Shpend Kurtishaj

Shpend has been a bug hunter on the Bugcrowd platform himself ranked 13th before "switching sides" and joining the validation services 2 years ago. He now leads the Application Security Engineer (ASE) team at Bugcrowd and in his spare time, likes to read, hack stuff and play video games.
Recent Posts
XSS Polyglots – The Context Contest

That title is in fact a tongue twister, but it helps to describe this post, which will take a look at XSS polyglot payloads. For the newcomers: dafuq is a polyglot? Now since you’re done with reading the first paragraph of that article, let’s dive into XSS vectors with the motto “One payload to rule

By Bug Hunter Methodology
Discovering Subdomains

When coming across a * scope, it’s always a good idea to seek the road less travelled. Exotic and forgotten applications running on strangely named subdomains will quickly lead to uncovering critical vulnerabilities and often high payouts. Discovering such subdomains is a critical skill for today’s bug hunter and choosing the right techniques and tools is

By Bug Hunter Methodology