Archive

[HackerNotes Ep. 172] Critical Guide to Code Review

[HackerNotes Ep. 172] Critical Guide to Code Review

In this week's episode we're talking about code review! Here you'll find our full guide to code review with our favourite techniques and methodology, from mapping auth on every route before reading a single handler, to tracing taint flows, sniffing for anomalies and chaining low-severity bugs into crits.

Yujilik ​
Yujilik ​
[HackerNotes Ep. 171] Protobuf XSS, Cookie Case Sensitivity, and Clickjacking Tricks

[HackerNotes Ep. 171] Protobuf XSS, Cookie Case Sensitivity, and Clickjacking Tricks

Solo episode from Justin looking at some recent bugs he found about client side stuff

Aituglo ‎
Aituglo ‎
[HackerNotes Ep. 170] Live From South Korea : AI Exfiltration, SDK Hacking, and the Art of Self-Advocacy

[HackerNotes Ep. 170] Live From South Korea : AI Exfiltration, SDK Hacking, and the Art of Self-Advocacy

New live episode from South Korea to cover the latest LHE by Hackerone and by Google

Aituglo ‎
Aituglo ‎
[HackerNotes Ep. 169] OAuth 2.1, MCP Authorization Security, and the Framework CVEs You Should Know

[HackerNotes Ep. 169] OAuth 2.1, MCP Authorization Security, and the Framework CVEs You Should Know

A practical look at OAuth 2.1 and MCP security pitfalls, from PKCE downgrades and SSRF tricks to token misuse and recent framework CVEs.

Aituglo ‎
Aituglo ‎
[HackerNotes Ep. 168] Client-Side Path Traversals Across Every Framework, with XSSDoctor

[HackerNotes Ep. 168] Client-Side Path Traversals Across Every Framework, with XSSDoctor

We dig CSPT across different frameworks with xssdoctor, discovering a nice bug in react router

Aituglo ‎
Aituglo ‎
[HackerNotes Ep. 167] Acquisition Hunting, Supply Chain Bugs & Research Theft with krevetk0

[HackerNotes Ep. 167] Acquisition Hunting, Supply Chain Bugs & Research Theft with krevetk0

Today, a new episode about research theft with krevetk0

Aituglo ‎
Aituglo ‎
[HackerNotes Ep. 166] Claude Code Skills for Bug Bounty: When, Why, and How to Build Them

[HackerNotes Ep. 166] Claude Code Skills for Bug Bounty: When, Why, and How to Build Them

Exploring how Rez0 use Claude code to hunt and how to properly set it up

Aituglo ‎
Aituglo ‎
[HackerNotes Ep. 165] Protobuf Hacking, AI-Powered Bug Hunting, and Self-Improving Claude Workflows

[HackerNotes Ep. 165] Protobuf Hacking, AI-Powered Bug Hunting, and Self-Improving Claude Workflows

Today, we are digging some protobuf stuff, and also talking about the current debate about AI finding bugs and how to use it properly

Aituglo ‎
Aituglo ‎
[HackerNotes Ep. 164] Tommy DeVoss: From Black Hat to Bug Bounty LEGEND

[HackerNotes Ep. 164] Tommy DeVoss: From Black Hat to Bug Bounty LEGEND

Justin sits down with Tommy DeVoss to talk about his origin story, Yahoo bugs, and how Tommy first got Justin into Bug Bounty

Aituglo ‎
Aituglo ‎
[HackerNotes Ep. 163] PortSwigger Top 10 Web Hacking Techniques of 2025

[HackerNotes Ep. 163] PortSwigger Top 10 Web Hacking Techniques of 2025

We are covering all the techniques from the top 10 by PortSwigger in 2025

Aituglo ‎
Aituglo ‎
[HackerNotes Ep. 162] HackerOne Training AI on Bug Bounty Data ?

[HackerNotes Ep. 162] HackerOne Training AI on Bug Bounty Data ?

We received the CTO of Hackerone to discuss the recent events about AI being fed by our Bug Bounty reports

Aituglo ‎
Aituglo ‎
[HackerNotes Ep. 161] AI workflows, CSRF despite XFO, and DTMF exfil

[HackerNotes Ep. 161] AI workflows, CSRF despite XFO, and DTMF exfil

YesWeHack yearly report, AI writeups and some interesting

Aituglo ‎
Aituglo ‎
FirstBack
12345678
Next Last