My name is Julien Ahrens (also known as @MrTuxracer), I’m a 33-years full-time bug bounty hunter, exploit developer and freelancer. I’ve founded this blog in 2011 when I started to get interested in Information Security (back then under the name inshell.net), to reflect my very own learning curve and to give back my very personal contribution to the Information Security community.
One really fantastic approach when it comes to legally hacking are bug bounties. I do really like their idea: You are allowed to hack a vendor/website/device, report found security vulnerabilities confidentially to the program owner, and get paid afterwards. While I am still mostly interested in doing application-based bug hunting, I do also work on web application bug bounties on a number of platforms including Bugcrowd and HackerOne - but primarily as part of the amazing Synack Red Team, which is in my opinion the best platform when it comes to efficiency. While I am not allowed to post articles about all vulnerabilities that I have found across these platforms, I do still try to publish as much generic information on vulnerability types as possible.
Another important part of my work has always been (and will always be) the coordination of security vulnerabilities with vendors of all kinds. I think that especially the open source community, which is not backed up by a multi-billion dollar industry, deserves the free contribution of vulnerability information. Whenever possible, I’ll therefore try to follow my disclosure policy.
If you like to contribute something: info [a.t] rcesecurity [d.o.t] com
For an additional level of privacy: PGP-Key.
All data and information provided on this site is for informational purposes only. rcesecurity.com makes no representations as to accuracy, completeness, currentness, suitability, or validity of any information on this site and will not be liable for any errors, omissions, or delays in this information or any losses, injuries, or damages arising from its display or use either directly or indirectly. All information is provided on an as-is basis.