Blog
Notes on continuous monitoring, recon, and attribution.
Practical writing for bug bounty hunters — how to catch fresh scope first, why attribution decides what your stack is worth, and how to run it all without babysitting infrastructure.
Continuous monitoring · 2026-07-08
A one-off scan is a snapshot; program scope changes daily, and the assets that appear in between are where the unclaimed bounties live. How continuous ASM works, why attribution matters, and how to run it without a cron stack that breaks silently.
Read →
AI & MCP · 2026-07-08
The find-scope, add-target, run-scan, triage loop is exactly the kind of work an AI client can drive over the Model Context Protocol. What that looks like in practice, the one-block setup — and an honest line on where AI helps versus where the manual bug-hunting still lives.
Read →
Attribution · 2026-07-08
Most hunters can't say which scan, asset, or day surfaced the bug that got paid. Attribution closes that loop — and it's how you decide, at renewal, which parts of your recon stack are worth keeping and which were quietly carrying you.
Read →
Recon · 2026-07-08
A subdomain takeover is one of the cleanest findings in bug bounty — and it's a timing race. Why it's a monitoring problem rather than a scanning one, what a dangling record looks like, and how to catch takeover candidates the day the window opens.
Read →
Recon · 2026-07-08
New subdomains are the highest-value events in a program's lifecycle: fresh, lightly tested, briefly unclaimed. The DIY subfinder-plus-cron pipeline, why it fails quietly, and the managed alternative — plus a checklist that works either way.
Read →