Tag feed

#bug-bounty-hunter

20 posts71 followers

Explore Hashnode

Alternatives

Trending tags this week

Oosint78shemkar.hashnode.devApr 26 · 6 min read

One Extra JSON Key: How a Harmless Profile Endpoint Became an ATO Candidate

The harmless profile endpoint that taught me how real bugs work Early in my bug bounty journey, I found a bug that looked simple from the outside, but it changed the way I think about web security. At

0

MMaMad4Evermikagelabs.hashnode.devFeb 15 · 6 min read

Boost Your Burp Suite: Configuration $ Extensions

📚 Before Start (experienced hackers can skip this) Burp Suite is a powerful tool for web security testing, widely used by ethical hackers and penetration testers. It allows you to intercept, modify, and analyze HTTP/S traffic — think of it as Wiresh...

0

MMaMad4Evermikagelabs.hashnode.devDec 8, 2025 · 2 min read

🍪 HTTP Cookies

HTTP Cookies are small pieces of data created by a web server while a user is browsing a website and stored on the user’s device by their web browser. When a user visits a website, the browser automatically sends any cookies that belong to that site ...

0

TToxSectoxsec.hashnode.devNov 16, 2025 · 5 min read

OSCP Proving Grounds – Levram Walkthrough

ToxSec | Web Exploitation & Linux Privilege Escalation Practice 0x00 OSCP Proving Grounds - Levram Levram is lean and surgical. No filler, no rabbit holes. You go from lazy creds on a forgotten web panel, to an authenticated RCE, and finish with a s...

0

TToxSectoxsec.hashnode.devNov 6, 2025 · 7 min read

Privacy as a Bounty Vector: GDPR for Higher-Severity Reports

TL;DR: The bug bounty game is expanding. Massive payouts are now coming from privacy flaws due to huge GDPR/CCPA fines. This guide shows you how to find common data exposure bugs, report them based on legal and business risk, and cash in on the new f...

0

TToxSectoxsec.hashnode.devNov 6, 2025 · 7 min read

A Bug Hunter's Guide to Cloud Misconfigurations

The Cloud as a Bounty Landscape This guide is built around the three pillars of cloud exploitation: Identity and Access Management (IAM), serverless functions, and public storage. Mastering these lets you pivot from simple web bugs into the underlyin...

0

MMaMad4Evermikagelabs.hashnode.devOct 28, 2025 · 3 min read

Mastering Google Dork

Stop Using Pre-Made Google Dorks – Think Like a Real Bug Hunter Google Dorking is a powerful technique. When used properly, it can turn a basic search engine into a full-fledged reconnaissance tool. But if you’re just copying dork lists from GitHub o...

0

MMaMad4Evermikagelabs.hashnode.devOct 20, 2025 · 2 min read

"Critical" Really Is Critical – But Not Always Complicated

When we hear the term "Critical vulnerability", many of us immediately think of some complex exploit chain, advanced bypass techniques, or deep knowledge of system internals. And yes — some critical issues are technical marvels. But here’s the questi...

0

TToxSectoxsec.hashnode.devOct 6, 2025 · 9 min read

Bug Bounty Hunting for GenAI

0x00 Why GenAI Matters for Bug Bounty Generative AI is showing up in products faster than security teams can adjust, and bug bounty hunters are already finding vulnerabilities. Banking apps deploy “assistants,” support desks roll out chatbots, and Sa...

0

AOamin Oujihunteramine.hashnode.devSep 14, 2025 · 3 min read

How I Found a Race Condition Vulnerability on a Major Social Media Platform

Introduction Hey everyone! In this blog post, I’ll walk you through a recent security vulnerability I discovered during my bug bounty journey. I found a race condition in the unfollow mechanism of a major social media platform (let’s call it “example...

0

#bug-bounty-hunter

Search Hashnode

#bug-bounty-hunter

Explore Hashnode

Trending tags this week

One Extra JSON Key: How a Harmless Profile Endpoint Became an ATO Candidate

Boost Your Burp Suite: Configuration $ Extensions

🍪 HTTP Cookies

OSCP Proving Grounds – Levram Walkthrough

Privacy as a Bounty Vector: GDPR for Higher-Severity Reports

A Bug Hunter's Guide to Cloud Misconfigurations

Mastering Google Dork

"Critical" Really Is Critical – But Not Always Complicated

Bug Bounty Hunting for GenAI

How I Found a Race Condition Vulnerability on a Major Social Media Platform