© 2023 Hashnode
#bugbounty
On a lazy Saturday afternoon, I was lying on my hostel bed when I stumbled upon a tweet that motivated me to file a bug report for Android. To my surprise, this random act ended up making me $500! It'…
Introduction In this blog post, I will walk you through the discovery of a critical vulnerability in redacted.com. This vulnerability allowed me to take over any user's account by exploiting a subdoma…
Reconnaissance: It's a method for gathering or collecting information about a system. In the context of cybersecurity reconnaissance, it's the method of gathering and collecting the information of the…
Today, I want to show you how I discovered a web cache deception during a local event as a new hunter. Let's get started. Cache As you know we have several caches in web applications, Browser Cache …
Alchemist is a web3 community who developed the notable Fjord Foundry platform and a DeFi ecosystem composed of at least: Alchemist ERC20 - token $MIST Aludel - staking/rewards program Crucible - a vault/smart wallet for ERC20 tokens to …
Hello Bounti-ers, Here is an easy finding which I want to share... After I recon with my custom bash, as normal, scan first and manual at the same time. While waiting for the scanning to end, I actively seek all test case logic in my target…
Bismillah I don't remember exactly whose YouTube Video it was but someone mentioned that to learn Bug Bounty, Pentesting, and Red teaming, practice is key. The past two weeks have been constituted of …
Introduction In the world of cybersecurity, "big bounties" are a well-known concept. These bounties, which offer significant financial rewards for identifying and reporting security vulnerabilities in…
Note: For maintaining the program's privacy I won't disclose the program. So, a few months back I and Haseeb were hunting on a private program and the program is a services-based company that has paid services only. So the program had very …
Bismillah What an eventful day, the second day of Jr. Pentesting was all reading and a bit of practice. This first week I'm just learning, then next week I'll continue with my Portswigger practice, mi…
