My talk just got accepted to DEF CON main stage!
It's about how VS Code (and forks) extensions can be abused into an insane supply-chain attack. Culminating in 1M+ callbacks and $200k+ in bounties in under 3 months.
If that's your kind of thing, don't miss it :)
See you there!
@Yassineaboukir Hackers saying bug bounty is dying are really underestimating how many apps/infra/exposed shit are out there for us to hit.
Imo we are living in the golden-era of bug bounty right now where we have the most powerful weapon ever against the most unsecure landscape ever.
“Bug bounty is dying” is noise.
Lock in. Make money. Use AI to 10x your output. If it eventually dries up, you’ll have enough capital to start that biz or enough experience to land a job.
Simple as that.