All the information mentioned in this article are of my personal and aren’t the opinions of my past or present employer.

Hello, Guys, I m back with a new Story on bug bounty, I found this bug last year on AT&T bug bounty program (Now its H1 Program), thought…

So one day I was doing some work with my friend and visited PayPal to get a Pay with PayPal button. I logged in to PayPal and moved to…

Parameter Tampering: Special Characters

WebSocket protocol is many times more efficient than HTTP. In recent years we can observe that developers tend to implement functionality in the form of WebSocket APIs instead of traditional REST APIs, that use HTTP. Modern technologies and frameworks simplify…

Technical overview of different way to spawn a reverse shell on a victim machine

Estimated Reading Time: 6 minutes Summary about rConfig rConfig is an open source network device configuration management utility for network engineers to take frequent configuration snapshots of their network devices. About the exploit I was able two detect…

What is a reverse proxy, how is it used by CDNs and how does it differ from a forward proxy?

My write-up / walkthrough for Safe from Hack The Box.

How directory indexing and file path traversal led to confidential customer data in plain sight!

WinRAR 5.80 (x64) - Denial of Service.. dos exploit for Windows_x86-64 platform

Getting from a self-XSS vulnerability to a valid DOM XSS with the help of clickjacking on Google.org's Crisis Map.

Have you ever found an XSS only to find out there’s an active CSP that blocks execution of any scripts?If you want it to work on all browsers, not just IE (which doesn’t support CSP), there’s still a chance to bypass it! Use Google’s CSP Evaluator to find…

Contribute to google/csp-evaluator development by creating an account on GitHub.

Contribute to google/csp-evaluator development by creating an account on GitHub.

A write-up about how it was possible to execute a blind XSS on behalf of a Google Employee and get access to Google's invoices.

From CSRF to user information leak, XSS and full account takeover.

  By @jstnkndy   While looking for bugs in a target recently I came across a host that was running Expression Engine, a content management platform. This specific application caught my ey…