Tag feed

#bugbounty

313 posts307 followers

00xryzn1ghtm4r3.hashnode.dev

IDOR Fallout: Leaking 2 Million Sensitive Files with a Simple Trick

When you see a public bug bounty program that has been running for over a decade, the assumption is usually that it's been picked completely clean. Every obvious endpoint has been hammered, and every

1d ago8 min read

MRMohammad Reza Mirzadzareblog.mirzadzare.net

IP Spoofing to Account Takeover: You Patched It? Really?

Abstract In my previous article, I described how I found a security flaw in a popular desktop app's OAuth flow that allowed me to steal any user's account with just one click. I reported it, saw it pa

2d ago7 min read

00xryzn1ghtm4r3.hashnode.dev

Bug Bounty Cartel Stories - 1 Year Later

“Can a man still be brave if he’s afraid?” “That is the only time a man can be brave.” — George R.R. Martin, A Game of Thrones. - This article was originally published on December 28, 2025, on my GitHub page. I’m republishing it here as part of the ...

4d ago13 min read

ADAbraham Dominic Newtonabrahamdominic.hashnode.dev

Is It Too Late to Start a Career as a Smart Contract Security Researcher?

If you’re a beginner looking at smart contract auditing and wondering whether the opportunity has already passed, this article is for you. I’ll break down the current state of the industry, what beginners get wrong, and how you can realistically ente...

4d ago4 min read

EEibeibx303.xyz

Building a custom JS monitoring tool with no coding knowledge using AI

Background I had a very interesting JavaScript-heavy target I was working on, which was built using a microservice architecture. The main domain contains a lot of sub-apps, so doing subdomain enumeration did not result in any significant success othe...

5d ago7 min read

MMaMad4Evermikagelabs.hashnode.dev

Boost Your Burp Suite: Configuration $ Extensions

📚 Before Start (experienced hackers can skip this) Burp Suite is a powerful tool for web security testing, widely used by ethical hackers and penetration testers. It allows you to intercept, modify, and analyze HTTP/S traffic — think of it as Wiresh...

Feb 156 min read

BBijanbsecops.hashnode.dev

Logical bugs leading to DOS

Usually in bug bouny programs or pentest, the DOS is out of scope but, let me explain. When a program puts DOS out of scope it usually means the pentester/hacker should avoid attempting for denial of service. This is what out of scope means, to stop ...

Feb 141 min read

EEibeibx303.xyz

Full Read SSRF in a PDF generation feature to read data from Internal domains

The Bug The bug is a server-side request forgery vulnerability in a PDF generation feature that enabled me to read data from internal domains that are not publicly reachable The Journey I’ve been working on this application for three months now, and ...

Feb 76 min read

ASAmirmohammad Safariblog.voorivex.team

Shaking the MCP Tree: A Security Deep Dive

AI is moving fast. Companies are racing to connect their services to AI assistants, shipping integrations as quickly as possible to stay ahead. But when speed is the priority, security often gets left behind. In this post, I'll show you what happens ...

Feb 314 min read

RARofi Arasyibountyproofs.com

[Bug Bounty] Race Condition: Redeeming Single-Use Coupon Multiple Times

Pada kesempatan kali ini saya akan membahas kerentanan yang seringkali terlewat oleh mata telanjang tapi punya impact yang sangat fatal, yaitu Race Condition. Kerentanan ini saya temukan pada fitur Redeem Voucher di sebuah platform E-Commerce (mari k...

Feb 34 min read

Search Hashnode