inspiration videos

Perspective is Everything

Every time I watch space documentaries or look up at the stars at night, or think about things on a universal scale, my troubles melt away. Perspective is a very powerful tool for overcoming the stresses of everyday life.
In this video, I aim to put everything into perspective by pondering the scale of the universe, and the stuff you’re made of.

inspiration videos

Watch This if You Feel Directionless

Everyone feels directionless at some point in their life. Here are some things that have helped me through these phases, and helped me to find direction.

bugbountytip entrepreneurship inspiration videos

An Interview With STÖK: Bug Bounties, Hacking, Content Creation, Veganism and Entrepreneurship

@stokfredrik (STÖK) is an inspirational, motivational hacker, bug bounty hunter, entrepreneur, vegan and content creator. In this interview we chat about mental health, hacking, content creation, sunglasses, haircare, COVID19, veganism and entrepreneurship!

Book Recommendation: Untethered Soul…

Hair maintenance: Razul Clay

STÖK’s manifesto:

Hackers gonna hack.

Creators gonna create.

Good vibes only.

bugbountytip videos

10 Tips For Crushing Bug Bounties in the First 12 Months

10 actionable tips for bug bounty beginners to boost their success in the first 12 months of hacking. Don’t forget to subscribe for more!

entrepreneurship inspiration videos

Casey John Ellis Interview

Casey is an A-Grade distruptor, a successful entrepreneur, a pioneer in crowd-sourced security, the founder and CTO or Bugcrowd, a hacker, musician, family man, and all-round great human. In this interview we chat about his childhood, inspiration, motivation, previous businesses, views on life, productivity hacks, work/life balance, entrepreneurship, cyber security, and the power of surrounding yourself with good people. If you’re curious, I tracked down some of his music on Soundcloud: I’m fairly sure that this is the TV show that he hosted, although I can’t find any videos of him actually hosting – let me know if you can!

inspiration videos

How To Start Doing That Thing

The first step (and the most difficult) to achieving anything that you want is to start. Why is it so hard, and how can we overcome these limiting habits?

In this video I speak about this, and offer some suggestions that have helped me in the past.

bugbountytip tutorials

How to use The perfect host for XSS payloads flies under the radar of many, but it’s pretty common among static-site developers. Personally, I find it to be the best place for hosting my XSS payloads. It’s free, easy, they provide SSL, and you can deploy scripts in (literally) seconds.

Earlier today I made a Tweet about how good Surge is for hosting XSS payloads, and a lot of people seemed to like it.

There were some comments that were asking about how to set it up, so I thought I’d write a blog about it.

Let’s say that you have found a nice little XSS, and you’ve managed to write a nice JavaScript payload to perform a full account takeover (as outlined in my blog, How to Upgrade Your XSS Bugs From Medium to Critical). The problem is, you need somewhere to host the payload. It can’t be over plain HTTP because otherwise you will face mixed-content errors. You can use Ngrok, but that means you need to keep your home computer on until your bug gets triaged which is not ideal. If you post it to Github pages then everyone can see notifications when you add the script, which gives away your PoC and tells the world which host is vulnerable.

I have been searching for the perfect way to do this for a long time, and I’ve finally found it.! This blog post will show you how to set up to deploy your JavaScript payloads in seconds.


  • First you will need to install NodeJS, which you can download here:
  • Run the following command to install the surge CLI tool
npm install --global surge

That’s it, you’ve installed surge.

Deploying Your Payload

Create an empty directory and navigate to it.

mkdir mypayload
cd mypayload

Create your JavaScript payload (or any static website).

echo "alert(1)" > payload.js

Run “surge” to deploy all files in the current directory, which should just be payload.js if you have been following along.


The first time you run surge, it will ask for your email and a password. Once you’ve set that up it won’t ask you again.

The screenshot below shows the whole deployment process.

The surge command usually takes a few seconds. Once it’s done, your payload will be accessible at the subdomain that you specified. In this case, I just used the automatically chosen one, which happened to be So now my JavaScript file is accessible at

I should say that Surge isn’t just for XSS payloads, it is very good at hosting full static sites.

If you enjoyed this, follow me on my socials!