilities, or anything other than if they make me laugh. Today, I bring you the d...

I was tired of manually searching for the right Nuclei templates to use. The one existing site that lets you search them — while interestingly designed and certainly more stylish than anything I’d ...

I went to install Tailscale on a Wifi Pineapple, and the normal pipe to bash (lol) script didn’t work. I had to do it manually like this. YMMV - attempt at your own risk. I’m unsure how this affect...

I received an email saying I’m a top 25 researcher in the California VDP from 2024. Not too bad from the thousands of reports they get, I’m sure.

I recently ran across an application that allowed access to a ClickHouse DB for my user. The access was allowed, so that isn’t an issue. However, when we as pentesters or bug bounty hunters get acc...

The other day I received an email saying I was eligible for some swag for getting my 25th valid P1 submission on BugCrowd. I don’t do too much BB hunting these days, and also not too much on BugCro...

Welcome! I was sick of ‘maintaining’ (not that it was a lot of work) my previous blog that ran a wordpress stack on ec2 instance, so I decided to migrate to Jekyll and the Chirpy theme. The migra...

That’s in quotes, because this is seemingly a self-HTML injection with little to no security impact, but it does allow for you to change your reMarkable’s sleep screen in a different way. Maybe it’...

A while back the illustrious team over at Project Discovery wrote about the discovery of an SQLi in Masa/Mura CMS. It’s a good writeup, so go check it out for the technical details. Recently, I ra...

If you’re a pentester or bug bounty hunter that is trying to do some iOS mobile application testing, half the battle is getting a phone properly jailbroken so you can proxy HTTP requests. Nowadays,...