gr3pme

gr3pme

HackerNotes Author || Bug Bounty Hunter

[HackerNotes Ep. 127] Drama, PDF as JS Chaos, Bounty Profile Apps, And More

[HackerNotes Ep. 127] Drama, PDF as JS Chaos, Bounty Profile Apps, And More

A new bug bounty newsletter, PDF to JS tricks, OBS Websocket RCE, EchoLeak writeup, new tool drops, bug bounty profile apps and a whole lot more. Check it out below.

gr3pme
gr3pme
[HackerNote Ep.125] How to Win Live Hacking Events

[HackerNote Ep.125] How to Win Live Hacking Events

We've got some fresh research and Justin's guide on on how to succeed at live hacking events. We cover pre-event preparations, challenges of collaboration, on-site strategies, and the importance of maintaining a healthy mindset throughout the entire process.

gr3pme
gr3pme
[HackerNotes Ep. 123] Vulnus Ex Machina - AI Hacking Part 2

[HackerNotes Ep. 123] Vulnus Ex Machina - AI Hacking Part 2

We've got an AI hacking masterclass. We cover mastering Prompt Injection, taxonomy of impact, and both triggering traditional Vulns and exploiting AI-specific features, plus a bunch more below.

gr3pme
gr3pme
[HackerNotes Ep. 121] Slonser's Image Injection 0-day - ATO & New Caido Collab Plugin

[HackerNotes Ep. 121] Slonser's Image Injection 0-day - ATO & New Caido Collab Plugin

A Chrome 0 day allowing IMG injection to query parameter leak, a writeup by Sharon Brizinov that netted 64k in bounties by searching Git repos for secrets, a tool drop featuring Subdomain link launcher & Drop for Caido, MCP Protocol Research, NahamCon and content from Pliny leaking the system Prompt Gemini-2.5-pro With Canvas plus a whole lot more.

gr3pme
gr3pme
[HackerNotes Ep. 118] Hacking Happy Hour: 0days on Tap and SQLi Shots

[HackerNotes Ep. 118] Hacking Happy Hour: 0days on Tap and SQLi Shots

We've got some extra Next.js Middleware payloads for ya, LLM polyglots, fresh research on React Router & Remix, IOT research, MCP Security and some clientside tips. Check it out below.

gr3pme
gr3pme
[HackerNotes Ep.116] Auth Bypasses and Google VRP Writeups

[HackerNotes Ep.116] Auth Bypasses and Google VRP Writeups

We've got Portswigger’s SAML Roulette writeup, as well as some Google VRP reports, and a Next.js middleware exploit.

gr3pme
gr3pme
[HackerNotes Ep.114] Single Page Application Hacking Playbook

[HackerNotes Ep.114] Single Page Application Hacking Playbook

We're diving into Single Page Applications (SPAs) and how to attack them. We also cover a host of news items, including some bug write-ups, AI updates, and a new tool called Hackadvisor.

gr3pme
gr3pme
[HackerNotes Ep.112] Interview with Ciarán Cotter (MonkeHack) Critical Lab Researcher and Full-time Hunter

[HackerNotes Ep.112] Interview with Ciarán Cotter (MonkeHack) Critical Lab Researcher and Full-time Hunter

We've got Monke breaking down some of his cool bug chains, some fresh WebSockets research ideas, a bunch of AI news, prompt injection research and some newsletters. Check it out below.

gr3pme
gr3pme
[HackerNotes Ep.110] Oauth Gadget Correlation and Common Attacks

[HackerNotes Ep.110] Oauth Gadget Correlation and Common Attacks

A DOMPurify 3.2.3 Bypass, Ophion Security Cisco Webex research, a new postMessage Chrome Extension, and a whole lot of OAuth research. Check it out below.

gr3pme
gr3pme
[HackerNotes Ep.108] How to Hack Salesforce, ServiceNow, and Other SaaS Products With Aaron Costello

[HackerNotes Ep.108] How to Hack Salesforce, ServiceNow, and Other SaaS Products With Aaron Costello

Justin and Joseph bring on Aaron Costello to discuss SaaS security and misconfigurations as a bug class. He also gives some in-depth examples on research he's performed on Salesforce, ServiceNow, and Power Pages.

gr3pme
gr3pme