The mindset for finding highs and crits in bug bounty with JR0ch17

📣 Follow JR0ch17 on Twitter: https://x.com/jr0ch17 ✉️ Sign up for the mailing list: https://bbre.dev/nl 📣 Follow me on Twitter: https://bbre.dev/tw Interview with Jasmin “JR0ch17” Landry, a former triager and security manager, now a full-time bug bounty hunter. We discuss bug bounty strategy, mindset, and finding high and critical vulnerabilities. BBRD podcast is also available on most popular podcast platforms: https://open.spotify.com/show/6tLoJ5f...    • Bug Bounty Reports Discussed   https://podcasts.apple.com/us/podcast... Links mentioned in the video: The web application hacker's handbook: https://amzn.to/3GS4t68 Xlif: https://docs.oracle.com/en/cloud/saas... DTD finder: https://github.com/GoSecure/dtd-finder Secondary path traversal blogpost: https://samcurry.net/hacking-starbucks OAuth dirty dancing: https://labs.detectify.com/writeups/a... Cognito doc-driver misconfiguration: https://docs.aws.amazon.com/elasticlo... Timestamps: 00:00 Intro 00:37 The road to becoming the full-time bug bounty hunter 20:06 The change in the mindset that lands a lot of highs and crits recently 23:02 SSRFs 24:33 How to test for SSTI? 28:54 Does SQLi still exist in 2025? 35:09 Where to test for XXEs? 41:33 Secondary path traversals 47:40 GraphQL bugs 51:04 The Chromium bug that still allows to control the referrer policy despite using DOM Purify 53:58 OAuth testing 1:03:41 Automation for a manual hacker