Ranked 22nd on YesWeHack's all-time leaderboard, 

 proves you can excel with the bare minimum of tools (he generally uses only one).

The French security researcher and CTF player with the 

, who has found more than 200 vulnerabilities since registering on YesWeHack in 2016, sat down with YesWeHack at leHACK this year to discuss his Bug Bounty career to date.

Among other things, he talks about how he got into hacking via video games, his fondness for PHP targets and why bug hunting is comparable to being a scientist.

Blaklis on how he became an ethical hacker…

I've been doing Bug Bounty for about seven years now. I've been hacking for much longer: I started when I was about 13/14 (to cheat on video games – it's not very glorious I know, but you have to start somewhere).

So I started Bug Bounty with my internet service provider in Switzerland, 6/7 years ago, which had decided to do a Bug Bounty almost overnight. And then eventually, I really fell into the pot of magic potion that is Bug Bounty, and then I continued to do it on different platforms.

And now I'm trying to talk about it a lot in France. I've created a community, I've done quite a few things for Bug Bounty in France. And now I've been making a living out of it for two years. So that's all I do now – I'm a full-time bug hunter.

Personally, I love hacking in general. I'm so curious that I like to go and see how everything functions, how it works, how you can make things deviate a bit from their basic functioning. And I think it's essentially about curiosity. And I also like tinkering. It's a bit like the cheating I used to do, which is still a bit present here, but now it's more for a good cause.

On what a typical day looks like as a full-time bug hunter…

Well, in reality, in a standard day for me, it starts with waking up and knowing: am I going to work or am I not going to work? I'm lucky to have this freedom.

I'm a big fan of video games, so my days are split between potentially playing video games, spending a bit of time with my partner and working – sometimes I have to! But I don’t always work on the same devices, so I can hack on my computer from the living room, or hack on completely different devices if I'm testing very specific ones. So my days aren't really standard, after all.

On the ethical hacking opportunities available in video games…

There are some. There are video games – MMORPGs, that sort of thing – that allow testing. Today, I'm just starting to get into it, very slowly. It reminds me a bit of my younger days. Today, it's more difficult than it was. There are skills I'm missing that I'm in the process of relearning. It's also one of the strengths of Bug Bounty that I now have time to learn things that I potentially lacked back then. It's time I can take for myself, to teach myself.

On the most challenging parts of being a hacker…

For me, there's no doubt about it: the most difficult aspect is the biases you can have at the beginning. When a hunter starts out, he's bound to have biases that are gigantic: ‘I'm not skilled enough to take on big companies’, ‘there are already too many people who've tested before me’ or ‘I've spent three days hacking, I've found nothing, I'm never going to find anything’.

These are things that I think we've all encountered. And it's extremely difficult to get out of them.

On the vulnerability he is most proud of…

So there are lots of bugs I'm really proud of. I like bugs that are a bit devious, a bit complex.

And here's a good example: I have a very long chain that took me a month to find on a program and it earned me a $75,000 bounty. So that's something I'm really proud of; I spent a month working on it non-stop. I cried a bit, I sweated, I had a few tears of joy when I finally succeeded too.

I don't really have a preference. It's all very subjective. I can't quite explain it to myself yet. But I just have to have fun with it. I can't explain it completely. But it's true that when I see PHP on targets, it always puts little stars in my eyes. It's a language where I know there are a lot of pitfalls. I know them very, very well: I'm a former PHP developer, so obviously I know the pitfalls quite well.

On the three words that best describe him as a hacker…

The first is perseverance: I've already talked about that, so there's really no need to explain it. The second is twisted: I like bugs that are really twisted, that are really complex, where you have to untangle a lot of things. And the third is technical: I love anything technical. And I think that I've been able to develop a technical level that's quite high today. So I think those three words represent me pretty well.

Burp. It's the only one I use. A console, Burp, a browser – and that's it, I'm off! I don't use anything else. I'm still a bit of a Cro-Magnon in the way I hack. If I need a tool, I just code it and that's it.

