PinnedKreSecHackerone got hacked! How can I steal your POC? 🥷🏻Story of my experience how to get critical bugs directly upstream (Hackerone) as a bug bounty platform.Apr 295Apr 295
KreSecFrom exam to hackingThe story begins with an error message that inspires me to do some hacking (SQL-I, RCE, Source Code Exposed, Privilege escalation).Oct 6, 2023Oct 6, 2023
KreSecOne-click Account Takeover & IDOR leaks all user informationThe story of how I took over someone's account by resetting their password.Sep 18, 2023Sep 18, 2023
KreSecSubdomain takeover via teamwork.comExploiting Subdomain Takeover Vulnerabilities via teamwork.comSep 16, 2023Sep 16, 2023
KreSecIntroduction & How to use vulnshot.com 🪲If you need to manage the Nuclei CLI output which was previously only limited to chat lines on Telegram, Discord, and others, with VulnShot…Sep 12, 2023Sep 12, 2023
KreSecSubdomain takeover via Frill.coExploiting subdomain takeover via Frill (A Customer feedback, Roadmap and Announcements tool).Sep 9, 2023Sep 9, 2023
KreSecAgain? Subdomain takeover via ideanote.ioExploiting subdomain takeover Ideanote, Ideanote is a new way to work with ideas. It’s faster, more efficient, and lets you build a fully…Sep 6, 20231Sep 6, 20231
KreSecSubdomain takeover via nolt.ioExploit subdomain takeover via Nolt. Nolt is a beautiful, collaborative place for all your user requests — no more outdated spreadsheets…Sep 5, 2023Sep 5, 2023
KreSec$100 under 1 hour: Subdomain takeover via firstpromoter.comExploiting subdomain takeover via firstpromoter, is Affiliate and referral tracking for SaaS.Aug 31, 2023Aug 31, 2023
KreSecStill exists! Subdomain takeover via surge.shYes it Still exists, although I just found a reference even though it has been around since 2018. but until now when I tried it it was…Aug 30, 20231Aug 30, 20231