Anton Subbotin (skavans)

1K Followers

How I stopped hunting on HackerOne after years because they stole my $50k. And so should you.

You may have heard about Belarusian security researcher xnwup and the story of blocking his $25k on HackerOne. It was pretty resonant at…

Jun 25, 2022

How I stopped hunting on HackerOne after years because they stole my $50k. And so should you.

Jun 25, 2022

Bug Bounty: My Work Schedule

According to the 2020 H1 report:

Feb 25, 2022

Feb 25, 2022

Bug Bounty: Do You Need To Be A Programmer?

Disclaimer: we are talking about the research of web applications only.

Feb 23, 2022

Published in
System Weakness

What an injection into jQuery-selector can lead to

I somehow came across a page with something like a user survey (the program is private, so I will speak abstractly).

Feb 21, 2022

I’ve made over $588k on Bug Bounty so far

How much one can earn on Bug Bounty?

Feb 18, 2022

I’ve made over $588k on Bug Bounty so far

Feb 18, 2022

Bug Bounty: Should You Go Full-Time?

In the comments, I was asked what turned out to be more profitable in terms of money as a result — my previous job as a developer or…

Feb 17, 2022

How Did I Start Doing Bug Bounty?

Since school, I have been reading Hacker (the Russian offensive security magazine) when I had the opportunity to buy it (then it was still…

Feb 15, 2022

Feb 15, 2022

Bug Bounty: Low Hanging Fruit

Low-hanging fruit are bugs that are very easy to find. I would divide them into 2 more types.

Feb 15, 2022

Feb 15, 2022

Неочевидное об XSS и HTML-энкодинге

Многие знают о том, что перед тем, как получить значение атрибута тега, браузер декодирует HTML-сущности внутри. Скажем, если попытаться…

Feb 15, 2022

Feb 15, 2022

The Unobvious About XSS and HTML Encoding

Many people know that before getting the value of a tag attribute, the browser decodes the HTML entities inside. Let’s say if you try to…

Feb 14, 2022

The Unobvious About XSS and HTML Encoding

Feb 14, 2022

Improving the impact of a mouse-related XSS with styling and CSS-gadgets

I will write more about how I make PoCs in the future. But with special care, I work out scenarios for vulnerabilities that need user…

Feb 12, 2022

Improving the impact of a mouse-related XSS with styling and CSS-gadgets

Feb 12, 2022

Bug Bounty: My First Five Figure Payout

This is the post from my Telegram channel about Bug Bounty, where I share my experience and knowledge as well as just write about being…

Feb 12, 2022

How I stopped hunting on HackerOne after years because they stole my $50k. And so should you.

You may have heard about Belarusian security researcher xnwup and the story of blocking his $25k on HackerOne. It was pretty resonant at…

Bug Bounty: My Work Schedule

According to the 2020 H1 report:

Bug Bounty: Do You Need To Be A Programmer?

Disclaimer: we are talking about the research of web applications only.

What an injection into jQuery-selector can lead to

​I somehow came across a page with something like a user survey (the program is private, so I will speak abstractly).

I’ve made over $588k on Bug Bounty so far

How much one can earn on Bug Bounty?

Bug Bounty: Should You Go Full-Time?

In the comments, I was asked what turned out to be more profitable in terms of money as a result — my previous job as a developer or…

​​How Did I Start Doing Bug Bounty?

Since school, I have been reading Hacker (the Russian offensive security magazine) when I had the opportunity to buy it (then it was still…

Bug Bounty: Low Hanging Fruit

Low-hanging fruit are bugs that are very easy to find. I would divide them into 2 more types.

Неочевидное об XSS и HTML-энкодинге

Многие знают о том, что перед тем, как получить значение атрибута тега, браузер декодирует HTML-сущности внутри. Скажем, если попытаться…

The Unobvious About XSS and HTML Encoding

Many people know that before getting the value of a tag attribute, the browser decodes the HTML entities inside. Let’s say if you try to…

Improving the impact of a mouse-related XSS with styling and CSS-gadgets

I will write more about how I make PoCs in the future. But with special care, I work out scenarios for vulnerabilities that need user…

Bug Bounty: My First Five Figure Payout

This is the post from my Telegram channel about Bug Bounty, where I share my experience and knowledge as well as just write about being…

Anton Subbotin (skavans)

I somehow came across a page with something like a user survey (the program is private, so I will speak abstractly).

How Did I Start Doing Bug Bounty?