Posts
-
Throwing 500 vm's at your fuzzing target being an individual security researcher
Adobe Reader progress
One year ago I blogged about my many attempts and failures at fuzzing Adobe Reader and finding exploitable security issues.
-
Fuzzing Adobe Reader for exploitable vulns (fun != profit)
Binaries vs websites
It has been half a year since my last blog post covering an IDOR in a website API. About time to write about something new and hopefully interesting! Having switched my focus from websites to binaries a new world opened up to me.
-
Taking over every Ad on OLX (automated), an IDOR story
Public disclosure
Hi again! Thank you for reading my third blog post. Happy to share all the details with you on the Insecure Direct Object Reference attack (IDOR) as mentioned in my first blog. It has been resolved by OLX and publicly disclosed on HackerOne, meaning it’s time for a write-up!
-
First bounty, time to step up my game
What happened
Hello again and thanks for reading my second blog post! After publishing my first blog I kept on trying to hack different companies and websites. Not as easy as I had hoped for! It took me quite some time to find another security issue after the IDOR in my first month. This SOME issue I found is not to be made public, so I won’t be able to mention company details and will have to mask url’s etc.
-
My first month as a full-time bug bounty hunter
Introduction
Thank you for taking the time to read my first blog post. My name is Roderick Schaefer, known as kciredor in the exciting world of security bug bounties. I’m new and working hard to get very much involved. By sharing my journey and considerations so far, I’m hoping for more interested people to give it a shot!