Michael Blake
@michael1026.bsky.social
Application security engineer / bug bounty
Received my highest every bounty today of $45k.
February 21, 2025 at 2:04 AM
Received my highest every bounty today of $45k.
Reposted by Michael Blake
Exploring the DOMPurify library: Hunting for Misconfigurations mizu.re/post/explori...
Exploring the DOMPurify library: Hunting for Misconfigurations (2/2). Tags:
Exploring the DOMPurify library: Hunting for Misconfigurations (2/2)
mizu.re
February 10, 2025 at 6:49 PM
Exploring the DOMPurify library: Hunting for Misconfigurations mizu.re/post/explori...
Project successful. Found my first bug using an LLM!
My project this week includes Langchain project to analyze javascript files.
I've actually had some pretty good results so far. Having an LLM make decisions in a program's execution is really interesting and useful (when it works).
Though, I have no idea how anyone uses this in production.
I've actually had some pretty good results so far. Having an LLM make decisions in a program's execution is really interesting and useful (when it works).
Though, I have no idea how anyone uses this in production.
January 5, 2025 at 8:50 AM
Project successful. Found my first bug using an LLM!
It's a shame there are no maintained Langchain implementations for Go. Had to switch to Node because of the limitations with the current, unmaintained Go library.
My project this week includes Langchain project to analyze javascript files.
I've actually had some pretty good results so far. Having an LLM make decisions in a program's execution is really interesting and useful (when it works).
Though, I have no idea how anyone uses this in production.
I've actually had some pretty good results so far. Having an LLM make decisions in a program's execution is really interesting and useful (when it works).
Though, I have no idea how anyone uses this in production.
January 4, 2025 at 12:58 AM
It's a shame there are no maintained Langchain implementations for Go. Had to switch to Node because of the limitations with the current, unmaintained Go library.
My project this week includes Langchain project to analyze javascript files.
I've actually had some pretty good results so far. Having an LLM make decisions in a program's execution is really interesting and useful (when it works).
Though, I have no idea how anyone uses this in production.
I've actually had some pretty good results so far. Having an LLM make decisions in a program's execution is really interesting and useful (when it works).
Though, I have no idea how anyone uses this in production.
January 3, 2025 at 7:44 AM
My project this week includes Langchain project to analyze javascript files.
I've actually had some pretty good results so far. Having an LLM make decisions in a program's execution is really interesting and useful (when it works).
Though, I have no idea how anyone uses this in production.
I've actually had some pretty good results so far. Having an LLM make decisions in a program's execution is really interesting and useful (when it works).
Though, I have no idea how anyone uses this in production.
Slow bug bounty year for myself. 2024 stats...
5 lows
4 mediums
9 highs
3 criticals
While my number of submissions was very low, my average bounty was around $11,200, allowing me to only submit a couple bugs a month without feeling too bad.
5 lows
4 mediums
9 highs
3 criticals
While my number of submissions was very low, my average bounty was around $11,200, allowing me to only submit a couple bugs a month without feeling too bad.
December 21, 2024 at 6:37 PM
Slow bug bounty year for myself. 2024 stats...
5 lows
4 mediums
9 highs
3 criticals
While my number of submissions was very low, my average bounty was around $11,200, allowing me to only submit a couple bugs a month without feeling too bad.
5 lows
4 mediums
9 highs
3 criticals
While my number of submissions was very low, my average bounty was around $11,200, allowing me to only submit a couple bugs a month without feeling too bad.
What are US based bug bounty hunters doing full time nowadays? Full time bug bounty? Security engineering? Research?
December 8, 2024 at 3:49 AM
What are US based bug bounty hunters doing full time nowadays? Full time bug bounty? Security engineering? Research?
Reposted by Michael Blake
December 5, 2024 at 4:30 PM
I want a way to change code execution flow of javascript within the browser. I'd love to be able to do this through an extension, but there seem to be too many limitations (i.e. no ability to monitor / modify conditional statements at runtime).
I'd like to avoid a simple match replace. Any ideas?
I'd like to avoid a simple match replace. Any ideas?
December 4, 2024 at 10:13 PM
I want a way to change code execution flow of javascript within the browser. I'd love to be able to do this through an extension, but there seem to be too many limitations (i.e. no ability to monitor / modify conditional statements at runtime).
I'd like to avoid a simple match replace. Any ideas?
I'd like to avoid a simple match replace. Any ideas?
Reposted by Michael Blake
We can now configure what version of messages should be displayed in Proxy History 🥳
November 28, 2024 at 1:37 PM
We can now configure what version of messages should be displayed in Proxy History 🥳
Starting to think of bug severity in terms of "how might this affect shareholder price". At the end of the day, that's all that the companies who determine your bounty amount care about. Your data is already public from other breaches, but those breaches may not be associated to that company (yet).
November 25, 2024 at 1:47 AM
Starting to think of bug severity in terms of "how might this affect shareholder price". At the end of the day, that's all that the companies who determine your bounty amount care about. Your data is already public from other breaches, but those breaches may not be associated to that company (yet).
Post a pic YOU took (no description) to bring some zen to the timeline
November 17, 2024 at 4:15 AM
Post a pic YOU took (no description) to bring some zen to the timeline