PinnedKreSecHackerone got hacked! How can I steal your POC? 🥷🏻Story of my experience how to get critical bugs directly upstream (Hackerone) as a bug bounty platform.4 min read·Apr 29, 2024--6--6
KreSecFrom exam to hackingThe story begins with an error message that inspires me to do some hacking (SQL-I, RCE, Source Code Exposed, Privilege escalation).4 min read·Oct 6, 2023----
KreSecOne-click Account Takeover & IDOR leaks all user informationThe story of how I took over someone's account by resetting their password.4 min read·Sep 18, 2023----
KreSecSubdomain takeover via teamwork.comExploiting Subdomain Takeover Vulnerabilities via teamwork.com2 min read·Sep 16, 2023----
KreSecIntroduction & How to use vulnshot.com 🪲If you need to manage the Nuclei CLI output which was previously only limited to chat lines on Telegram, Discord, and others, with VulnShot…3 min read·Sep 12, 2023----
KreSecSubdomain takeover via Frill.coExploiting subdomain takeover via Frill (A Customer feedback, Roadmap and Announcements tool).2 min read·Sep 9, 2023----
KreSecAgain? Subdomain takeover via ideanote.ioExploiting subdomain takeover Ideanote, Ideanote is a new way to work with ideas. It’s faster, more efficient, and lets you build a fully…3 min read·Sep 6, 2023--1--1
KreSecSubdomain takeover via nolt.ioExploit subdomain takeover via Nolt. Nolt is a beautiful, collaborative place for all your user requests — no more outdated spreadsheets…2 min read·Sep 5, 2023----
KreSec$100 under 1 hour: Subdomain takeover via firstpromoter.comExploiting subdomain takeover via firstpromoter, is Affiliate and referral tracking for SaaS.3 min read·Aug 31, 2023----
KreSecStill exists! Subdomain takeover via surge.shYes it Still exists, although I just found a reference even though it has been around since 2018. but until now when I tried it it was…3 min read·Aug 30, 2023--1--1