✍️Write-Ups
Hunting MethodologyAPI BAC leads to PII Data DisclosureMisconfigured OATUH leads to Pre-Account TakeoverAutomating Bug Bounty with GitHub ActionsFrom Recon to Reward: My Bug Bounty Methodology when Hunting on Public Bug Bounty ProgramsExploring Subdomains: From Enumeration to Takeover Victory0-Click Account Takeover via Insecure Password Reset FeatureHow a Simple Click Can Lead to Account Takeover: An OAuth Insecure Implementation VulnerabilityThe Power Of IDOR even if it is unpredictable IDsUnlocking the Weak Spot: Exploiting Insecure Password Reset TokensAI Under Siege: Discovering and Exploiting VulnerabilitiesInside the Classroom: How We Hacked Our Way Past Authorization on a Leading EdTech PlatformHow We Secured Our Client’s Platform Against Interaction-Free Account TheftsUnchecked Privileges: The Hidden Risk of Role Escalation in Collaborative PlatformsDecoding Server Behavior: The Key to Mass Account TakeoverExploiting JSON-Based CSRF: The Hidden Threat in Profile ManagementHow We Turned a Medium XSS into a High Bounty by Bypassing HttpOnly CookieHow Monitoring Target Updates Helped Me Earn Bounties in Bug BountySemi-Automating My Android Bug Hunting Flow with apkXUsing N8N To Orchestrate Web and Mobile Bug HuntingHacking Android Labs
Last updated
Was this helpful?