On the profession (not including IT or security-related jobs) that Bug Bounty is most similar to…

For me, it's pretty close to being a scientist. I like finding new things, I like always trying to push my research a little further to find new ways of exploiting bugs, new ways of exploiting mechanisms that seem vulnerable to me, that aren't at first sight but that will eventually become so.

So I'm a bit like a scientist doing research. If I had an outside view of myself, that's more or less how I see myself.

Learn more about hunting through YesWeHack

, or learn about the latest hacking tools and techniques 

‘Hacking is essentially about curiosity’: Blaklis on the art and science of Bug Bounty hunting

A two-part research writeup on DOMPurify security from Kévin Gervot seems a worthy place to kick off our latest roundup of news and research aimed at security researchers.

 uncovered with the help of @IcesFont, @hash_kitten and @ryotkak: “three related to the default configurations for versions <= 3.1.0, 3.1.1, and 3.1.2, and one based on triple HTML parsing payloads”. The research 

, meaning moderators deemed it truly novel or innovative in the realm of web security. 🚀 Kévin (aka Mizu) acknowledges the role played by 

, a new open source tool for understanding how browsers parse HTML from our resident security researcher, Bitk. Previewing the sequel to this impressive writeup, Kévin says the latest DOMPurify fix is robust but leaves the library's security heavily reliant on a single regular expression. “In the second article, we will explore how and why this reliance can become problematic in certain configurations and use cases,” he says. 🧩

Prompt injection and containerised ChatGPT

Prompt Injecting Your Way To Shell: OpenAI's Containerized ChatGPT Environment

’, 0din’s Marco Figueroa unearths “the surprising capabilities that allow users to interact with” the “underlying structure” of OpenAI’s containerized model “in unexpected ways”. Among other things, this includes delving "into the Debian-based sandbox environment where ChatGPT’s code runs, highlighting its controlled file system and command execution capabilities". 🧐

Google’s open source security team, meanwhile, has outlined how a fuzzing project with 11,000 vulnerabilities to its name during its eight-year run so far has 

 with AI-generated and enhanced fuzz targets. Perhaps the most notable of the bugs discovered by OSS-Fuzz was “a vulnerability in the critical OpenSSL library (CVE-2024-9143) that underpins much of internet infrastructure”, as per a recent blog post. From drafting an initial fuzz target to triaging any crashes, the LLM can now apparently execute the first four steps of the developer’s process, with the fifth – having LLMs suggest patches – in the pipeline. 🤖

Other writeups and InfoSec news of interest this month:

Ruby 3.4 universal RCE deserialization gadget chain

: Diving into an Overlooked Attack Surface and Uncovering 10+ New Vulnerabilities

How Sean Kahler gained unauthorized access to 

. The bug is patched but Sean suggests the game developer could benefit from a Bug Bounty Program

 where they compromised a critical national infrastructure entity through a web shell “left from a third party’s previous security assessment”

 in the past month from the 2024 edition of the grandaddy of all hacker cons – definitely worth a look (we’ve posted one of the most popular below)!

 and the launch of a new video series featuring talented bug hunter and YesWeHack researcher enablement specialist Hanissa S (known in hacking circles as pwnii or pwnwithlove). ❤️ Called 'Talkie Pwnii', the new monthly series sees Hanissa outline potential solutions to the most recent Dojo challenge, along with other technical tips and tricks. The 

 kicked off with 'Shell Escape', which involved exploiting the SQL LIKE operator and a command injection regex bypass. The 

 (embedded below) revisits 'Hacker Forum', which involved exploiting second order SQL injection to extract data. 🛠️

: zyp3, HannanHaseeb and nomish_. 🎉 Relatedly, Dojo now has a 

, a vulnerability that occurs when an attacker can access or modify objects through manipulation. As for hacking tools, PimpMyBurp returns with a focus on SignSaboteur, a Burp extension that enables you to edit, sign, verify and 

