How to become an XSS expert with renniepak

✉️ Sign up for the mailing list: https://bbre.dev/nl
📣 Follow renniepak on Bluesky: http://bsky.app/profile/renniepak.nl
📣 Follow me on Twitter: https://bbre.dev/tw

This video is an interview with René de Sain, known as renniepak. We talk about XSS, CSP bypasses, privilege escalation, speeding up the workflow with tricks like JS bookmarks and we discuss if there's such thing as bug bounty methodology.


BBRD podcast is also available on most popular podcast platforms:
https://open.spotify.com/show/6tLoJ5foOoZPPELwrHPBO4
https://music.youtube.com/playlist?list=PLvxs_epf2X91Dn3pWeRxPQSV6SWvWqDE3
https://podcasts.apple.com/us/podcast/bug-bounty-reports-discussed/id1583400215?uo=4

Links mentioned in the video:
https://www.linkedin.com/posts/rene-de-sain_cybersecurity-hacking-bugbounty-activity-7064205011278295041-zbXg
https://github.com/fransr/postMessage-tracker
https://portswigger.net/burp/documentation/desktop/tools/dom-invader
https://youtu.be/kfZoWdKYfYg?si=8gvby1F-LNFSzr53
https://gist.github.com/renniepak/e7afcd7e727e1a0c481d955ba10441a9
https://youtu.be/ziP4cx_cbg8?si=8mXHLPUz-sPtQ7rO
https://github.com/nikitastupin/clairvoyance
https://developer.chrome.com/docs/devtools/javascript/breakpoints
https://www.linkedin.com/company/hackerhideout/posts/

Timestamps:

00:00 Intro
00:49 How did Rene get into bug bounty and became a full-time hunter?
11:41 How to find all the XSS bugs?
32:03 Hacking Browser Extensions and Web3
38:18 Finding Access Control Bugs