BugBountyHunter.com opened early November 2020 and the amount of growth we have seen in members has been phenomenal! Members have been using BARKER to build confidence with testing web applications and leaving no stone unturned, with the end goal to apply this mindset on bug bounty programs..


We’re finally happy to announce we have re-opened membership on BugBountyHunter.com and we’re ready to welcome new members.

https://www.bugbountyhunter.com/

However please note, we actually did plan on re-opening a little later but with the amount of people wanting to join we prioritised re-opening. …


Artwork by https://www.instagram.com/laracallejaillustrations/

Greetings!

In this post I plan to outline some changes I’ve made to bugbountyhunter since launch and future plans for the platform. At the time of writing we are not currently accepting new members (we’re training over 700+ members currently!) however after our next major upgrade we will begin to…


Hi there!

What a year it’s been right?! Let’s not mention the C word… it’s lockdown in 2hours here in the UK. Yay. Although, I do hope you are all well & safe! We will get through this ❤ Carrying on.. …


This is another bug that was right in front of everyone because if you didn’t purposely look for it you’d never realise personal information was being ‘secretly’ leaked.

How does this feature work..?

When testing on [redacted] I noticed this piece of text:

Checking this box allows us to share your address with the list…


Sometimes new features designed to generate revenue for a company can be rushed and sometimes not enough thought has gone into how to securely implement this new feature into the main web app. What does that usually mean? Bugs! The bigger the company the more products planned on the road…


Do any of you use Intruder when checking out subdomains? For me personally I use a tool called “XAMPP” which lets me run PHP locally combined with intruder. From here I then create a simple redirect script inside index.php, <?php $url=$_GET[‘url’]; header(“Location: “.$url); ?>. Next I modify my /etc/hosts/ file…


This post is going to outline how I simply applied my methodology and managed to find multiple vulnerabilities leaking airline passenger information on a YesWeHack bug bounty program. My experience on YesWeHack has been extremely good as the companies engage & communicate with you on reports to understand the issue…


Hi there!

I sadly bring you some sad news and that is after a lot of thought I have decided to shutdown BugBountyNotes. The good news is I plan on recreating something & the majority of content on BBN will still be available on my new platform but one important…


I’ve secured a venue, i’ve created the content and now i’m waiting to bring hackers together for the first ever “So you wanna bughunt” training event hosted by me, zseano, located in Cambridge (United Kingdom). I started mentoring via YouTube only a few months ago but i’ve been training people…

Sean (zseano)

UK WebApp Security Researcher. Creator of BugBountyHunter— designed to help people learn and get involved with hacking. zseano.com & bugbountyhunter.com

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store