gr3pme

[HackerNotes Ep.131] SL Cyber Writeups, Metastrategy & Orphaned Github Commits

[HackerNotes EP.129] Is this how Bug Bounty Ends

The future of hunting, hackbots and Rez0's blog, 'This Is How They Tell Me Bug Bounty Ends.

[HackerNotes Ep. 127] Drama, PDF as JS Chaos, Bounty Profile Apps, And More

A new bug bounty newsletter, PDF to JS tricks, OBS Websocket RCE, EchoLeak writeup, new tool drops, bug bounty profile apps and a whole lot more. Check it out below.

[HackerNote Ep.125] How to Win Live Hacking Events

We've got some fresh research and Justin's guide on on how to succeed at live hacking events. We cover pre-event preparations, challenges of collaboration, on-site strategies, and the importance of maintaining a healthy mindset throughout the entire process.

[HackerNotes Ep. 123] Vulnus Ex Machina - AI Hacking Part 2

We've got an AI hacking masterclass. We cover mastering Prompt Injection, taxonomy of impact, and both triggering traditional Vulns and exploiting AI-specific features, plus a bunch more below.

[HackerNotes Ep. 121] Slonser's Image Injection 0-day - ATO & New Caido Collab Plugin

A Chrome 0 day allowing IMG injection to query parameter leak, a writeup by Sharon Brizinov that netted 64k in bounties by searching Git repos for secrets, a tool drop featuring Subdomain link launcher & Drop for Caido, MCP Protocol Research, NahamCon and content from Pliny leaking the system Prompt Gemini-2.5-pro With Canvas plus a whole lot more.

[HackerNotes Ep. 118] Hacking Happy Hour: 0days on Tap and SQLi Shots

We've got some extra Next.js Middleware payloads for ya, LLM polyglots, fresh research on React Router & Remix, IOT research, MCP Security and some clientside tips. Check it out below.

[HackerNotes Ep.116] Auth Bypasses and Google VRP Writeups

We've got Portswigger’s SAML Roulette writeup, as well as some Google VRP reports, and a Next.js middleware exploit.

[HackerNotes Ep.114] Single Page Application Hacking Playbook

We're diving into Single Page Applications (SPAs) and how to attack them. We also cover a host of news items, including some bug write-ups, AI updates, and a new tool called Hackadvisor.

[HackerNotes Ep.112] Interview with Ciarán Cotter (MonkeHack) Critical Lab Researcher and Full-time Hunter

We've got Monke breaking down some of his cool bug chains, some fresh WebSockets research ideas, a bunch of AI news, prompt injection research and some newsletters. Check it out below.