Bug Bounty Reports Explained

19/08/2025

Had the pleasure of sharing my love for OAuth at the NTHW Meetup in Kraków. I hope everyone who joined enjoyed it as much as I did, and a big thanks to the organizers for the invitation.

10/06/2025

In today’s episode, Arthur Aires shares his bug bounty methodology which starts with heavy fuzzing and automation to find the best assets for manual exploitation and escalation. Enjoy!🔥

📣 Follow Arthur on Twitter: https://x.com/arthurair_es📧 Check out Case Studies: https://bbre.dev/cs✉️ Sign up for the newsletter: https://bbre.dev/nl📣 Fol...

28/05/2025

In this video, Arthur Aires walks us through two real-world deserialization RCEs that include bypassing a class allowlist and then exfiltrating data via DNS.
Techniques you'll want in your toolbox. Enjoy!

📣 Follow Arthur on Twitter: https://x.com/arthurair_es📧 Check out Case Studies: https://bbre.dev/cs✉️ Sign up for the newsletter: https://bbre.dev/nl📣 Fol...

14/05/2025

In this episode, Jasmin “JR0ch17” Landry breaks down how he consistently lands highs and crits - from SSRFs to less common bugs like XXEs and SQLis. Enjoy🔥

📣 Follow JR0ch17 on Twitter: https://x.com/jr0ch17✉️ Sign up for the mailing list: https://bbre.dev/nl📣 Follow me on Twitter: https://bbre.dev/twInterview ...

28/04/2025

New video out with Jasmin “JR0ch17” Landry!
We break down an SSRF bypass against a validation pattern you’ll definitely see again — and show how to land critical without cloud metadata. Enjoy🔥

📣 Follow Jasmin on Twitter: https://x.com/jr0ch17✉️ Sign up for the mailing list: https://bbre.dev/nl📣 Follow me on Twitter: https://bbre.dev/twIn this vid...

06/03/2025

Our journey in the 2024 Ambassador World Cup comes to an end in the quarterfinals🥲 It was a great experience, and I truly enjoyed meeting so many of you in Prague! Good luck to everyone still in the game

21/01/2025

Three years ago, Johan Carlsson was just starting out with bug bounty. Today, he’s GitLab’s TOP1, has bugs on Google and Apple programs, and a reputation as one of the best client-side hackers. Check out our interview🔥

📧 Subscribe to BBRE Premium: https://bbre.dev/premium✉️ Sign up for the mailing list: https://bbre.dev/nl📣 Follow me on Twitter: https://bbre.dev/twFollow ...

08/01/2025

SSRFs can be tough to make critical without cloud metadata, especially against a target like GitLab that strengthens its infra with every SSRF. Yet Johan Carlsson broke through, earning the first critical SSRF on GitLab since 2020. Enjoy our explanation from Sweden! 🇸🇪

This is a video about Copy of ssrf writeup00:00 Copy of ssrf writeup

23/12/2024

Attending a live hacking event is already an accomplishment. My guest, Victor “doomerhunter” Poucheret, not only attended but also ranked in the top 10 at every event and won awards like most impactful team or got the Show&Tell recognitions. In this interview, we'll uncover the secrets behind his success. 🔥

📧 Subscribe to BBRE Premium: https://bbre.dev/premium✉️ Sign up for the mailing list: https://bbre.dev/nl📣 Follow me on Twitter: https://bbre.dev/tw📣 Foll...

06/11/2024

If you’ve ever felt stuck in your web security journey, this episode is for you! Louis from PentesterLab, who’s been teaching others for over 13 years through his platform and talks, shares his insights on effectively learning. Enjoy🔥

📧 Subscribe to BBRE Premium: https://bbre.dev/premium✉️ Sign up for the mailing list: https://bbre.dev/nl📣 Follow Louis on Twitter: https://x.com/snyff📣 F...