Apr 1 · 7 min read · A Mobile APK Vulnerability Chain in a private program: Client: redacted Method: Static analysis Severity: High to critical Findings: 5 Executive Summary: This write-up details a multi-stage vulnerabil
Join discussionMar 6 · 11 min read · Originally published at chudi.dev My first automated bug bounty scan found 47 "critical" vulnerabilities. I submitted 12 reports. Every single one was a false positive. The program I targeted now knows my name. Not in a good way. That specific embar...
Join discussion
Mar 3 · 5 min read · Sometimes, the best lessons in web development and security come from staring at a seemingly bulletproof application until its underlying mechanics finally crack. We had been deep in the trenches with
Join discussion
Feb 15 · 6 min read · 📚 Before Start (experienced hackers can skip this) Burp Suite is a powerful tool for web security testing, widely used by ethical hackers and penetration testers. It allows you to intercept, modify, and analyze HTTP/S traffic — think of it as Wiresh...
Join discussion
Jan 14 · 4 min read · Intro Hi my name is Nadir Feroz a 22-year-old Bug Bounty Hunter focused on web application security. I have been testing and reporting security vulnerabilities for almost 2 years. This is my weblog where I am going to share some of my finding in here...
Join discussion
Dec 28, 2025 · 9 min read · Originally published at chudi.dev I could have built BugBountyBot to submit findings automatically. The technical barrier isn't high—an API call to HackerOne after validation passes. I didn't build it that way. Here's why. Why Is Full Automation Tem...
Join discussion
