About me, myself and I.
My name is Julien Ahrens (also known as @MrTuxracer), I’m a 31-years exploit developer, bug bounty hunter and finally freelancer. I’ve founded this blog in 2011 when I started to get interested in Information Security (back then under the name inshell.net), to reflect my very own learning curve and to give back my very personal contribution to the Information Security community.
While I was discovering a lot of security vulnerabilities during that time, and therefore got into contact with a lot of different vendors, where some of them offered me paid contracts, I finally decided to give that personal blog a new face by also offering professional penetration testing and vulnerability intelligence services. This was the birth of “RCE Security”. However, I never wanted to change the whole concept of this blog from a tutorial/howto style and convert it into a static corporate page, because I do believe that the whole InfoSec community is based on knowledge like this and also gets stronger because of blogs like this. So don’t expect that 😉
About Bug Bounties!
One really fantastic approach when it comes to legally hacking systems are bug bounties. I do really like their idea: You are allowed to hack a vendor/website/device, report found security vulnerabilities confidentially to the program owner, and get paid afterwards. While I am still mostly interested in doing application-based bug hunting, I do also work on web application bug bounties on a number of platforms including Bugcrowd and HackerOne – but primarily as part of the amazing Synack Red Team, which is in my opinion the best platform when it comes to efficiency. While I am not allowed to post articles about all vulnerabilities that I have found across these platforms, I do still try to publish as much generic information on vulnerability types as possible – these are tagged accordingly.
Another important part of my work has always been (and will always be) the coordination of security vulnerabilities with vendors of all kinds. I think that especially the open source community, which is not backed up by a multi-billion dollar industry, deserves the free contribution of vulnerability information. Whenever possible, I’ll therefore try to follow my disclosure policy.
If you like to contribute something: info [a.t] rcesecurity [d.o.t] com
For an additional level of privacy: GPG-Key.
All data and information provided on this site is for informational purposes only. rcesecurity.com makes no representations as to accuracy, completeness, currentness, suitability, or validity of any information on this site and will not be liable for any errors, omissions, or delays in this information or any losses, injuries, or damages arising from its display or use either directly or indirectly. All information is provided on an as-is basis.