Categories
Tech

Running a Successful Bug Bounty Program

I wrote this blog to help organisations better prepare for and run successful bug bounty programs. The blog touches on my personal experiences as a program owner of both good and badly run programs as well as being on the other side of the fence as a bug bounty hunter.

This blog ended up being a lot longer than I thought it would be. I hope it’s a worth-while read especially to those of you who are considering running or already run a bug bounty program. At the very worst it might help you get to sleep at night 🙂

Categories
Tech

SlackPirate – The Slack Enumeration and Extraction Tool

Today I am open-sourcing SlackPirate; a tool I developed over the last couple weeks, designed to enumerate and extract sensitive/interesting/confidential data from a Slack Workspace.

Red teamers can use this during an assessment to extract sensitive information which can significantly contribute to the discovery/recon/enumeration phase of the assessment by analysing data such as credentials, internal system documentation and scripts, links to internal build systems, etc.

Categories
Tech

Creating a Secure Environment for your Cryptocurrency Hardware Wallet

In this brief blog post I will discuss what I believe to be good practices to follow during the set-up and day-to-day usage of a Cryptocurrency hardware wallet; specifically the Ledger Nano S because it’s the one I use. This advice should still be useful for other hardware wallets as they’re all quite similar.

Categories
Tech

My Research on Misconfigured Jenkins Servers

Late last year I decided to see how many misconfigured CI/CD (continuous integration and deployment) installations I could find on the internet. I decided to focus my research on one of the most popular CI/CD applications – Jenkins. This article isn’t an attack on Jenkins in any way shape or form – any piece of software and/or hardware can be configured incorrectly… it just so happens to be that CI/CD servers often host some very sensitive configurations – some of which I will come on to in a bit.

Categories
Tech

JWT Refresh Token Manipulation

This is a quick blog about a bug I found in a private bounty program on Bugcrowd. The reason for me writing about it is to increase awareness around these issues and implementation flaws so that fellow bug bounty hunters/people in Infosec/developers can use the information in this article for the betterment of security.