This is a post about how I found a simple yet really critical vulnerability in a bug bounty program. It was the most critical bug I have…

There are lots of guides on how to start into Bug Bounty Hunting but I will share my personal experience of getting into bug bounty…

If you are familiar with what IDOR is, you will know that it can be anywhere from url, request body, GET or POST requests and yes, in…

This story will be in several parts. In each of the situations, I had to face unexpected results. By and large, these are stories that have…

Below you will learn in detail about the discovered vulnerability that allowed me to get about 15000$ in bounty with all secrets from the…

Bug hunting is not always about looking for classic vulnerabilities (XSS, SQLi, SSRF, RCE, etc). Sometimes it is a search for a new problem…

A couple of months ago, an interesting story happened to me. I caught a Path Traversal issue with no chance to reproduce it again.

At the beginning of March,while researching one site I discovered the new functionality. The functionality allowed the user to login via…

One morning, I was asked to participate in a private bug bounty program. In general, my experience in security is based on such private…

Infiltrating Corporate Intranet like Banks, Governments, Airports became possible with vulnerable SSL VPN clients.

Once upon a time, a friend of mine asked me a question — "Do you know any fresh RCE for the Jenkins environment ?". I was informed already…

It was a long time from my last article. It was so many interesting results in my work. Seems that it's right time to share my knowledge…

That story happened when I saw that disclosed report.

We at DefCore Security intend to provide great visibility to clients while working on the pentest engagement. We give our clients the…

One of the benefits of being a developer is that you can guess how stuff is working at the server end. You can try to debug how the…

Hey everyone, hope you all are having a great 2019 so far.

Hey Everyone, this is my first story on Medium(one of my friend told me how easy and productive Medium is). If you want to read my…

According to a new report published by Allied Market Research, titled, “Cloud Access Security Broker Market,” The Cloud Access Security…

SAST dan DAST adalah metodologi pengujian keamanan aplikasi yang digunakan untuk menemukan kerentanan keamanan yang dapat membuat… read…

Hey there.