Sam Curry
Wide-scope industry research (Automotive, Airlines)

Sam Curry’s blog is essential for hunters looking to approach unconventional targets. His work on the automotive industry and global rewards programs demonstrates how to find vulnerabilities in the interconnected systems of the physical world.
Why Follow This Blog
Sam Curry represents a new generation of security researchers who think beyond traditional web applications. His collaborative approach to large-scale research projects, combined with his willingness to tackle industries that few others touch, produces some of the most impactful vulnerability disclosures in the bug bounty space.
Key Topics Covered
Automotive Security
- Telematics Systems: Exploiting connected car infrastructure
- Mobile Apps: Vulnerabilities in manufacturer companion apps
- API Security: Backend systems controlling vehicle functions
- Fleet Management: Enterprise vehicle management platforms
- Remote Access: Unauthorized vehicle control and tracking
Travel & Hospitality
- Airline Systems: Booking, check-in, and loyalty platform vulnerabilities
- Rewards Programs: Points systems and account takeover vectors
- Travel Aggregators: Third-party booking platform security
- Hotel Systems: Property management and guest services
Enterprise Applications
- SaaS Platforms: Multi-tenant application vulnerabilities
- API Chains: Complex vulnerability chains across services
- Authentication Bypass: Creative SSO and OAuth exploitation
- Data Exposure: Accessing sensitive customer information
Financial Systems
- Payment Processing: Transaction and billing vulnerabilities
- Banking APIs: Financial service integration flaws
- Fintech Platforms: Modern financial application security