|
David Schütz
@
xdavidhu
Hungary
|
|
bug hunter, focusing on Google VRP
|
|
|
1.359
Tweetovi
|
179
Pratim
|
1.874
Osobe koje vas prate
|
| Tweetovi |
|
David Schütz
@xdavidhu
|
30. sij |
|
Thank you, I added it!
|
||
|
|
||
|
David Schütz
@xdavidhu
|
29. sij |
|
Yes, but the video was made by LiveOverflow and he credits him in the video.
|
||
|
|
||
|
David Schütz
@xdavidhu
|
29. sij |
|
Thank you! I just added this.
|
||
|
|
||
|
David Schütz
@xdavidhu
|
28. sij |
|
Yes, thank you, I also had that idea but surprisingly few blog posts say the amount & I figured I would try to shift it a bit from the money to the actual vulnerabilities. Otherwise people wouldn't read the ones that only got a small bounty. 😕
|
||
|
|
||
|
David Schütz
@xdavidhu
|
28. sij |
|
I always had a hard time finding @GoogleVRP writeups beacuse they were all over the place in different blog posts, so I made this. If you know of something that is not in there, you are more than welcome to contribute! 🎉
#BugBonty #infosec #GoogleVRP
github.com/xdavidhu/aweso…
|
||
|
|
||
|
David Schütz
@xdavidhu
|
19. sij |
|
I planned to disclose my #GoogleVRP bugs first in talks (only ~october) and after that in blog posts. This would delay the blog posts.
I'd like to share the bugs as soon as I can but I also feel like talks should be first since they deserve some "exclusivity". What do you think?
|
||
|
|
||
| David Schütz proslijedio/la je tweet | ||
|
Tomi
@tomitokics
|
18. sij |
|
36C3 Vlog | Meeting with iOS hackers/Jailbreakers
youtu.be/HsV4EVbdy0w via @YouTube
|
||
|
|
||
| David Schütz proslijedio/la je tweet | ||
|
BSidesBUD 🇭🇺
@bsidesbud
|
16. sij |
|
Dávid Schütz talked about OWASP Top 10 From a Bug Bounty Hunter's Perspective at #BSidesBUD2019. Check out his presentation below: youtu.be/4ww9o7-z924
|
||
|
|
||
|
David Schütz
@xdavidhu
|
10. sij |
|
Nooo :( I still remember when I won a sticker pack from you on the LevelUp live! 😥
Thank you for supporting me and the community! Hope you will find something new very soon!
|
||
|
|
||
|
David Schütz
@xdavidhu
|
10. sij |
|
Are there only 3 priorities? How is that calculated? P3-P4 Low, P2 Moderate, P1-P0 Critical?
|
||
|
|
||
|
David Schütz
@xdavidhu
|
10. sij |
|
Upon turning my stats on, I do understand how it could look bad. Maybe changing this to the number of Accepted or rewarded reports would be better? pic.twitter.com/OwrYe0A0pi
|
||
|
|
||
|
David Schütz
@xdavidhu
|
10. sij |
|
Good morning, its 5:23 and I feel like a productivity Youtuber.
|
||
|
|
||
|
David Schütz
@xdavidhu
|
9. sij |
|
*average 2 hours / day / week. thats what I'm trying to get in school time ususally
|
||
|
|
||
|
David Schütz
@xdavidhu
|
9. sij |
|
yesterday after my tweet yt recommended me this video. Acctually this convinced me enough to try this since I would rather do bounty first and be tired at school than the other way around. 5 AM would also allow me to get an average 2 hours / week work time
well, see you at 5 am pic.twitter.com/hyFIy4Gp3e
|
||
|
|
||
|
David Schütz
@xdavidhu
|
8. sij |
|
Also the fact that school started again and I'm shit tired when I finally get home & start doing bug bounty doesn't really help.
Got used to the christmas break pretty quickly.
|
||
|
|
||
|
David Schütz
@xdavidhu
|
8. sij |
|
Now again, I'm back to the part I cant yet figure out.
After finding & reporting a bug, I have no idea what to test next and just do/try random stuff until I find something interesting. This feels totally useless and unproductive even though I know it is not..
|
||
|
|
||
|
David Schütz
@xdavidhu
|
8. sij |
|
Oh, I totally missed that there is a "Show stats" option. Now it works.
|
||
|
|
||
|
David Schütz
@xdavidhu
|
7. sij |
|
I think I would like those stats that are now on the profiles. Why did they get replaced to emojis?
|
||
|
|
||
|
David Schütz
@xdavidhu
|
6. sij |
|
Thank you!
Of course, I 100% want to disclose the bugs, actually this was one of the reasons why I started hunting on Google, that here I can share the bugs I find, not like on the other programs I've been doing before.
|
||
|
|
||
|
David Schütz
@xdavidhu
|
6. sij |
|
I am planning to do so, as soon as everything is fully fixed. Btw, how does the disclosure process work? Do I have to request disclosure after something is fixed?
|
||
|
|
||