Bug Bounty Reports Discussed-logo

Bug Bounty Reports Discussed

Technology Podcasts

From Bug Bounty Reports Discussed podcast you can learn from the best bug bounty hunters in the world. I ask them about their methodologies, tools they use, the advice they give to beginners and many more... Subscribe to never miss an episode!

Location:

United States

Description:

From Bug Bounty Reports Discussed podcast you can learn from the best bug bounty hunters in the world. I ask them about their methodologies, tools they use, the advice they give to beginners and many more... Subscribe to never miss an episode!

Language:

English


Episodes
Ask host to enable sharing for playback control

Finding criticals on well-tested targets - Victor “doomerhunter” Poucheret

12/23/2024
This video is my interview with a full-time bug bounty hunter that had a great success at recent Live Hacking Events - Victor “doomerhunter” Poucheret. We're talking about his bug bounty methodology, choosing a bug bounty program, tools and much more.

Duration:01:30:30

Ask host to enable sharing for playback control

How not to get stuck when learning web security? Louis Nyffenegger from PentesterLab

11/6/2024
In this interview, I'm talking with Louis Nyffenegger who's been teaching people websecurity since 13 years by creating Pentesterlab - web security learning platform, as well as by giving multiple talks and guiding people through their careers.

Duration:00:55:16

Ask host to enable sharing for playback control

Going full-time bug bounty, privilege escalation bugs and more with Douglas Day

8/15/2024
📧 Subscribe to BBRE Premium: https://bbre.dev/premium ✉️ Sign up for the mailing list: https://bbre.dev/nl 📣 Follow me on Twitter: https://bbre.dev/tw 📣 Follow Douglas on Twitter: https://twitter.com/ArchAngelDDay In this interview, we're talking with Douglas Day about his bug hunting methodlogy, about quitting his job to become a full-time bug bounty hunter and many more. BBRD podcast is also available on most popular podcast platforms: https://open.spotify.com/show/6tLoJ5foOoZPPELwrHPBO4 https://podcasts.google.com/feed/aHR0cHM6Ly93d3cuc3ByZWFrZXIuY29tL3Nob3cvNTA3Mzc4MS9lcGlzb2Rlcy9mZWVk https://podcasts.apple.com/us/podcast/bug-bounty-reports-discussed/id1583400215?uo=4 Timestamps: 00:00 Intro 0:29 Going full-time bug bounty 9:12 Douglas' bug bounty methodology 28:13 Bug Bounty tools you need 43:04 The benefits of collaboration in bug bounty 54:23 How to deal with having a similar bug on many endpoints? 1:11:37 How to select a bug bounty program?

Duration:01:31:16

Ask host to enable sharing for playback control

Finding criticals in mobile apps - Joel Margolis (0xteknogeek) from the Critical Thinking Bug Bounty podcast

7/24/2024
📧 Subscribe to BBRE Premium: https://bbre.dev/premium ✉️ Sign up for the mailing list: https://bbre.dev/nl 📣 Follow me on Twitter: https://bbre.dev/tw 📣 Follow Joel on Twitter: https://x.com/0xteknogeek In this interview, we're talking with Joel about bug bounty hunting on mobile apps, about being a program manager, about Live Hacking Events and more. BBRD podcast is also available on most popular podcast platforms: https://open.spotify.com/show/6tLoJ5foOoZPPELwrHPBO4 https://podcasts.google.com/feed/aHR0cHM6Ly93d3cuc3ByZWFrZXIuY29tL3Nob3cvNTA3Mzc4MS9lcGlzb2Rlcy9mZWVk https://podcasts.apple.com/us/podcast/bug-bounty-reports-discussed/id1583400215?uo=4 Links mentioned during the interview: https://www.timeshifter.com https://codeshare.frida.re/@teknogeek/android-universal-ssl-unpin/ https://gitlab.com/newbit/rootAVD https://github.com/Ch0pin/medusa https://github.com/teknogeek/get_schemas Timestamps: 00:00 Intro 00:22 Getting into bug bounty 11:04 Live Hacking Events 24:58 Mobile bug bounty 48:34 Lessons from being a bug bounty program manager 1:03:54 The plans for the Critical Thinking Bug Bounty podcast