, while another noteworthy Burp tool we spotted is a 

 for installing a Burp Collaborator Server in a docker environment using a LetsEncrypt wildcard certificate. Marvellous. 🌟

A pair of hunter interviews to flag now, starting with this sage advice from Nagli: “If you don’t stay on top of the latest trends, you won’t make it to the top.” 🧠 Who are we to disagree with one of the world’s most successful bug hunters? Keeping abreast of evolving technologies is only one of several best practices shared by the 26-year old hacker, entrepreneur and Bug Bounty automation pioneer in a new 

 (we featured the video alone in a previous newsletter). As we said earlier, Pwnii also features in a new 

 (see below) where she discusses how she got into Bug Bounty, her proudest bug find to date, her preferred hacking tools, her plans for deepening her hacking skills and her long-term plans beyond Bug Bounty. 🎯

“In general, new bugs like large language model (LLM) injection, HTTP request smuggling, OS binary or mobile app issues are more challenging for the triage team than classic vulnerabilities like XSS, CSRF and open redirects,” says our triage chief, Adrien Jeanneau (aka Hisxo), in a 

. “When reports use new techniques, we need to understand the risks, impact and possible mitigations.” While the interview is primarily aimed at customers and prospects, there are still some fascinating insights like this one for hunters. 🔥

Our first live hacking event in Latin America

Leaderboard time! We’ll kick off with the final podium from our live hacking event at Ekoparty in Buenos Aires last month, with Galicia Bank providing the targets (

Big up also to those who made the leaderboards of our other recent live hacking events – for 

 (topped by none other than pwnii!) and at 

 (with proceeds donated to the relief effort for the flooding disaster in Spain). 👏

Over to YesWeHack’s overall leaderboard now. Pocsir has leapfrogged marcosen into third place on the 

 rankings, with the ever-prolific Rabhi and Xel still out in front. This exactly mirrors the as-it-stands podium for 

 overall with just a couple of weeks left to run. 🏆

Read this monthly roundup of content aimed at ethical hackers even sooner by subscribing to 

Are you a CISO, other security professional or security-conscious dev? Check out our CISO-focused sister newsletter, 

 – bringing you news, insights and inspiration around offensive security topics like Bug Bounty, vulnerability disclosure and management, pentest management and attack surface protection.

DOMPurify bypasses, prompt injecting ChatGPT to shell, AI fuzz finds – ethical hacker news roundup

, asked participants to perform a second-order SQL injection, inserting a new value into the database which later exposes the flag in the result of a SQL SELECT statement.

Want to create your own monthly Dojo challenge? Send us a message on Twitter!

 feeds to be notified of upcoming challenges.

Read on to find out how one of the winners managed to solve the challenge.

TALKIE PWNII #2: VIDEO CHALLENGE WRITE-UP

We want to thank everyone who participated and reported to the Dojo challenge. Below is the best write-up overall:

A critical vulnerability was identified within the 

 functionality. More specifically, SQL injection is possible via the author field when posting a comment, giving the attacker the ability to modify and extract sensitive information such as user passwords.

During the initial reconnaissance phase, a thorough code inspection was conducted in which the underlying tech-stack was revealed. The application uses PHP that connects to an SQLite3 database, as shown in the first three lines of the source-code:

This immediately sparked concern for potential PHP code– or SQL injection.

Next, the application defines three PHP functions: 

, which are used in the context of rendering posts with their respective comments.

Further down, on line 53, we encounter user-supplied input for the first time. Two variables are defined: 

Next, immediately after the user-inputs are defined we find the code in which the user-comments are inserted into the SQL database.

A note was taken that the application makes proper use of 

 in the SQL query – A remediation technique used to prevent SQL injections. At first, this seemed to contradict my initial belief of finding a SQL injection.

