The mindset for finding highs and crits in bug bounty with JR0ch17

Описание: 📣 Follow JR0ch17 on Twitter: https://x.com/jr0ch17
✉️ Sign up for the mailing list: https://bbre.dev/nl
📣 Follow me on Twitter: https://bbre.dev/tw

Interview with Jasmin “JR0ch17” Landry, a former triager and security manager, now a full-time bug bounty hunter. We discuss bug bounty strategy, mindset, and finding high and critical vulnerabilities.

BBRD podcast is also available on most popular podcast platforms:
https://open.spotify.com/show/6tLoJ5f...
   • Bug Bounty Reports Discussed  
https://podcasts.apple.com/us/podcast...

Links mentioned in the video:
The web application hacker's handbook: https://amzn.to/3GS4t68
Xlif: https://docs.oracle.com/en/cloud/saas...
DTD finder: https://github.com/GoSecure/dtd-finder
Secondary path traversal blogpost: https://samcurry.net/hacking-starbucks
OAuth dirty dancing: https://labs.detectify.com/writeups/a...
Cognito doc-driver misconfiguration: https://docs.aws.amazon.com/elasticlo...

Timestamps:

00:00 Intro
00:37 The road to becoming the full-time bug bounty hunter
20:06 The change in the mindset that lands a lot of highs and crits recently
23:02 SSRFs
24:33 How to test for SSTI?
28:54 Does SQLi still exist in 2025?
35:09 Where to test for XXEs?
41:33 Secondary path traversals
47:40 GraphQL bugs
51:04 The Chromium bug that still allows to control the referrer policy despite using DOM Purify
53:58 OAuth testing
1:03:41 Automation for a manual hacker