Introduction Hello ethical hackers! Today I will share with you my capture the flag writeup for H1-2006. It details my process of solving this awesome challenge organized by HackerOne. One of the objectives I have this year is to get invited into a live hacking event. In an attempt to achieve this, I accepted the …
Hello ethical hacker and welcome to the world of hacking and bug bounty hunting. Today, you will learn the bug bounty tools I use when I hunt for vulnerabilities, from reconnaissance, to subdomain enumeration, to finding your first security vulnerabilities. Every craftsman has its toolbox and a bounty hunter is no different. However, it’s easy …
Hello ethical hackers and bug bounty hunters! I’ve recently conducted a successful penetration testing against a web application built using Google Web Toolkit, and I want to share with you the process I followed and the bugs I found. Hopefully, this episode will inspire you to try harder during your own bug bounty hunting and …
Hello dear ethical hackers and welcome to this new article about bug bounty hunting. If you’ve been following along from the beginning, you have hopefully found at least one bug by now. If it’s the case, then congratulations! Now it’s time to report that bug right? Well, I have been working as a triage Analyst …
Last time, I showed you the best resources I use to stay up to date in bug bounty hunting. Today, I will share with you my bug bounty methodology when I approach a target for the first time. This is going to be divided into several sections. First, I will show how I choose a …
In this episode, we will explore the best bug bounty resources and how you can properly use them to efficiently stay up to date. Some are robust resources provided by the bug bounty platforms and the community. Others are general websites which you can customize to fit your bug bounty needs.
Last time, we gained a bird’s eye view of the landscape of bug bounties. We concluded that they have many benefits, but can also lead to bug bounty burnout. Today, we explore what causes burnout and suggest ways to heal from it and preserve your mental health while still doing what you’re passionate about: Hacking!As …
If you are here, chances are that you want to learn web application security or the OWASP Top 10, but you don’t know where to start. Well, let me tell you that you came to the right place. I’m a penetration tester who enjoys breaking into my clients’ infrastructure and web applications. Besides, I train …
Hello ethical hackers and welcome to this new episode of the OWASP Top 10 vulnerabilities series. In this blog post, you will learn Insecure Deserialization vulnerability. The plan is as follows: Insecure deserialization definition: This where you will learn the key terminologies and concepts behind this vulnerability, Examples of insecure deserialization in different programming languages: …
Hello dear readers and welcome to this new OWASP Top 10 vulnerabilities episode. Today’s article is about Security misconfiguration. You will learn one of the most impactful vulnerabilities which some bug bounty hunters specialize in. Yet, many security testers overlook it. We will explore the following points: Define Security misconfiguration: First, we need to start …