Continuing to read the code, we are presented with a 

 which fetches all of the posts from the database and sends them to the 

Within this while-loop, a query is made to the SQL database to fetch all of the comments associated with the post being processed in the current iteration. What stands out in regards to this specific query is the lack of using 

, as the aforementioned query demonstrated on line 57. In fact, it is making use of the PHP 

's value being under our control, and we set our 

 function would have created the following query:

Theoretically, this would have been susceptible to SQL injection. Assume we enter an 

, the following SQL query would have been constructed by 

By including a single quote (') after our id, we deliberately close the string variable within the query, allowing us to append additional SQL commands ourselves. Here, an attacker would have had the opportunity to edit other peoples posts through the SQL injection by specifying someone else's 

. However, since there is no way to control that specific parameter, we are forced to let it go and move on.

Moving along down the code, in order to hinder negativity and haters from hating, a second 

 is constructed to check for any "bad words" within any of the comments. These "bad words" are found using a regex-matching technique that look for words such as "bad", or "terrible". In case a comment is identified as negative, or rather, in case a "hater is found hating", the application imposes a ban on the user and censors the comment. It does this by setting 

 as a property of the user in the SQL database.

Once again, the SQL query is constructed using 

. This time, it embeds the author value directly into the query for the users table. Remember, 

, meaning we have full control of the value. Due to the similarity of our previous theoretical SQL injection with this one, setting 

 to be a single quote (') should generate an SQL query as shown below, consequently breaking the original query. Notably, in order to reach the vulnerable code, we must enter one of the "bad words" as the 

, an error is shown when viewing the HTML source code:

Thus, this confirms the presence of a SQL injection.

A payload was constructed that extracts a user password in order to demonstrate the risks of having such a vulnerability present in an application.
In order to construct such a payload, two conditions must be met and as such the payload achieves the following:

The ability to access the extracted password.

The following steps were taken when constructing the payload:

Deliberately close the string variable in order to include our own SQL query.


 in order to reach the vulnerable part of the code.


Create a query that extracts the password from the user "Brumens" using a 

SELECT password FROM users WHERE username = "brumens"

In order to access the password, it has to be reflected in the response. As shown earlier, comments are created and then stored within the database. This means that we can simply inject a new comment directly into the SQL database with one of the reflected values to be that of Brumens password!


INSERT INTO comments (post_id, author, comment, image) VALUES (1, (SELECT password FROM users WHERE username = "brumens"), "", "")

Finally, we end our SQL query with a double-dash (--). A double-dash is a comment-marker in this version of SQL, and anything that might come after it which could break the payload will be commented out and ignored.

The resulting comments are created on the Hacker Forum:

Having a SQL injection vulnerability present in the application poses a serious threat. Data theft and manipulation in combination with authentication bypass has been demonstrated, however, there are many more possible ways for an attacker to leverage this vulnerability. It is a threat not only to the application itself, but for the users whose data may be exposed or altered, and to the company's reputation, which is at great risk.

As demonstrated, this vulnerability can be leveraged for an account takeover. However, the root cause of the account takeover is rather 

 of data stored in the database. SQL injections can be leveraged in other ways, such as denying service for users by shutting down the database or deleting content (DoS).

In this case, there are multiple remediation techniques that are recommended.

Firstly, the SQL queries on lines 72 & 78 should make use of 

, as is done on line 58. These have been proven to fix many issues regarding SQL injections, more information can be read here: https://www.php.net/manual/en/mysqli.quickstart.prepared-statements.php

Secondly, the WAF should feature protection against input-based attacks. This may include but is not limited to 

, which is a technique used to remove any 

 – a list containing characters that are allowed to pass the WAF. Furthermore, these input-checks should be replicated on the client-side.

Lastly, the application should implement 

 techniques. The account takeover would still have been possible, albeit a little bit more time consuming. But had the SQL user not been able to write to the users password field, and the password was hashed, the account takeover likely would not have been possible.

