✍️Write-Ups
Hunting MethodologyAPI BAC leads to PII Data DisclosureMisconfigured OATUH leads to Pre-Account TakeoverAutomating Bug Bounty with GitHub ActionsFrom Recon to Reward: My Bug Bounty Methodology when Hunting on Public Bug Bounty ProgramsExploring Subdomains: From Enumeration to Takeover Victory0-Click Account Takeover via Insecure Password Reset FeatureHow a Simple Click Can Lead to Account Takeover: An OAuth Insecure Implementation VulnerabilityThe Power Of IDOR even if it is unpredictable IDsUnlocking the Weak Spot: Exploiting Insecure Password Reset TokensAI Under Siege: Discovering and Exploiting VulnerabilitiesInside the Classroom: How We Hacked Our Way Past Authorization on a Leading EdTech PlatformHow We Secured Our Client’s Platform Against Interaction-Free Account TheftsUnchecked Privileges: The Hidden Risk of Role Escalation in Collaborative PlatformsDecoding Server Behavior: The Key to Mass Account TakeoverExploiting JSON-Based CSRF: The Hidden Threat in Profile ManagementXSS from Medium to High
Last updated