search
githubEdit

✍️Write-Ups

Hunting Methodologychevron-rightAPI BAC leads to PII Data Disclosurechevron-rightMisconfigured OATUH leads to Pre-Account Takeoverchevron-rightAutomating Bug Bounty with GitHub Actionschevron-rightFrom Recon to Reward: My Bug Bounty Methodology when Hunting on Public Bug Bounty Programschevron-rightExploring Subdomains: From Enumeration to Takeover Victorychevron-right0-Click Account Takeover via Insecure Password Reset Featurechevron-rightHow a Simple Click Can Lead to Account Takeover: An OAuth Insecure Implementation Vulnerabilitychevron-rightThe Power Of IDOR even if it is unpredictable IDschevron-rightUnlocking the Weak Spot: Exploiting Insecure Password Reset Tokenschevron-rightAI Under Siege: Discovering and Exploiting Vulnerabilitieschevron-rightInside the Classroom: How We Hacked Our Way Past Authorization on a Leading EdTech Platformchevron-rightHow We Secured Our Client’s Platform Against Interaction-Free Account Theftschevron-rightUnchecked Privileges: The Hidden Risk of Role Escalation in Collaborative Platformschevron-rightDecoding Server Behavior: The Key to Mass Account Takeoverchevron-rightExploiting JSON-Based CSRF: The Hidden Threat in Profile Managementchevron-rightHow We Turned a Medium XSS into a High Bounty by Bypassing HttpOnly Cookiechevron-rightHow Monitoring Target Updates Helped Me Earn Bounties in Bug Bountychevron-rightSemi-Automating My Android Bug Hunting Flow with apkXchevron-rightUsing N8N To Orchestrate Web and Mobile Bug Huntingchevron-rightHacking Android Labschevron-right
PreviousBurp SuiteNextHunting Methodology

Last updated