Dojo challenge #37 - Hacker Forum winners and writeup

Soft skills and the right mindset are even more important to success in Bug Bounty than technical skills because the latter are easier to learn, according to one of Italy’s most prolific hunters.

Having first registered on YesWeHack in 2021, ‘

’ – aka Simone Paganessi – has climbed to 8th position on YesWeHack’s 

. He has notched 656 reports at the time of writing. All this was achieved while working for an Italian company as a pentester.

In the Q&A and video below, Drak3hft7 also discusses his journey to being a hacker, his best bug find so far and his favourite hacking tools.

Drak3hft7 on the challenging road to becoming a hacker…

I had a long journey. I studied [many] hours [on] software development and networks[s]. After this, I studied [for the] OSCP certification.

I started Bug Bounty three years ago. The road for a hacker is very difficult, because today it’s one technical system; tomorrow it’s a new technical system, new firmware and other updates.

I prefer YesWeHack because it’s a very fantastic structure and very fast triage. I hacked [many] companies, big companies [through] YesWeHack – it’s always exciting.

My favourite critical find is an IDOR. I was able to change the parameter in the cookie and read and edit all user data in the web application: thousands of data [points]. I reported on YesWeHack. After two or three days, it was accepted.

On the personal attributes that most fuel his bug-hunting success…

My best skill for me is persistence – not technical skills but soft skills. Because, if you are a hacker, you are persistent. Very persistent, curious, passionate. The technical skills you can study, you can try [to learn].

I prefer the proxy to analyse the request and the response, to find vulnerabilities in parameters, cookies. And [I often use] Ghauri. Ghauri is the best tool for SQL injection. And the best for me is the Wayback Machine, for getting all the requests.And the best for me is the Wayback Machine [to hunt for bugs via archived URLs].

In Italy, I love the gym – very important for physical and mental health, and stability! I love to read books and watch films at the cinema.

On whether his family and friends understand what hacking is…

My family is a big help for my hacking, because it’s very important for my stability.

My friends don’t know about my hacking skills. My family don’t understand my work in the hacking system and Bug Bounty. Always questions: “What is Bug Bounty?” – it’s a difficult answer for this question.

On his favourite hacking-related art or entertainment…

My favourite TV series is Mr. Robot. [Elliot] Alderson is a very fantastic hacker and the hacker culture in the TV series is the best.

‘My best attribute is persistence – technical skills you can learn’: drak3hft7’s Bug Bounty story so far

Vendors of digital products should of course prioritise security testing and vulnerability management for the sake of their users and their own reputation.

Now they have 36 months to do so to the standards set by the EU Cyber Resilience Act (CRA) if they want to sell their software or hardware inside the world’s largest trading bloc. 🇪🇺

The CRA has just been published in the EU’s Official Journal, kickstarting a three-year countdown to full compliance. Covering everything from laptops to smart TVs, the law was introduced primarily to address “widespread vulnerabilities and the insufficient and inconsistent provision of security updates to address them”. 📱 Following our 

vulnerability testing/management explainer for NIS 2

 after it came into force last month, we’ve now 

summarised the new vulnerability-focused CRA rules

, which advocate Bug Bounty Programs.🐞

 roundup of OffSec insights (originally published as a LinkedIn newsletter), the global Bug Bounty market is 

 to grow at a compound annual growth rate (CAGR) of nearly 16% between now and 2032 – up from $1.52 billion to $4.95 billion. 📈 Business Research Insights attributes its prediction to “growth and demand returning to pre-pandemic levels”, as well as organisations needing to “regularly test their IT infrastructure” given “constantly evolving” tech stacks and the fact “a hacker could potentially destroy a company's reputation in a matter of minutes”. It also notes that, while Bug Bounty has traditionally been dominated by the software development industry, recent growth has also been fuelled by increasing adoption by governments and large corporations. 

