Skip to content

Sam Curry

Web Application Security Researcher
  • Home
  • Blog
  • Contact

We Hacked Apple for 3 Months: Here’s What We Found

October 7, 2020 samwcyo

Between the period of July 6th to October 6th myself, Brett Buerhaus, Ben Sadeghipour, Samuel Erb, and Tanner Barnes worked…

Continue Reading →

Hacking Starbucks and Accessing Nearly 100 Million Customer Records

June 20, 2020 samwcyo

After a long day of trying and failing to find vulnerabilities on the Verizon Media bug bounty program I decided…

Continue Reading →

Don’t Force Yourself to Become a Bug Bounty Hunter

May 10, 2020 samwcyo

Ever since I was a kid I was never good at doing schoolwork. I had envied everyone that seemed to…

Continue Reading →

Abusing HTTP Path Normalization and Cache Poisoning to steal Rocket League accounts

April 19, 2020 samwcyo

Over the last few years, usage of vulnerability disclosure and bug bounty programs have increased significantly. It is now almost…

Continue Reading →

Filling in the Blanks: Exploiting Null Byte Buffer Overflow for a $40,000 Bounty

November 1, 2019 samwcyo

As a preface, when I originally found this bug I was unfamiliar the class of “null byte buffer overflow” even…

Continue Reading →

Cracking my windshield and earning $10,000 on the Tesla Bug Bounty Program

July 14, 2019 samwcyo Leave a comment

One of the more interesting things I’ve had the opportunity to hack on is the Tesla Model 3. It has…

Continue Reading →

Reading ASP secrets for $17,000

December 16, 2018 samwcyo Leave a comment

One of the more common vulnerabilities on ASP.NET applications is local file disclosure. If you’ve never developed or worked with…

Continue Reading →

The $12,000 Intersection between Clickjacking, XSS, and Denial of Service

July 4, 2018 samwcyo Leave a comment

One of the more challenging tasks in web app pentesting is approaching an application that has limited interaction. It’s very…

Continue Reading →

Filed under: Blog

Hacking a Massive Steam Scamming and Phishing Operation for Fun and Profit

May 8, 2018 samwcyo Leave a comment

When I’m not doing bug bounty or studying for school I’ll often be playing Counter-Strike: Global Offensive or PLAYERUNKNOWN’S BATTLEGROUNDS. Both of…

Continue Reading →

Exploiting Directory Traversal to View Customer Credit Card Information on Yahoo’s Small Business Platform

November 10, 2017 samwcyo Leave a comment

To preface this article I’d like to give a huge shout out to Yahoo’s paranoids and everyone involved in their…

Continue Reading →

Post navigation

Page 1 of 2
1 2 Next →