A collection of stories about how bug bounty hunters find the security vulnerabilities in different application. - Medium
1k followers 25 articles/week
IOS Penetration Testing: Guide to Static Testing

During an iOS application penetration test, a penetration tester utilizes a range of techniques, tools, and methodologies to evaluate the application’s security posture. One such method is static analysis. Static analysis tools assist in identifying security vulnerabilities in the application’s source code or binary without executing it. This process...

Sun Oct 6, 2024 21:42
IDOR Leads To Account Takeover

IDOR, one of the most common vulnerabilities in applications, can lead to major security leaks. Today, I’ll walk you through how I discovered an IDOR flaw that allowed access to other users’ accounts in the vulnerable application.What is IDOR?Insecure Direct Object Reference (IDOR) is a security vulnerability that arises when the application exposes...

Sun Oct 6, 2024 21:42
THM Smag Grotto: Learn Web Security, Privilege Escalation (Walkthrough)

Once the IP is known, conduct a thorough nmap scan to discover open ports and services, providing valuable insights for further exploration and potential vulnerabilities.nmap -sC -sV $ip Based on the nmap scan results, only two services appear to be running on the server: SSH on port 22 and a web server on port 80.To further explore the web server running...

Sun Oct 6, 2024 21:42
I Studied 100+ SSRF Reports, and Here’s What I Learned

After diving into over 100 write-ups and reports on Server-Side Request Forgery (SSRF), I’ve compiled the key insights and knowledge I’ve gained into this blog. Here, I aim to share a comprehensive overview of SSRF vulnerabilityServer-Side Request Forgery (SSRF)Server-Side Request Forgery (SSRF) is a vulnerability that allows an attacker to send crafted...

Sun Oct 6, 2024 20:12
High-Risk Vulnerabilities in Apache HTTP Server’s mod_proxy Encoding Problem Allow Authentication…

Bounty -CVE-2024–38473Continue reading on InfoSec Write-ups »

Sun Oct 6, 2024 20:12
Why I Quit Bug Bounty Hunting :(

It was purely my experience , i respect other bug bounty hunters :)Continue reading on InfoSec Write-ups »

Sun Oct 6, 2024 20:11

Build your own newsfeed

Ready to give it a go?
Start a 14-day trial, no credit card required.

Create account