So I just checked and I did roughly $550k USD in 365 days on 187 bugs. If I wrote this up to some extent what would people want to actually read about?
If you run a bruteforce and notice weird behaviours - like "/admin/" redirecting to / always investigate these.
/admin/
/admin/../admin
//admin/
/Admin/
/admin;/
/Admin;/
/index.php/admin/
/admin/js/*.js
/admin/*brute*.ext
/admin../admin
//anything/admin/
$227K USD in payouts in 24 hours. The big lesson I would share with anyone doing bug bounties is learning to be persistent. I'm willing to spend weeks and months on small attack surfaces when I know it's worth doing.
I’m giving out 40 PentesterLab PRO licenses. I hope you all have a great Christmas. Just comment why you think you should have one and I’ll pick some people. Stay frosty.
I just had a lovely conversation with my Uber driver about belief and where it had taken us in our lives. He gave me a copy of the Quran, really looking forward to reading it.
Shout out to my high school principal that told my dad I was going to end up jail and that I should “get good with my hands” in front of me at 14. I need to call that idiot up and ask if he’s ever had a $50,000 Friday.