gr3pme

gr3pme

HackerNotes Author || Bug Bounty Hunter

[HackerNotes Ep.116] Auth Bypasses and Google VRP Writeups

[HackerNotes Ep.116] Auth Bypasses and Google VRP Writeups

We've got Portswigger’s SAML Roulette writeup, as well as some Google VRP reports, and a Next.js middleware exploit.

gr3pme
gr3pme
[HackerNotes Ep.114] Single Page Application Hacking Playbook

[HackerNotes Ep.114] Single Page Application Hacking Playbook

We're diving into Single Page Applications (SPAs) and how to attack them. We also cover a host of news items, including some bug write-ups, AI updates, and a new tool called Hackadvisor.

gr3pme
gr3pme
[HackerNotes Ep.112] Interview with Ciarán Cotter (MonkeHack) Critical Lab Researcher and Full-time Hunter

[HackerNotes Ep.112] Interview with Ciarán Cotter (MonkeHack) Critical Lab Researcher and Full-time Hunter

We've got Monke breaking down some of his cool bug chains, some fresh WebSockets research ideas, a bunch of AI news, prompt injection research and some newsletters. Check it out below.

gr3pme
gr3pme
[HackerNotes Ep.110] Oauth Gadget Correlation and Common Attacks

[HackerNotes Ep.110] Oauth Gadget Correlation and Common Attacks

A DOMPurify 3.2.3 Bypass, Ophion Security Cisco Webex research, a new postMessage Chrome Extension, and a whole lot of OAuth research. Check it out below.

gr3pme
gr3pme
[HackerNotes Ep.108] How to Hack Salesforce, ServiceNow, and Other SaaS Products With Aaron Costello

[HackerNotes Ep.108] How to Hack Salesforce, ServiceNow, and Other SaaS Products With Aaron Costello

Justin and Joseph bring on Aaron Costello to discuss SaaS security and misconfigurations as a bug class. He also gives some in-depth examples on research he's performed on Salesforce, ServiceNow, and Power Pages.

gr3pme
gr3pme
[HackerNotes Ep.106] Announcing our new Co-Host...

[HackerNotes Ep.106] Announcing our new Co-Host...

We announce our new co-host of the podcast: Joseph Thacker Aka Rez0! We also cover some cool research including doubleclickjacking, character set attacks, SVG XSS, CSPT and a bunch more. Check it out below.

gr3pme
gr3pme
[HackerNotes Ep.104] 2024 Hacker Stats & 2025 Goals

[HackerNotes Ep.104] 2024 Hacker Stats & 2025 Goals

In this HackerNotes, we have two fresh CTBB announcements including the launch of the bug bounty hunters guild and research lab. We also have a Bug Bounty Hunter Worksheet for ya'll to reflect on your 2024 as a hunter, and set some goals up for 2025.

gr3pme
gr3pme
[HackerNotes Ep.102] Building Web Hacking Micro Agents with Jason Haddix

[HackerNotes Ep.102] Building Web Hacking Micro Agents with Jason Haddix

In this HackerNotes, we've got Justin and Jason Haddix diving into AI Micro-Agents for Hacking: From Web Fuzzing to WAF Bypasses, effective prompting tips and a whole lot of LLM content. Check it out below.

gr3pme
gr3pme
[HackerNotes Ep.100] 8 Fav Bugs of 2024, Farewell Joel, Hello Shift - Cursor of Hacking

[HackerNotes Ep.100] 8 Fav Bugs of 2024, Farewell Joel, Hello Shift - Cursor of Hacking

It's the 100th episode! We've got some of the top hunters together to discuss their top bugs of 2024. We've also got a big CTBB pod announcement and a new (game-changer) plugin for Caido; Shift.

gr3pme
gr3pme
[HackerNotes Ep.98] Team 82 Sharon Brizinov - The Live Hacking Polymath

[HackerNotes Ep.98] Team 82 Sharon Brizinov - The Live Hacking Polymath

We've got some cool war stories from Sharon, the differences between HackerOne and Pwn2Own, pwning OT/IoT devices, some high level methodologies and some approaches to more exotic attack surfaces in this HackerNotes.

gr3pme
gr3pme