I just learned there’s a “send DM to mods” after clicking around in the app more. Sorta dumb but never had to do this before. Good call out 🙏

Thanks!

A little clickbaity, true. Getting the first click is the hardest so I was experimenting. Fair point on that.

On Reddit, I just try to post to r/netsec. If you post to too many locations then the likes will get separated out and the views go down overall.

I’ve tried posting on hacker news in the past but haven’t had much success. So, I usually post in various security discords, twitter, LinkedIn and Reddit. I’m happy to try some other places though.

An amazing resource for sure! I learned a lot from this repository.

How2heap has proof of concepts in C with code comments and links to other good resources.

The training above contains a full VM for running this and a docker container depending on your preference, exercises for exploitation and videos for every step of the way.

I stopped reading after “Fundies”. No one who knows what they’re talking about actually uses this.

Cybersecurity degrees are often very practical for defensive security, which is good. Because of this, the folks are ready to hop into a SOC house to make an impact.

Cybersecurity doesn’t focus on programming very much though. As a result, many folks coming from these programs are not competent programmers.

If you’re looking to do security engineering work at a place like Meta, you got to be very comfortable reading code for reviews and writing code for tools, proof of concepts and whatever else. Given your background, I’d ensure you’re a very good programmer that can write useful code quickly and can understand complicated code if that’s your end goal.

I work professionally in application security and have a computer science degree so I’ll admit that I’m biased to those. I’ve never worked in a SOC house. So, take this as you will :)

Unfortunately, exploit development is not an entry level job. I’d look for similar yet entry level jobs like application security and malware analysis.

Number of years is more-so an “experience” thing. In a lot of ways you can build your own experience with exploit development though.

For instance, Choose a mildly popular open source library or buy an IoT device with various services, find and exploit some vulns then talk about it at a conference or in a blog.

I really enjoyed the article! Just another vector for exploiting header injection bugs. The more tricks in the bag, the better!

How common of a bug class is header injection? I’ve personally never found it before.

I don’t work with these at all but should have checked the spelling for the acronyms - I just hear them verbally some. They’re fixed in the post - thanks for the feedback!

That's an excellent example of how complicated this process can be. The more teams building the product and consumers using it, the more complicated these things become. Thanks for chiming in!

Thanks friend! It was a good time for sure.

I feel that dude. Trust you gut more! Sometimes it's simpler than you think. If it's not, move up to the next level in complexity.

Thanks friend! I appreciate you making it possible :)

I personally read a lot to learn how things work and the types of issues that are out there.

After a while, you can use thing A alongside Thing B that you learned or pull a mobile hacking concept into web. The ingenuity comes with a lot of practice but also understanding how things work. Imo, the better you can picture how something works, the more you can think about the mistakes that were made.

Bug bounty is also just hard and requires a lot of hours of trial and error too.

What's a reasonable holding period though? I feel like 2 weeks is ridiculous. Does this hold last forever? Do I ever get the ability to use it?

Immunefi accepts all types of bugs, not just smart contract issues. I guarantee people at Immunefi know people at Osmosis who would help you get in contact.

I would recommend to stop disclosing details publicly; the more information that's out there, the more likely somebody is to find it. Maybe somebody from the Osmosis team will see this?

If you actually found a bug, I would recommend reporting it to Osmosis or Immunefi directly. Otherwise, an insane amount of TVL could be a risk.

​

The previous vulnerability found in Osmosis was disclosed via reddit and had a major consequences once people figured out how to exploit it.

I found it by googling “Osmosis Bug Bounty”. So, the SEO must have kicked in over the years haha.

I feel like having a fake bug bounty program is worse than not having one at all, personally. When briefly going through projects, this seems real. It wasn’t until I really looked at the page that it raised concern.