Bug hunting, for fun and profit. My slightly but not so technical how to guide for anyone.

This article reflects not only how I like to do bug bounty programs, but also how I approach most of my normal penetration tests, red teams or web security assessments. It works well for me and many clients I’ve served have been helped by it. It might very well be not your exact style. I try to show here the […]

Practical advice on time management and where to focus on when you want to kick ass at any course and study!

One of the topics that came along during my call for subjects was that of preparations for courses, especially the time management part when having a full time job or being a student.  I understand where this comes from, I’ve had similar doubts in the past myself. Many courses seem massively large and look like an unclimbable mountain or […]

Radical Red Teaming, adding value to your company’s resilience

On a day to day basis I get asked why companies should care more about red teams. Often within the same sentence it is stated that a standard penetration test is sufficient and that other forms of offensive security assessments aren’t needed “because everything is covered already” or “else it might break” One thing I’ve […]

Why a Hacker isn’t an Application Tester

This is a story that i have to tell; it’s impossible to ignore. I spend a couple of days of my time talking to one of the largest companies in the world… They have been looking for ethical hackers / security consultants or whatever you want to call it, so  I was introduced by a head hunter […]

How to get inside a company Data Center…

Today I arrived early for my meeting so I was able to sit at the lobby listening to conversations taking place between security-reception and the employees/guests of the company. After a couple of minutes a maintenance guy approached the reception and told them that he was checking all the fire extinguishers in the building and […]

Is everybody scared? Or is it something else?

After a wonderful talk to some high-end tech guys from a large company, I suddenly realized it. Application Maintainers; programmers and to some extend system administrators are most of all scared by the thought of security and breaches of them. The hacker mindset is one that is special; and potentially dangerous for companies to hire. […]