gr3pme

gr3pme

HackerNotes Author || Bug Bounty Hunter

[HackerNotes Ep. 121] Slonser's Image Injection 0-day - ATO & New Caido Collab Plugin

[HackerNotes Ep. 121] Slonser's Image Injection 0-day - ATO & New Caido Collab Plugin

A Chrome 0 day allowing IMG injection to query parameter leak, a writeup by Sharon Brizinov that netted 64k in bounties by searching Git repos for secrets, a tool drop featuring Subdomain link launcher & Drop for Caido, MCP Protocol Research, NahamCon and content from Pliny leaking the system Prompt Gemini-2.5-pro With Canvas plus a whole lot more.

gr3pme
gr3pme
[HackerNotes Ep. 118] Hacking Happy Hour: 0days on Tap and SQLi Shots

[HackerNotes Ep. 118] Hacking Happy Hour: 0days on Tap and SQLi Shots

We've got some extra Next.js Middleware payloads for ya, LLM polyglots, fresh research on React Router & Remix, IOT research, MCP Security and some clientside tips. Check it out below.

gr3pme
gr3pme
[HackerNotes Ep.116] Auth Bypasses and Google VRP Writeups

[HackerNotes Ep.116] Auth Bypasses and Google VRP Writeups

We've got Portswigger’s SAML Roulette writeup, as well as some Google VRP reports, and a Next.js middleware exploit.

gr3pme
gr3pme
[HackerNotes Ep.114] Single Page Application Hacking Playbook

[HackerNotes Ep.114] Single Page Application Hacking Playbook

We're diving into Single Page Applications (SPAs) and how to attack them. We also cover a host of news items, including some bug write-ups, AI updates, and a new tool called Hackadvisor.

gr3pme
gr3pme
[HackerNotes Ep.112] Interview with Ciarán Cotter (MonkeHack) Critical Lab Researcher and Full-time Hunter

[HackerNotes Ep.112] Interview with Ciarán Cotter (MonkeHack) Critical Lab Researcher and Full-time Hunter

We've got Monke breaking down some of his cool bug chains, some fresh WebSockets research ideas, a bunch of AI news, prompt injection research and some newsletters. Check it out below.

gr3pme
gr3pme
[HackerNotes Ep.110] Oauth Gadget Correlation and Common Attacks

[HackerNotes Ep.110] Oauth Gadget Correlation and Common Attacks

A DOMPurify 3.2.3 Bypass, Ophion Security Cisco Webex research, a new postMessage Chrome Extension, and a whole lot of OAuth research. Check it out below.

gr3pme
gr3pme
[HackerNotes Ep.108] How to Hack Salesforce, ServiceNow, and Other SaaS Products With Aaron Costello

[HackerNotes Ep.108] How to Hack Salesforce, ServiceNow, and Other SaaS Products With Aaron Costello

Justin and Joseph bring on Aaron Costello to discuss SaaS security and misconfigurations as a bug class. He also gives some in-depth examples on research he's performed on Salesforce, ServiceNow, and Power Pages.

gr3pme
gr3pme
[HackerNotes Ep.106] Announcing our new Co-Host...

[HackerNotes Ep.106] Announcing our new Co-Host...

We announce our new co-host of the podcast: Joseph Thacker Aka Rez0! We also cover some cool research including doubleclickjacking, character set attacks, SVG XSS, CSPT and a bunch more. Check it out below.

gr3pme
gr3pme
[HackerNotes Ep.104] 2024 Hacker Stats & 2025 Goals

[HackerNotes Ep.104] 2024 Hacker Stats & 2025 Goals

In this HackerNotes, we have two fresh CTBB announcements including the launch of the bug bounty hunters guild and research lab. We also have a Bug Bounty Hunter Worksheet for ya'll to reflect on your 2024 as a hunter, and set some goals up for 2025.

gr3pme
gr3pme
[HackerNotes Ep.102] Building Web Hacking Micro Agents with Jason Haddix

[HackerNotes Ep.102] Building Web Hacking Micro Agents with Jason Haddix

In this HackerNotes, we've got Justin and Jason Haddix diving into AI Micro-Agents for Hacking: From Web Fuzzing to WAF Bypasses, effective prompting tips and a whole lot of LLM content. Check it out below.

gr3pme
gr3pme