Posts

  • Throwing 500 vm's at your fuzzing target being an individual security researcher

    Adobe Reader progress

    One year ago I blogged about my many attempts and failures at fuzzing Adobe Reader and finding exploitable security issues.


  • Fuzzing Adobe Reader for exploitable vulns (fun != profit)

    Binaries vs websites

    It has been half a year since my last blog post covering an IDOR in a website API. About time to write about something new and hopefully interesting! Having switched my focus from websites to binaries a new world opened up to me.


  • Taking over every Ad on OLX (automated), an IDOR story

    Public disclosure

    Hi again! Thank you for reading my third blog post. Happy to share all the details with you on the Insecure Direct Object Reference attack (IDOR) as mentioned in my first blog. It has been resolved by OLX and publicly disclosed on HackerOne, meaning it’s time for a write-up!


  • First bounty, time to step up my game

    What happened

    Hello again and thanks for reading my second blog post! After publishing my first blog I kept on trying to hack different companies and websites. Not as easy as I had hoped for! It took me quite some time to find another security issue after the IDOR in my first month. This SOME issue I found is not to be made public, so I won’t be able to mention company details and will have to mask url’s etc.


  • My first month as a full-time bug bounty hunter

    Introduction

    Thank you for taking the time to read my first blog post. My name is Roderick Schaefer, known as kciredor in the exciting world of security bug bounties. I’m new and working hard to get very much involved. By sharing my journey and considerations so far, I’m hoping for more interested people to give it a shot!