Duration:01:08:52

Ask host to enable sharing for playback control

The secret to finding many Criticals - Alex Chapman

6/25/2024
📧 Subscribe to BBRE Premium: https://bbre.dev/premium ✉️ Sign up for the mailing list: https://bbre.dev/nl 📣 Follow me on Twitter: https://bbre.dev/tw 📣 Follow Alex on Twitter: https://x.com/ajxchapman In this episode I'm interviewing Alex Chapman - a full-time bug bounty hunter known for finding many high-impact bugs and very little medium and low-impact ones. BBRD podcast is also available on most popular podcast platforms: https://open.spotify.com/show/6tLoJ5foOoZPPELwrHPBO4 https://podcasts.google.com/feed/aHR0cHM6Ly93d3cuc3ByZWFrZXIuY29tL3Nob3cvNTA3Mzc4MS9lcGlzb2Rlcy9mZWVk https://podcasts.apple.com/us/podcast/bug-bounty-reports-discussed/id1583400215?uo=4 Timestamps: 00:00 Intro 0:22 How did Alex start with cybersecurity and bug bounty? 3:05 Alex' uique hacking style 19:18 Source code review tips 28:37 How to write a good bug bounty report? 45:52 Finding bugs in desktop applications 52:15 LHEs 1:00:57 Live of a full-time bug bounty hunter

Duration:01:16:33

Ask host to enable sharing for playback control

How I got into cybersecurity and bug bounty?

2/13/2024
In this episode, I'm talking about my story of getting into cybersecurity - what got me interested, how I became a pentester, what motivated my to create my channel and finally, how I became a bug bounty hunter.

Duration:00:38:08

Ask host to enable sharing for playback control

Find more clients and improve in pentesting - Cristi Vlad

1/9/2024
In this episode of the podcast, I'm interviewing Cristi Vlad about bug bounty and pentesting - the differences, ways to build your network of clients, continuous learning and more.

Duration:01:12:18

Ask host to enable sharing for playback control

All you need to know about being a full-time bug bounty hunter - Justin “rhynorater” Gardner

11/21/2023
In this episode of the podcast, I interview Justin Gardner, the host of the Critical Thinking Bug Bounty Podcast who's been a full-time hunter for about 4 years. We talk about his methodology, tooling and many more!

Duration:01:21:32

Ask host to enable sharing for playback control

AI and hacking - opportunities and threats - Joseph “rez0” Thacker

10/20/2023
📧 Subscribe to BBRE Premium: https://bbre.dev/premium 📖 Check out AppSecEngineer, the sponsor of today's video: https://www.appsecengineer.com 📣 Follow GUEST on Twitter: https://twitter.com/@rez0 ✉️ Sign up for the mailing list: https://bbre.dev/nl 📣 Follow me on Twitter: https://bbre.dev/tw In this interview we are discussing with rez0 a range of topics around AI - the new vulnerability opportunities it created, how can I help us in hacking and if it will replace us in the future. Resources and people mentioned in the podcast: https://olickel.com/everything-i-know-about-prompting-llms https://www.anthropic.com/index/prompting-long-context https://simonwillison.net https://llm-attacks.org/zou2023universal.pdf http://llm-attacks.org BBRD podcast is also available on most popular podcast platforms: https://open.spotify.com/show/6tLoJ5foOoZPPELwrHPBO4 https://podcasts.google.com/feed/aHR0cHM6Ly93d3cuc3ByZWFrZXIuY29tL3Nob3cvNTA3Mzc4MS9lcGlzb2Rlcy9mZWVk https://podcasts.apple.com/us/podcast/bug-bounty-reports-discussed/id1583400215?uo=4 Timestamps: 00:00 Intro 00:32 Check out AppSecEngineer, the sponsor of this podcast 01:36 rez0's regular bug bounty hacking style 22:39 AI and hacking

Duration:01:27:14

Ask host to enable sharing for playback control

From reporting self-XSSes to improving browser security mechanisms - Michał Bentkowski

9/6/2023
In this episode, I interview Michał Bentkowski who specializes in crazy XSS bugs and now works on improving security of the browsers at Google.

Duration:01:30:29

Ask host to enable sharing for playback control

The key to succeed in bug bounty - NahamSec

7/26/2023
In this episode with @NahamSec we are talking about bug bounty. Ben has a unique insight into mistakes beginners make since he's the biggest content creator in the bug bounty space and gets asked a lot of questions. We are talking about his methodology, the role of recon and much more.

Duration:01:10:21

Ask host to enable sharing for playback control

Road to Most Valuable Hacker and working while travelling the world - Yassine Aboukir

6/27/2023
In this podcast, I interview Yassine Aboukir - the winner of Most Valuable Hacker award at H1-303 Live hacking event. We talk about his bug bounty methodology, bounty vs pentesting as well as travelling, digital nomad lifestyle and doing sports.

