Bug Bounty

This is the second part of our series on bug bounty etiquette. Part one looks at what you should be doing.  Last month we talked about bug bounty etiquette and how to be a good bug bounty hunter; not in the sense of finding more bugs, but rather in how

This is part one of our two-part series on polite hacking, focusing on what to do. Part two talks about what not to do (link coming soon).  This blog is not about techniques. It’s not about tools to use, how to find the vulnerability, or anything like that. There

In the era of application security, bug bounties have evolved and become mainstream for hackers around the globe. Hackers are constantly looking for new tactics to automate the process of reconnaissance and find different types of vulnerabilities. One of the first steps to hacking a larger scoped program is subdomain

Since joining PD in December, I've been learning a lot about our community and what it takes to be a modern security engineer. One of the biggest lessons I think I've learned is: 🤔To be a great defender, you have to think like an attacker Gone

Introduction In this article we are going to build a fast one-shot recon script to collect the bulk of the information we need to serve as a starting point for our bug bounty testing. This blog post is complementary to the article on building an attack surface monitoring solution. Automation,

Efficient, extensible, flexible, open source vulnerability scanning. Introduction Nuclei is a fast, efficient, and extensible vulnerability scanner. It can scan thousands of hosts in just a few minutes. The Nuclei engine uses YAML-based templates to define the steps required to detect a vulnerability. As an open-source tool we encourage community

Introduction Let's start with this: A DNS takeover is not the same as a subdomain takeover. Subdomain takeovers are old news. Hackers who caught onto them early made busloads of bounties by automating their detection and exploitation. They're still out there, but competition is fierce. Crafty

Introduction As seen in Part 1: Abusing Reverse Proxies: Metadata, open proxies can allow an attacker to access cloud metadata API services. However, even without metadata services available, open proxies can be a boon for an attacker. A primer on open proxy types: * Forward: typical use case is allowing private

Introduction Many cloud service providers offer a "metadata" service on their virtual machines. These services offer sensitive details about the instance and cloud operating environment. Metadata services offer REST APIs to programmatically retrieve this data. Amazon’s AWS service defined the IMDSv1 “standard” on their EC2 instances, and