PinnedHackerone got hacked! How can I steal your POC? 🥷🏻Story of my experience how to get critical bugs directly upstream (Hackerone) as a bug bounty platform.Apr 29, 2024A response icon5Apr 29, 2024A response icon5
Reducing the manual process of looking for XSS with dursgo/dalfox/nuclei.Let’s look at how the traditional (manual) method and the automated approach work for identifying vulnerabilities.Sep 11Sep 11
Reflected XSS bypass WAF & Page notfoundIt was hard for me to finally bypass this.Dec 22, 2024A response icon5Dec 22, 2024A response icon5
From exam to hackingThe story begins with an error message that inspires me to do some hacking (SQL-I, RCE, Source Code Exposed, Privilege escalation).Oct 6, 2023Oct 6, 2023
One-click Account Takeover & IDOR leaks all user informationThe story of how I took over someone's account by resetting their password.Sep 18, 2023Sep 18, 2023
Subdomain takeover via teamwork.comExploiting Subdomain Takeover Vulnerabilities via teamwork.comSep 16, 2023Sep 16, 2023
Introduction & How to use vulnshot.com 🪲If you need to manage the Nuclei CLI output which was previously only limited to chat lines on Telegram, Discord, and others, with VulnShot…Sep 12, 2023Sep 12, 2023
Subdomain takeover via Frill.coExploiting subdomain takeover via Frill (A Customer feedback, Roadmap and Announcements tool).Sep 9, 2023Sep 9, 2023
Again? Subdomain takeover via ideanote.ioExploiting subdomain takeover Ideanote, Ideanote is a new way to work with ideas. It’s faster, more efficient, and lets you build a fully…Sep 6, 2023A response icon1Sep 6, 2023A response icon1
Subdomain takeover via nolt.ioExploit subdomain takeover via Nolt. Nolt is a beautiful, collaborative place for all your user requests — no more outdated spreadsheets…Sep 5, 2023Sep 5, 2023