“Many advantages, including inexpensive pricing based on output, software testing in real-time, scalability, and device and geographic coverage, can be obtained through crowdsource testing,” writes Business Research Insights in a separate but related report that notes how crowdsourced security testing is growing particularly fast in the 

Coincidentally, Research and Markets has released its own 

forecast for the global security testing market

, anticipating 24.7% CAGR until 2029 in part due to AI development that will “make anomaly detection and vulnerability prediction more reliable”. 🤖 Application security testing is the fastest growing segment of tech, says the report, while “the healthcare vertical holds the largest market share in the security testing market due to its critical need for stringent security measures”. 🏥

distilled details of a CISA red team engagement

 where they compromised a critical national infrastructure entity through a web shell “left from a third party’s previous security assessment”. 😬 CISA (the US Cybersecurity and Infrastructure Security Agency) wrote that leadership of the entity “deprioritized the treatment of a vulnerability their own cybersecurity team identified, and in their risk-based decision-making, miscalculated the potential impact and likelihood of its exploitation.” About the previous engagement's oversight, the head of research and discovery at Google threat intelligence 

: “I've seen too many red team screw ups like this [...] Stay humble and clean up after yourselves.” An infosec consultant also 

: “CISA red teaming exercise reports have been stellar in the past, but this newly released one is a really great read.” 📚

A bill that would require US federal contractors to implement NIST-compliant vulnerability disclosure policies (VDPs) has moved a step closer to becoming law after clearing a key Senate panel, 

. Civilian federal agencies are already required by law to have VDPs, and the same will soon apply to federal contractors it seems given bipartisan support for the Federal Contractor Cybersecurity Vulnerability Reduction Act. 🏛️

We conclude our roundup of useful OffSec content beyond our own output with these three interesting articles:

 – interview with Canonical CISO Stephanie Domas on 

: With great responsibility comes little or no power

Triage chief on keeping hunters and customers happy

“Giving Bug Bounty customers clear, relevant and actionable vulnerability reports gives them confidence in the process,” says Adrien Jeanneau, who heads up YesWeHack’s in-house triage team. Speaking in an interview 

, Adrien reflects on how the triage team strives to facilitate a “virtuous circle” 🔄 by keeping both customers and bug hunters happy, as well as discussing the role of automation, prioritising vulnerability reports by severity and impact, and beating YesWeHack’s first-response SLA by a wide margin. 🔥

How does an organisation identify – let alone secure – its proliferating internet-facing assets amid tight budgets and increasing cyber-attacks? 🤔 In the first of a new series of articles about attack surface management, we explain the process of 

 and make the case for implementing Continuous Threat Exposure Management (CTEM) to achieve a unified, comprehensive and real-time overview of your exposed vectors. 🚀

“We’ve had around 20 really serious reports that we would never get from a traditional pentest,” said the subject of our 

. 🔥 Transcribed from a video interview we’ve posted previously, this interview sees Erik Täfvander, head of cybersecurity at Swedish betting company ATG, reflects on the intrinsic benefits of Bug Bounty, recalls how ATG fine-tuned its approach to crowdsourced security testing, and offers his peers in other organisations some OffSec advice. 💎

As the year draws to our close, our 2024 events calendar concludes this week with 

 (11-12 December, London). 🇬🇧 Finally, we’re also proud sponsors of the Bug Bounty Village at the upcoming 

 in Brazil (14-15 December, São Paulo). ‍

Read this monthly roundup even sooner by subscribing to 

 – our LinkedIn newsletter curating news, insights and inspiration around offensive security topics like Bug Bounty, vulnerability disclosure and management, pentest management and attack surface protection.

Are you a bug hunter or do you have an interest in ethical hacking? Check out our ethical hacking-focused sister newsletter, 

 – offering hunting advice, interviews with hunters and CTF-style challenges, among other things.