Duration:01:07:50

Ask host to enable sharing for playback control

Security source code review expert - Shubham Shah

5/29/2023
In this podcast episode, I interview Shubham Shah - one of my biggest authorities in bug bounty space and expert in source code review who regularly finds 0days. 📧 Subscribe to BBRE Premium: https://bbre.dev/premium ✉️ Sign up for the mailing list: https://bbre.dev/nl 📣Follow me on Twitter: https://bbre.dev/tw 📣 Follow Shubs on Twitter: http://twitter.com/infosec_au/ Timestamps: 00:00 Intro 00:18 Shubs' background 13:04 Choosing good targets for finding 0days 20:41 How to audit the source code? 33:34 Who should consider a career as a full-time bug bounty hunter? 38:04 Sharing knowledge and disclosing 0days 45:54 What skills does Shubs pay attention to when recruiting security researchers? 48:48 AI in security research

Duration:00:55:16

Ask host to enable sharing for playback control

Inside the Mind of the TOP1 Facebook Bug Bounty Hunter - Youssef Sammouda

5/3/2023
In this podcast, I interview Youssef Sammouda - top Facebook/Meta bug bounty hunter in 2020, 2021 and 2022. He has found numerous bugs on Facebook, including account takeovers. We talk about his methodology, tools he uses, productivity tips and many more!

Duration:01:06:39

Ask host to enable sharing for playback control

Bug bounty automation and scaling 0days - Michael Ness

3/7/2023
In this podcast, I interview Michael Ness about bug bounty automation and scaling 0 days to get multiple payouts for a single bug. We also talk about how to make the automation better and about some tips to upcoming bug hunters. 📧 Subscribe to BBRE Premium: https://bbre.dev/premium ✉️ Sign up for the mailing list: https://bbre.dev/nl 📣Follow me on Twitter: https://bbre.dev/tw 📣 Follow Michael on Twitter: https://twitter.com/mikey96_bh Check out Overcast Security: https://search.overcast-security.app

Duration:00:45:37

Ask host to enable sharing for playback control

From zero to 6-digit bug bounty earnings in 1 year - Johan Carlsson

1/27/2023
📧 Subscribe to BBRE Premium: https://bbre.dev/premium ✉️ Sign up for the mailing list: https://bbre.dev/nl 📣 Follow me on Twitter: https://bbre.dev/tw 📣 Follow Johan on Twitter: https://twitter.com/joaxcar In this podcast I interview one of bug bounty hunters who started very recently but already is having a lot of success - Johan Carlsson. We talk about his hacking methodology, his journey with GitLab and his tips for bug bounty hunters. 🖥 Get $100 in credits for Digital Ocean: https://bbre.dev/do

Duration:01:08:37

Ask host to enable sharing for playback control

Accidentally finding a $50,000 vulnerability - Augusto Zanellato - Bug Bounty Reports Discussed #2

9/30/2021
✉️ Sign up for the newsletter: https://mailing.bugbountyexplained.com/ This podcast is an interview with Augusto Zanellato, the hacker who submitted report with a GitHub rest API token leaked which had access to Shopify's Github account. It was reported on Hackerone to Shopify and Augusto got $50,000 for it. The best thing is that he didn't even look for a security issue. Link to the report explained: https://youtu.be/TOgIgD0KUVs The report on Hackerone: https://hackerone.com/reports/1087489 Subscribe to Bug Bounty Reports Explained on YouTube: https://www.youtube.com/c/BugBountyReportsExplained/ Augusto's media: https://twitter.com/auguzanellato https://hackerone.com/augustozanellato?type=user https://github.com/augustozanellato

Duration:00:26:15

Ask host to enable sharing for playback control

Finding bugs in Google VRP without recon - David Schütz - BBRD #01

8/28/2021
The video with David's bug: https://youtu.be/miQvovD3c04 Original writeup: https://bugs.xdavidhu.me/google/2021/04/05/i-built-a-tv-that-plays-all-of-your-private-youtube-videos/ ✉️ Sign up for the newsletter to receive the best hacking info right to your inbox: https://mailing.bugbountyexplained.com/ In this episode I interview David Schütz, the 19-years old Google VRP hacker who constantly finds bugs in functionalities we use often like private videos on YouTube. We talk about his career, learning process, methodology, tooling and many more aspects that might help beginner bug bounty hunters.

Duration:00:52:24