Bug Bounty

This week, I began building my own bug bounty automation tool. This post introduces daneel and talks about how I plan to use daneel to hunt for bugs.

G’day! I’m Jakob, an Application Security consultant from Australia, welcome to my Bug Bounty Blog (BBB). After a long hiatus from bug bounty, I have decided to fire up nikto again and start scanning the web for fun and profit. This blog is all about committing what I’m learning and thinking to paper, and to share it with the world. Why did I stop bug bounty? Good question, thanks for asking....

Something that I have struggled with in the past as a software developer turned penetration tester is the fact that I use two operating systems on a daily basis, and this sometimes causes friction in my workflow. Note: I really don’t intend or want this to be a discussion of the merits of one OS or IDE compared with another. I use the tools that I am familiar and productive with, and it’s totally cool if you use something different....

There were many things to consider, and we may talk about some of those things in the future, but the aspect of penetration testing I want to talk about today is the infrastructure we use to conduct a penetration test. Note: With a few minor exceptions, the same thought process applies for bug bounty hunting. If that’s more your thing, feel free to sed s/penetration testing/bug bounty hunting/g. What do we need from our infrastructure?...