Clock ticking on Cyber Resilience Act compliance, Bug Bounty forecasts, intriguing CISA red team find – OffSec roundup for CISOs

Collaborating with ethical hackers whose skills complement his own has apparently been pivotal to the success of ‘Nagli’, one of the biggest earners in the world of 

In just a few years of bug hunting, the 26-year-old hacker has achieved more than simply racking up points and bounties from a steady stream of impressive vulnerabilities.

 – has also harnessed automation creatively to scale up vulnerability discovery, and leveraged his Bug Bounty experience in bootstrapping 

, currently also works at Wiz, the cloud security platform.

In the following interview, Nagli additionally recounts how he became a hacker, details his most memorable bug discovery, and offers several golden tips to peers with designs on emulating his success.

I was always into computers and video games – Counter-Strike, Combat Arms, MapleStory and so on… So I was always technical with computers and the field of hacking was always interesting when you play video games and see people gain advantage in an unwanted way, and do those kinds of other things.

So it was always an interesting world. When you’re a hacker you have some superpower… you can do stuff that other people can’t, and you can actually make an impact and conduct some amazing things. So that’s what I’m doing with hacking and that’s what got me to actually explore it a few years ago.

On the secrets of his bug-hunting success…

I think what helped me to become successful is a lot of collaboration, networking with other people. I got the insight that I can’t be the best hacker on every section – like hacking Salesforce products or hacking other components – so just find a lot of people who are experts in what they do and give a lot of dedication. Then, whenever you stumble on a lead, you can just pass it to them and you can explore it with them together.

But basically: just a lot of dedication, not giving up and just constantly looking, investing a lot of hours into finding bugs.

So I had a lot of interesting and pretty critical bugs. It can be code executions… but the one I most like was a few weeks ago, on my birthday actually: there was one portal that suddenly became alive and there was tons of production data of a company – like years of development, internal communications… it’s very hard to configure all your SaaS products to make sure they are always configured to have authentication, to have a login panel.

So, every time you have a bug, it allows you to see the PII of customers, of a lot of customers, so every customer of a company; or just to see a lot of internal discussions from the past. It’s a goldmine for attackers so it’s a good thing on your side to report it to the company.

On the importance of staying abreast of fast-evolving tech and techniques…

So we need to evolve and learn for every new technology, like 

, which was introduced a few years ago, APIs, nowadays AI hacking as well. So if you don’t stay on top of the latest trends, latest methodologies, you won’t make it to the top and you won’t be able to do it successfully for a lot of time. So, every time there’s a new technique or new methodology in the manual hacking space or automation, I just like to adapt it as soon as I can into my systems.

The YesWeHack Blog

‘Hacking is essentially about curiosity’: Blaklis on the art and science of Bug Bounty hunting

‘Hacking is essentially about curiosity’: Blaklis on the art and science of Bug Bounty hunting

DOMPurify bypasses, prompt injecting ChatGPT to shell, AI fuzz finds – ethical hacker news roundup

Dojo challenge #37 - Hacker Forum winners and writeup

‘Hacking is essentially about curiosity’: Blaklis on the art and science of Bug Bounty hunting

‘My best attribute is persistence – technical skills you can learn’: drak3hft7’s Bug Bounty story so far

Clock ticking on Cyber Resilience Act compliance, Bug Bounty forecasts, intriguing CISA red team find – OffSec roundup for CISOs

‘Collaboration helped me become successful’: Nagli on becoming a world-renowned Bug Bounty hunter

‘My best attribute is persistence – technical skills you can learn’: drak3hft7’s Bug Bounty story so far

PimpMyBurp #11 – Master Signed Token Exploits with SignSaboteur

Cyber Resilience Act: compliance countdown set to start for EU law focused on eliminating vulnerabilities

Attack surface discovery: mapping your exposed vectors with continuous threat exposure management (CTEM)

PimpMyBurp #11 – Master Signed Token Exploits with SignSaboteur

Don't wait for threats to strike

Products

Researchers

Resources

Company

Follow us