Skip to content
  • Home
  • OWASP Top 10
  • Bug bounty hunting
  • About
  • Contact
  • How to support

Category: bug bounty

best ethical hacking books for bug bounty hunters

The best hacking books for ethical hackers

December 29, 2021 by thehackerish

Hello Ethical Hackers! Today I share with you the best hacking books I enjoyed reading since the beginning of my career in Information Security! I will constantly update the list as I read more, but you already have enough hacking books to get you started in the information security industry. It also contains some advanced …

Continue Reading
JavaScript Enumeration for bug bounty hunters

JavaScript Enumeration for bug bounty hunters

April 22, 2021 by thehackerish

JavaScript Enumeration is a critical skill to have if you want to level up your penetration testing or bug bounty hunting game. Yet, not everyone does it, partly because it is a boring exercise or it consumes most of your time, not to mention how intimidated you might feel reading someone else’s code. Today, we …

Continue Reading
Bug bounty hunting: The Ultimate Guide

Bug bounty hunting: The Ultimate Guide

April 22, 2021 by thehackerish

In this exhaustive guide, you will find all you need to know about bug bounty hunting based on my experience as a bug bounty hunter and a triage analyst who handled tens of thousands of bug bounty reports. We will explore the bug bounty history and its ecosystem, understand what to expect, Imagine a world …

Continue Reading
Jira vulnerabilities and how they are exploited in the wild

Jira vulnerabilities and how they are exploited in the wild

April 22, 2021 by thehackerish

I’ve been asked a lot about Jira vulnerabilities. In this article, I compiled the publicly available Jira exploits I could find to help you when you are doing bug bounty hunting or penetration testing. However, I should mention that you need to have some basic understanding of how web applications work and how to exploit …

Continue Reading
Account takeover: From zero to System Admin

Account takeover: From zero to System Admin

April 22, 2021 by thehackerish

Hello ethical hackers! Today I share with you an account takeover I achieved during a recent penetration testing of a web application. For those who don’t know know what an account takeover is, there is a dedicated section for that. From there, I will explain how I enumerated all the endpoints. Then, I will walk …

Continue Reading

Best hacking websites for ethical hackers

April 22, 2021 by thehackerish

I often get asked from many of my friends and colleagues about where should I start to learn to hack. My answer always includes a handful of hacking websites which I found very useful during my journey in this awesome industry. Today I will share with you the best hacking websites you should definitely use. …

Continue Reading

Bug bounty write-up: From SSRF to $4000

April 22, 2021 by thehackerish

Hello ethical hackers and bug bounty hunters! Welcome to this bug bounty write-up where I show you how I found a Server-Side Request Forgery vulnerability (SSRF). Then, I will explain how I was able to escalate it to obtain a Remote Code Execution (RCE). Finally, you will see how it is possible to gain a …

Continue Reading

Top 10 Burp Suite extensions to use in bug bounty hunting

April 22, 2021 by thehackerish

Hello ethical hackers and bug bounty hunters. Today, you will learn the top 10 Burp Suite extensions I found myself using over and over again. They assist me in different areas, such as pretty-printing data, actively testing for specific vulnerability classes, parsing API definitions and brute-forcing. Wsdler is your burp extension for SOAP During your …

Continue Reading
ctf writeup walkthrough

Capture the flag writeup for the H1-2006 challenge

April 22, 2021 by thehackerish

Introduction Hello ethical hackers! Today I will share with you my capture the flag writeup for H1-2006. It details my process of solving this awesome challenge organized by HackerOne.  One of the objectives I have this year is to get invited into a live hacking event. In an attempt to achieve this, I accepted the …

Continue Reading
bug bounty tools

Bug bounty tools from enumeration to reporting

April 22, 2021 by thehackerish

Hello ethical hacker and welcome to the world of hacking and bug bounty hunting. Today, you will learn the bug bounty tools I use when I hunt for vulnerabilities, from reconnaissance, to subdomain enumeration, to finding your first security vulnerabilities. Every craftsman has its toolbox and a bounty hunter is no different. However, it’s easy …

Continue Reading

Posts navigation

  • 1
  • 2
  • Next

Get you Free hacking lab VM.

free-hacking-lab-vm
Click on the image and get all you need to kickstart your journey in Web Hacking!

Overcome your struggles and become a successful bug bounty hunter!

Bug bounty hunting journey book
Click on the image and grab your own copy NOW!

Listen to the Hack for Fun and Profit Podcast

Support my work!

Categories

  • burp suite
  • Hacking
    • bug bounty
    • Penetration testing
    • red team
  • OWASP
    • OWASP juice shop
    • OWASP Top 10
      • OWASP Top 10 training
      • OWASP Top 10 vulnerabilities
    • OWASP WebGoat
    • OWASP ZAP
  • Secure coding
  • Uncategorized

Overcome your struggles and become a successful bug bounty hunter!

Get you Free hacking lab VM

free-hacking-lab-vm
free-hacking-lab-vm
© 2023 thehackerish | Built using WordPress and SuperbThemes